diff --git a/Dockerfile.prod b/Dockerfile.prod index 6835485..c7b1f73 100644 --- a/Dockerfile.prod +++ b/Dockerfile.prod @@ -1,48 +1,37 @@ FROM php:8.2-cli +# Buat non-root user +ARG USER=appuser +ARG UID=1000 +RUN useradd -u $UID -m $USER + +# Install dependencies & PostgreSQL driver +RUN apt-get update && apt-get install -y \ + libpq-dev \ + postgresql-client \ + unzip \ + git \ + libzip-dev \ + libicu-dev \ + && docker-php-ext-install pdo pdo_pgsql pgsql zip intl \ + && rm -rf /var/lib/apt/lists/* + +# Install Composer +COPY --from=composer:2 /usr/bin/composer /usr/bin/composer + WORKDIR /var/www -# Install build dependencies & PHP extensions -RUN apk add --no-cache \ - bash \ - git \ - unzip \ - libpng-dev \ - libjpeg-turbo-dev \ - freetype-dev \ - libzip-dev \ - icu-dev \ - zlib-dev \ - postgresql-dev \ - curl \ - oniguruma-dev \ - autoconf \ - gcc \ - g++ \ - make \ - pkgconfig \ - && docker-php-ext-configure gd --with-freetype --with-jpeg \ - && docker-php-ext-install pdo pdo_pgsql mbstring zip intl bcmath gd \ - && rm -rf /var/cache/apk/* +# Copy source code +COPY . . -# Install Composer -RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer +# Change owner to non-root user +RUN chown -R $USER:$USER /var/www -# Copy project -COPY . /var/www +# Switch to non-root user +USER $USER -# Set permissions -RUN mkdir -p storage bootstrap/cache \ - && chown -R www-data:www-data storage bootstrap/cache - -# Install Laravel dependencies & optimasi -RUN composer install --no-dev --optimize-autoloader - -# Cache Laravel -RUN php artisan config:cache \ - && php artisan route:cache \ - && php artisan view:cache +# Install Laravel dependencies +RUN composer install --no-dev --optimize-autoloader --prefer-dist EXPOSE 8000 - -CMD ["php", "artisan", "serve", "--host=0.0.0.0", "--port=8000"] \ No newline at end of file +CMD ["php", "artisan", "serve", "--host=0.0.0.0", "--port=8000"] diff --git a/config/database.php b/config/database.php index 8910562..c13d6bd 100644 --- a/config/database.php +++ b/config/database.php @@ -89,7 +89,7 @@ return [ 'port' => env('DB_PORT', '5432'), 'database' => env('DB_DATABASE', 'laravel'), 'username' => env('DB_USERNAME', 'root'), - 'password' => env('DB_PASSWORD', ''), + 'password' => env('DB_PASSWORD_FILE', ''), 'charset' => env('DB_CHARSET', 'utf8'), 'prefix' => '', 'prefix_indexes' => true, diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index f6bf6d5..ee09c3a 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -1,60 +1,96 @@ +version: "3.9" + +secrets: + db_password: + file: ./secrets/db_password.txt + +volumes: + db-data: + +networks: + sijago_net: + driver: overlay + monitoring_net: + external: true # pastikan monitoring stack network sudah dibuat sebelumnya services: - app: - build: - context: . - dockerfile: Dockerfile.prod - container_name: sijago_app - working_dir: /var/www - volumes: - - .:/var/www - ports: - - "8000:8000" - depends_on: - db: - condition: service_healthy - redis: - condition: service_healthy - environment: - APP_ENV: production - APP_DEBUG: false - APP_KEY: base64:8LpKi2PtQ4nhCQr+u495ZRvfno7PjNrVnh0kyuoLTeE= - DB_CONNECTION: pgsql - DB_HOST: db - DB_PORT: 5432 - DB_DATABASE: sijago - DB_USERNAME: sijago_user - DB_PASSWORD: secret - CACHE_DRIVER: redis - REDIS_HOST: redis - db: image: postgres:13 - container_name: sijago_db - restart: unless-stopped environment: POSTGRES_DB: sijago POSTGRES_USER: sijago_user - POSTGRES_PASSWORD: secret + POSTGRES_PASSWORD_FILE: /run/secrets/db_password volumes: - - db-data-prod:/var/lib/postgresql/data + - db-data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U sijago_user"] interval: 5s timeout: 5s - retries: 5 + retries: 10 + secrets: + - db_password + networks: + - sijago_net + deploy: + restart_policy: + condition: on-failure + resources: + limits: + cpus: '0.5' + memory: 512M redis: image: redis:7-alpine - container_name: sijago_redis - restart: unless-stopped ports: - - "6379:6379" # beda port juga biar aman + - "6379:6379" healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 5s timeout: 5s retries: 5 + networks: + - sijago_net + deploy: + restart_policy: + condition: on-failure + resources: + limits: + cpus: '0.2' + memory: 256M -volumes: - db-data + app: + image: sijago_app:prod # build dulu: docker build -t sijago_app:prod -f Dockerfile.prod . + working_dir: /var/www + volumes: + - .:/var/www:cached + ports: + - "8000:8000" + environment: + APP_ENV: production + APP_DEBUG: "false" + DB_CONNECTION: pgsql + DB_HOST: db + DB_PORT: 5432 + DB_DATABASE: sijago + DB_USERNAME: sijago_user + DB_PASSWORD_FILE: /run/secrets/db_password + CACHE_DRIVER: redis + REDIS_HOST: redis + PROMETHEUS_URL: http://prometheus:9090 + CADVISOR_URL: http://cadvisor:8080 + GRAFANA_URL: http://grafana:3000 + secrets: + - db_password + networks: + - sijago_net + - monitoring_net + deploy: + restart_policy: + condition: on-failure + resources: + limits: + cpus: '1.0' + memory: 512M + reservations: + cpus: '0.5' + memory: 256M diff --git a/monitoring/docker-compose.monitoring.yml b/monitoring/docker-compose.monitoring.yml new file mode 100644 index 0000000..31fe8d3 --- /dev/null +++ b/monitoring/docker-compose.monitoring.yml @@ -0,0 +1,81 @@ +version: "3.9" + +networks: + monitoring_net: + external: true + +volumes: + grafana-data: + loki-data: + +services: + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + ports: + - "8080:8080" + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + networks: + - monitoring_net + deploy: + mode: global + privileged: true # biar cadvisor bisa akses semua metric container + + prometheus: + image: prom/prometheus:latest + ports: + - "9090:9090" + volumes: + - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro + networks: + - monitoring_net + deploy: + replicas: 1 + + grafana: + image: grafana/grafana:latest + ports: + - "3000:3000" + volumes: + - grafana-data:/var/lib/grafana + - ./grafana/provisioning:/etc/grafana/provisioning + environment: + - GF_SECURITY_ADMIN_USER=syifa + - GF_SECURITY_ADMIN_PASSWORD=secret123 + depends_on: + - prometheus + - loki + networks: + - monitoring_net + deploy: + replicas: 1 + + loki: + image: grafana/loki:2.8.2 + ports: + - "3100:3100" + volumes: + - ./loki-config.yml:/etc/loki/local-config.yml:ro + - loki-data:/loki + command: -config.file=/etc/loki/local-config.yml + networks: + - monitoring_net + deploy: + replicas: 1 + + promtail: + image: grafana/promtail:2.8.2 + volumes: + - /var/log:/var/log + - /var/lib/docker/containers:/var/lib/docker/containers:ro + - ./promtail-config.yml:/etc/promtail/config.yml:ro + command: -config.file=/etc/promtail/config.yml + depends_on: + - loki + networks: + - monitoring_net + deploy: + replicas: 1 diff --git a/monitoring/grafana/provisioning/dashboards/all.yml b/monitoring/grafana/provisioning/dashboards/all.yml new file mode 100644 index 0000000..95b3e43 --- /dev/null +++ b/monitoring/grafana/provisioning/dashboards/all.yml @@ -0,0 +1,9 @@ +apiVersion: 1 + +providers: + - name: 'Default' + orgId: 1 + folder: '' + type: file + options: + path: /etc/grafana/provisioning/dashboards \ No newline at end of file diff --git a/monitoring/grafana/provisioning/dashboards/cadvisor.json b/monitoring/grafana/provisioning/dashboards/cadvisor.json new file mode 100644 index 0000000..0c50a70 --- /dev/null +++ b/monitoring/grafana/provisioning/dashboards/cadvisor.json @@ -0,0 +1,30 @@ +{ + "id": null, + "title": "Docker Container Overview", + "tags": ["docker", "cadvisor"], + "timezone": "browser", + "panels": [ + { + "type": "graph", + "title": "Container CPU Usage", + "targets": [ + { + "expr": "rate(container_cpu_usage_seconds_total[1m])", + "legendFormat": "{{container_label_com_docker_swarm_task_name}}" + } + ] + }, + { + "type": "graph", + "title": "Container Memory Usage", + "targets": [ + { + "expr": "container_memory_usage_bytes", + "legendFormat": "{{container_label_com_docker_swarm_task_name}}" + } + ] + } + ], + "schemaVersion": 16, + "version": 1 +} diff --git a/monitoring/grafana/provisioning/datasources/all.yml b/monitoring/grafana/provisioning/datasources/all.yml new file mode 100644 index 0000000..e35e840 --- /dev/null +++ b/monitoring/grafana/provisioning/datasources/all.yml @@ -0,0 +1,13 @@ +apiVersion: 1 + +datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus:9090 + isDefault: true + + - name: Loki + type: loki + access: proxy + url: http://loki:3100 diff --git a/monitoring/loki-config.yml b/monitoring/loki-config.yml new file mode 100644 index 0000000..fc83420 --- /dev/null +++ b/monitoring/loki-config.yml @@ -0,0 +1,54 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + grpc_listen_port: 9096 + +ingester: + lifecycler: + address: 0.0.0.0 + ring: + kvstore: + store: inmemory + replication_factor: 1 + chunk_idle_period: 5m + max_chunk_age: 1h + chunk_target_size: 1048576 + chunk_retain_period: 30s + wal: + enabled: true + dir: /loki/wal + +schema_config: + configs: + - from: 2020-10-24 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + +storage_config: + boltdb_shipper: + active_index_directory: /loki/index + cache_location: /loki/cache + shared_store: filesystem + filesystem: + directory: /loki/chunks + +compactor: + working_directory: /loki/compactor + shared_store: filesystem + +limits_config: + ingestion_rate_mb: 8 + ingestion_burst_size_mb: 16 + max_concurrent_tail_requests: 20 + +chunk_store_config: + max_look_back_period: 0s + +table_manager: + retention_deletes_enabled: true + retention_period: 168h # 7 hari diff --git a/monitoring/prometheus.yml b/monitoring/prometheus.yml new file mode 100644 index 0000000..9bfa31b --- /dev/null +++ b/monitoring/prometheus.yml @@ -0,0 +1,25 @@ +global: + scrape_interval: 15s + +scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['prometheus:9090'] + + - job_name: 'sijago_app' + #metrics_path: /metrics + static_configs: + - targets: ['sijago_stack_app:8000'] + + # Scrape semua cadvisor (global mode di swarm) + - job_name: 'cadvisor' + dns_sd_configs: + - names: + - 'tasks.monitoring_stack_cadvisor' + type: A + port: 8080 + + # Scrape Loki (opsional, buat healthcheck) + - job_name: 'loki' + static_configs: + - targets: ['loki:3100'] diff --git a/monitoring/promtail-config.yml b/monitoring/promtail-config.yml new file mode 100644 index 0000000..60f8aa6 --- /dev/null +++ b/monitoring/promtail-config.yml @@ -0,0 +1,34 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://loki:3100/loki/api/v1/push + +scrape_configs: + # Ambil log khusus dari container "sijago_stack_app" + - job_name: sijago + docker_sd_configs: + - host: unix:///var/run/docker.sock + relabel_configs: + # Ambil hanya container dengan nama sijago_stack_app + - source_labels: [__meta_docker_container_name] + regex: /sijago_stack_app.* + action: keep + # Path log + - source_labels: [__meta_docker_container_log_stream] + target_label: stream + - source_labels: [__meta_docker_container_name] + target_label: container + + # Ambil semua log dari semua container Docker + - job_name: docker + static_configs: + - targets: + - localhost + labels: + job: docker + __path__: /var/lib/docker/containers/*/*-json.log diff --git a/nginx/default.conf b/nginx/default.conf new file mode 100644 index 0000000..4f4c0a5 --- /dev/null +++ b/nginx/default.conf @@ -0,0 +1,18 @@ +server { + listen 80; + server_name localhost; + root /var/www/public; + + index index.php index.html; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/secrets/db_password.txt b/secrets/db_password.txt new file mode 100644 index 0000000..536aca3 --- /dev/null +++ b/secrets/db_password.txt @@ -0,0 +1 @@ +secret \ No newline at end of file diff --git a/trivy_laravel_report.json b/trivy_laravel_report.json new file mode 100644 index 0000000..0a83221 --- /dev/null +++ b/trivy_laravel_report.json @@ -0,0 +1,32438 @@ +{ + "SchemaVersion": 2, + "CreatedAt": "2025-08-18T11:52:08.523309468+07:00", + "ArtifactName": "sijago_app:prod", + "ArtifactType": "container_image", + "Metadata": { + "Size": 798453248, + "OS": { + "Family": "debian", + "Name": "13.0" + }, + "ImageID": "sha256:df3a5801466546532bc54e3c03b96efd4018aef4f0c7ab900ecc847d29c08c54", + "DiffIDs": [ + "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465", + "sha256:91dea3da4aa0a39f25876d1f6c265c272e123dee867d89f6863500e26bb3db85", + "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e", + "sha256:86b4f42da02b783c777a79af7e4fe2b007141f9d34a9f70d520e0a787900fb2f", + "sha256:3112cbc10456d6bdbfdc2d3d496d224ba6bf34baf56069f651f4d633ad697539", + "sha256:2a8e3e1b7dbe288b80b736db6ae2855ef63f891225d0571a005c47e0a6709700", + "sha256:d9b12e852d19f74ae98c366beb4e9e45f7d6338bb9ded408028eecabd34c6206", + "sha256:2cd7d388743ce1807c6b9540a7c65b2bbeda3d8e733b130507fe7eba8b2da173", + "sha256:84fba32b63b34c0eea4ef7f59916ba866aaac576174efb292ee27c288aa8c473", + "sha256:280fb80b82adde39ddf94f30df8e7c00c06037de62315738d9b084ac8e28f339", + "sha256:e12c950bc72263698d904ed87df75cd3220d37131f2ed1fe4fadc4719fa19df2", + "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e", + "sha256:8fcace58191cba835533976c4c0280a8431a3b31616b00b98f6e1d15e13528f8", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:d7fdd35b6d2d512d3ddc817d2465aad5472ad4bd7a728340f9483900255d57ce", + "sha256:1e569736f1a3bf9316e272ec8041ece11610e0f0556e957e3080c20691b6f89b", + "sha256:76f2061ac544b49fe20384d63c8228fb0fb50770cece82674737fbe1e2860da7" + ], + "RepoTags": [ + "sijago_app:prod" + ], + "RepoDigests": [ + "sijago_app@sha256:df3a5801466546532bc54e3c03b96efd4018aef4f0c7ab900ecc847d29c08c54" + ], + "ImageConfig": { + "architecture": "amd64", + "created": "2025-08-18T02:48:46.832750231Z", + "history": [ + { + "created": "2025-08-08T00:02:22Z", + "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1754870400'", + "comment": "debuerreotype 0.15" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "RUN /bin/sh -c set -eux; \t{ \t\techo 'Package: php*'; \t\techo 'Pin: release *'; \t\techo 'Pin-Priority: -1'; \t} \u003e /etc/apt/preferences.d/no-debian-php # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHPIZE_DEPS=autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\t$PHPIZE_DEPS \t\tca-certificates \t\tcurl \t\txz-utils \t; \tapt-get dist-clean # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHP_INI_DIR=/usr/local/etc/php", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "RUN /bin/sh -c set -eux; \tmkdir -p \"$PHP_INI_DIR/conf.d\"; \t[ ! -d /var/www/html ]; \tmkdir -p /var/www/html; \tchown www-data:www-data /var/www/html; \tchmod 1777 /var/www/html # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHP_LDFLAGS=-Wl,-O1 -pie", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV GPG_KEYS=39B641343D8C104B2B146DC3F9C39DC0B9698544 E60913E4DF209907D8E30D96659A97C9CF2A795A 1198C0117593497A5EC5C199286AF1F9897469DC", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHP_VERSION=8.2.29", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHP_URL=https://www.php.net/distributions/php-8.2.29.tar.xz PHP_ASC_URL=https://www.php.net/distributions/php-8.2.29.tar.xz.asc", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENV PHP_SHA256=475f991afd2d5b901fb410be407d929bc00c46285d3f439a02c59e8b6fe3589c", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends gnupg; \tapt-get dist-clean; \t\tmkdir -p /usr/src; \tcd /usr/src; \t\tcurl -fsSL -o php.tar.xz \"$PHP_URL\"; \t\tif [ -n \"$PHP_SHA256\" ]; then \t\techo \"$PHP_SHA256 *php.tar.xz\" | sha256sum -c -; \tfi; \t\tcurl -fsSL -o php.tar.xz.asc \"$PHP_ASC_URL\"; \texport GNUPGHOME=\"$(mktemp -d)\"; \tfor key in $GPG_KEYS; do \t\tgpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\"; \tdone; \tgpg --batch --verify php.tar.xz.asc php.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\"; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark \u003e /dev/null; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "COPY docker-php-source /usr/local/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tlibargon2-dev \t\tlibcurl4-openssl-dev \t\tlibonig-dev \t\tlibreadline-dev \t\tlibsodium-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tlibxml2-dev \t\tzlib1g-dev \t; \t\texport \t\tCFLAGS=\"$PHP_CFLAGS\" \t\tCPPFLAGS=\"$PHP_CPPFLAGS\" \t\tLDFLAGS=\"$PHP_LDFLAGS\" \t\tPHP_BUILD_PROVIDER='https://github.com/docker-library/php' \t\tPHP_UNAME='Linux - Docker' \t; \tdocker-php-source extract; \tcd /usr/src/php; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \tdebMultiarch=\"$(dpkg-architecture --query DEB_BUILD_MULTIARCH)\"; \tif [ ! -d /usr/include/curl ]; then \t\tln -sT \"/usr/include/$debMultiarch/curl\" /usr/local/include/curl; \tfi; \t./configure \t\t--build=\"$gnuArch\" \t\t--with-config-file-path=\"$PHP_INI_DIR\" \t\t--with-config-file-scan-dir=\"$PHP_INI_DIR/conf.d\" \t\t\t\t--enable-option-checking=fatal \t\t\t\t--with-mhash \t\t\t\t--with-pic \t\t\t\t--enable-mbstring \t\t--enable-mysqlnd \t\t--with-password-argon2 \t\t--with-sodium=shared \t\t--with-pdo-sqlite=/usr \t\t--with-sqlite3=/usr \t\t\t\t--with-curl \t\t--with-iconv \t\t--with-openssl \t\t--with-readline \t\t--with-zlib \t\t\t\t--enable-phpdbg \t\t--enable-phpdbg-readline \t\t\t\t--with-pear \t\t\t\t$(test \"$gnuArch\" = 'riscv64-linux-gnu' \u0026\u0026 echo '--without-pcre-jit') \t\t--with-libdir=\"lib/$debMultiarch\" \t\t\t\t--enable-embed \t; \tmake -j \"$(nproc)\"; \tfind -type f -name '*.a' -delete; \tmake install; \tfind \t\t/usr/local \t\t-type f \t\t-perm '/0111' \t\t-exec sh -euxc ' \t\t\tstrip --strip-all \"$@\" || : \t\t' -- '{}' + \t; \tmake clean; \t\tcp -v php.ini-* \"$PHP_INI_DIR/\"; \t\tcd /; \tdocker-php-source delete; \t\tapt-mark auto '.*' \u003e /dev/null; \t[ -z \"$savedAptMark\" ] || apt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\tpecl update-channels; \trm -rf /tmp/pear ~/.pearrc; \t\tphp --version # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "RUN /bin/sh -c docker-php-ext-enable opcache # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "RUN /bin/sh -c docker-php-ext-enable sodium # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "ENTRYPOINT [\"docker-php-entrypoint\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-08T00:02:22Z", + "created_by": "CMD [\"php\" \"-a\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-17T08:57:22Z", + "created_by": "ARG USER=appuser", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-17T08:57:22Z", + "created_by": "ARG UID=1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-17T08:57:22Z", + "created_by": "RUN |2 USER=appuser UID=1000 /bin/sh -c useradd -u $UID -m $USER # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-17T08:59:49Z", + "created_by": "RUN |2 USER=appuser UID=1000 /bin/sh -c apt-get update \u0026\u0026 apt-get install -y libpq-dev postgresql-client unzip git libzip-dev libicu-dev \u0026\u0026 docker-php-ext-install pdo pdo_pgsql pgsql zip intl \u0026\u0026 rm -rf /var/lib/apt/lists/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-17T08:59:49Z", + "created_by": "COPY /usr/bin/composer /usr/bin/composer # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-17T08:59:49Z", + "created_by": "WORKDIR /var/www", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-18T02:48:30Z", + "created_by": "COPY . . # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-18T02:48:31Z", + "created_by": "RUN |2 USER=appuser UID=1000 /bin/sh -c chown -R $USER:$USER /var/www # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-18T02:48:31Z", + "created_by": "USER appuser", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-18T02:48:46Z", + "created_by": "RUN |2 USER=appuser UID=1000 /bin/sh -c composer install --no-dev --optimize-autoloader --prefer-dist # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-08-18T02:48:46Z", + "created_by": "EXPOSE map[8000/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-08-18T02:48:46Z", + "created_by": "CMD [\"php\" \"artisan\" \"serve\" \"--host=0.0.0.0\" \"--port=8000\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465", + "sha256:91dea3da4aa0a39f25876d1f6c265c272e123dee867d89f6863500e26bb3db85", + "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e", + "sha256:86b4f42da02b783c777a79af7e4fe2b007141f9d34a9f70d520e0a787900fb2f", + "sha256:3112cbc10456d6bdbfdc2d3d496d224ba6bf34baf56069f651f4d633ad697539", + "sha256:2a8e3e1b7dbe288b80b736db6ae2855ef63f891225d0571a005c47e0a6709700", + "sha256:d9b12e852d19f74ae98c366beb4e9e45f7d6338bb9ded408028eecabd34c6206", + "sha256:2cd7d388743ce1807c6b9540a7c65b2bbeda3d8e733b130507fe7eba8b2da173", + "sha256:84fba32b63b34c0eea4ef7f59916ba866aaac576174efb292ee27c288aa8c473", + "sha256:280fb80b82adde39ddf94f30df8e7c00c06037de62315738d9b084ac8e28f339", + "sha256:e12c950bc72263698d904ed87df75cd3220d37131f2ed1fe4fadc4719fa19df2", + "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e", + "sha256:8fcace58191cba835533976c4c0280a8431a3b31616b00b98f6e1d15e13528f8", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:d7fdd35b6d2d512d3ddc817d2465aad5472ad4bd7a728340f9483900255d57ce", + "sha256:1e569736f1a3bf9316e272ec8041ece11610e0f0556e957e3080c20691b6f89b", + "sha256:76f2061ac544b49fe20384d63c8228fb0fb50770cece82674737fbe1e2860da7" + ] + }, + "config": { + "Cmd": [ + "php", + "artisan", + "serve", + "--host=0.0.0.0", + "--port=8000" + ], + "Entrypoint": [ + "docker-php-entrypoint" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "PHPIZE_DEPS=autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c", + "PHP_INI_DIR=/usr/local/etc/php", + "PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64", + "PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64", + "PHP_LDFLAGS=-Wl,-O1 -pie", + "GPG_KEYS=39B641343D8C104B2B146DC3F9C39DC0B9698544 E60913E4DF209907D8E30D96659A97C9CF2A795A 1198C0117593497A5EC5C199286AF1F9897469DC", + "PHP_VERSION=8.2.29", + "PHP_URL=https://www.php.net/distributions/php-8.2.29.tar.xz", + "PHP_ASC_URL=https://www.php.net/distributions/php-8.2.29.tar.xz.asc", + "PHP_SHA256=475f991afd2d5b901fb410be407d929bc00c46285d3f439a02c59e8b6fe3589c" + ], + "User": "appuser", + "WorkingDir": "/var/www", + "ExposedPorts": { + "8000/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 81029120, + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + { + "Size": 3584, + "Digest": "sha256:12737ba421e5f209c9a6eb6b1e68df9e3d3f05219e62f8834abf3c7bd6cbf594", + "DiffID": "sha256:91dea3da4aa0a39f25876d1f6c265c272e123dee867d89f6863500e26bb3db85" + }, + { + "Size": 352968192, + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + { + "Size": 5120, + "Digest": "sha256:352902c8df80f871e4a7e8956e569ba7194c17be4fbfaddfc26029be5221e931", + "DiffID": "sha256:86b4f42da02b783c777a79af7e4fe2b007141f9d34a9f70d520e0a787900fb2f" + }, + { + "Size": 12773376, + "Digest": "sha256:642a4f828b1b5b2b489aa750ddd896a71e8e69e3b1577e635537235eac109cc7", + "DiffID": "sha256:3112cbc10456d6bdbfdc2d3d496d224ba6bf34baf56069f651f4d633ad697539" + }, + { + "Size": 4096, + "Digest": "sha256:91f6342e1a4a9499309ca8cf5f80f25ca11d9f4cc3ece09cedfb786e2662a6d6", + "DiffID": "sha256:2a8e3e1b7dbe288b80b736db6ae2855ef63f891225d0571a005c47e0a6709700" + }, + { + "Size": 86570496, + "Digest": "sha256:1100de33eda1f14d6e5393fc23b3af7cf071d14c6244c2329d853cee78fba0f7", + "DiffID": "sha256:d9b12e852d19f74ae98c366beb4e9e45f7d6338bb9ded408028eecabd34c6206" + }, + { + "Size": 12800, + "Digest": "sha256:62c64314c5669677b51d38970ca7bb636c719ab7e2b1020dc156002d048d7507", + "DiffID": "sha256:2cd7d388743ce1807c6b9540a7c65b2bbeda3d8e733b130507fe7eba8b2da173" + }, + { + "Size": 4608, + "Digest": "sha256:6cdce216ac061aa12f85d9a43a251340bcf31698b7a84578714f1ab2dd0322ac", + "DiffID": "sha256:84fba32b63b34c0eea4ef7f59916ba866aaac576174efb292ee27c288aa8c473" + }, + { + "Size": 4608, + "Digest": "sha256:4817729e583a2f7acff070b15b50afcd64590055186e5d6d9ecbe20d17f4f1aa", + "DiffID": "sha256:280fb80b82adde39ddf94f30df8e7c00c06037de62315738d9b084ac8e28f339" + }, + { + "Size": 21504, + "Digest": "sha256:4b9c5e1b358a644777c8f99bab2117c2a6fed44339ae128498c7ad7d616ad683", + "DiffID": "sha256:e12c950bc72263698d904ed87df75cd3220d37131f2ed1fe4fadc4719fa19df2" + }, + { + "Size": 161411584, + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + { + "Size": 3119616, + "Digest": "sha256:e1e2964b25b0cfb3241df79fff3b0b8c3e914c64064410f7ce7c25ad9172bd78", + "DiffID": "sha256:8fcace58191cba835533976c4c0280a8431a3b31616b00b98f6e1d15e13528f8" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + }, + { + "Size": 17716736, + "Digest": "sha256:b4ff1b62dc4dcdfd82633fda1d394b9080428acbe8535a42fcbd26fa634eeaaa", + "DiffID": "sha256:d7fdd35b6d2d512d3ddc817d2465aad5472ad4bd7a728340f9483900255d57ce" + }, + { + "Size": 17717248, + "Digest": "sha256:7de15dea254cb0a65569bc81ca74b7b51134df070601b6012090e221308f7c9e", + "DiffID": "sha256:1e569736f1a3bf9316e272ec8041ece11610e0f0556e957e3080c20691b6f89b" + }, + { + "Size": 65089536, + "Digest": "sha256:252a0cf4c03147cf34a3e9015e28e7dc1c5a77686219c2e5da96b6735e2af495", + "DiffID": "sha256:76f2061ac544b49fe20384d63c8228fb0fb50770cece82674737fbe1e2860da7" + } + ] + }, + "Results": [ + { + "Target": "sijago_app:prod (debian 13.0)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2011-3374", + "PkgID": "apt@3.0.3", + "PkgName": "apt", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.0", + "UID": "ecc395c1e596a7d1" + }, + "InstalledVersion": "3.0.3", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://seclists.org/fulldisclosure/2011/Sep/221", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518", + "https://ubuntu.com/security/CVE-2011-3374" + ], + "PublishedDate": "2019-11-26T00:15:11.03Z", + "LastModifiedDate": "2024-11-21T01:30:22.61Z" + }, + { + "VulnerabilityID": "TEMP-0841856-B18BAF", + "PkgID": "bash@5.2.37-2+b5", + "PkgName": "bash", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb5?arch=amd64\u0026distro=debian-13.0", + "UID": "7c30dd2b9684a355" + }, + "InstalledVersion": "5.2.37-2+b5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[Privilege escalation possible to other user than root]", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1 + } + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "binutils@2.44-3", + "PkgName": "binutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "68e93883c6c910d0" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "binutils-common@2.44-3", + "PkgName": "binutils-common", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "8e37579822c85bb9" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "binutils-x86-64-linux-gnu@2.44-3", + "PkgName": "binutils-x86-64-linux-gnu", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "3059e9d78c839b1" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "c9de60be80a96a27" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2017-18018", + "PkgID": "coreutils@9.7-3", + "PkgName": "coreutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.0", + "UID": "a90cbdbcbab1768e" + }, + "InstalledVersion": "9.7-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "coreutils: race condition vulnerability in chown and chgrp", + "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html", + "https://access.redhat.com/security/cve/CVE-2017-18018", + "https://nvd.nist.gov/vuln/detail/CVE-2017-18018", + "https://www.cve.org/CVERecord?id=CVE-2017-18018" + ], + "PublishedDate": "2018-01-04T04:29:00.19Z", + "LastModifiedDate": "2025-06-09T16:15:27.25Z" + }, + { + "VulnerabilityID": "CVE-2025-5278", + "PkgID": "coreutils@9.7-3", + "PkgName": "coreutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.0", + "UID": "a90cbdbcbab1768e" + }, + "InstalledVersion": "9.7-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", + "Description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-121" + ], + "VendorSeverity": { + "debian": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "https://security-tracker.debian.org/tracker/CVE-2025-5278", + "https://www.cve.org/CVERecord?id=CVE-2025-5278" + ], + "PublishedDate": "2025-05-27T21:15:23.197Z", + "LastModifiedDate": "2025-05-29T18:15:24.29Z" + }, + { + "VulnerabilityID": "CVE-2025-48384", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48384", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: Git arbitrary code execution", + "Description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-59", + "CWE-436" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-48384", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89", + "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9", + "https://linux.oracle.com/cve/CVE-2025-48384.html", + "https://linux.oracle.com/errata/ELSA-2025-11688.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48384", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://www.cve.org/CVERecord?id=CVE-2025-48384", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-08T19:15:42.8Z", + "LastModifiedDate": "2025-07-10T13:18:53.83Z" + }, + { + "VulnerabilityID": "CVE-2025-48385", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48385", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: Git arbitrary file writes", + "Description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-73", + "CWE-88" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-48385", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655", + "https://linux.oracle.com/cve/CVE-2025-48385.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48385", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://www.cve.org/CVERecord?id=CVE-2025-48385", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-08T19:15:43.097Z", + "LastModifiedDate": "2025-07-10T13:18:53.83Z" + }, + { + "VulnerabilityID": "CVE-2025-27613", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27613", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "gitk: Git file creation flaw", + "Description": "Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-27613", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5", + "https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652", + "https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v", + "https://linux.oracle.com/cve/CVE-2025-27613.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-27613", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://ubuntu.com/security/notices/USN-7626-2", + "https://ubuntu.com/security/notices/USN-7626-3", + "https://www.cve.org/CVERecord?id=CVE-2025-27613", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-10T15:15:26.243Z", + "LastModifiedDate": "2025-07-15T13:24:41.097Z" + }, + { + "VulnerabilityID": "CVE-2025-27614", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27614", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "gitk: git script execution flaw", + "Description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-27614", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129", + "https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc", + "https://linux.oracle.com/cve/CVE-2025-27614.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-27614", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://www.cve.org/CVERecord?id=CVE-2025-27614", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-10T15:15:26.403Z", + "LastModifiedDate": "2025-07-15T13:24:41.097Z" + }, + { + "VulnerabilityID": "CVE-2018-1000021", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000021", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands", + "Description": "GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 6.8, + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html", + "https://access.redhat.com/security/cve/CVE-2018-1000021", + "https://nvd.nist.gov/vuln/detail/CVE-2018-1000021", + "https://www.cve.org/CVERecord?id=CVE-2018-1000021" + ], + "PublishedDate": "2018-02-09T23:29:00.557Z", + "LastModifiedDate": "2024-11-21T03:39:26.66Z" + }, + { + "VulnerabilityID": "CVE-2022-24975", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24975", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: The --mirror option for git leaks secret for deleted content, aka the \"GitBleed\"", + "Description": "The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the \"GitBleed\" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.", + "Severity": "LOW", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "photon": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-24975", + "https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191", + "https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24975", + "https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/", + "https://www.cve.org/CVERecord?id=CVE-2022-24975", + "https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/" + ], + "PublishedDate": "2022-02-11T20:15:07.507Z", + "LastModifiedDate": "2024-11-21T06:51:29.247Z" + }, + { + "VulnerabilityID": "CVE-2024-52005", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: The sideband payload is passed unfiltered to the terminal in git", + "Description": "Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called \"sideband channel\". These messages will be prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.", + "Severity": "LOW", + "CweIDs": [ + "CWE-116", + "CWE-150" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 3, + "debian": 1, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7409", + "https://access.redhat.com/security/cve/CVE-2024-52005", + "https://bugzilla.redhat.com/2338289", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005", + "https://errata.almalinux.org/9/ALSA-2025-7409.html", + "https://errata.rockylinux.org/RLSA-2025:8414", + "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329", + "https://linux.oracle.com/cve/CVE-2024-52005.html", + "https://linux.oracle.com/errata/ELSA-2025-8414.html", + "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net", + "https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t", + "https://nvd.nist.gov/vuln/detail/CVE-2024-52005", + "https://www.cve.org/CVERecord?id=CVE-2024-52005" + ], + "PublishedDate": "2025-01-15T18:15:24.13Z", + "LastModifiedDate": "2025-01-15T18:15:24.13Z" + }, + { + "VulnerabilityID": "CVE-2025-46835", + "PkgID": "git@1:2.47.2-0.2", + "PkgName": "git", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git@2.47.2-0.2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "639d5388b2e6058c" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-46835", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: Git GUI can create and overwrite files for which the user has write permission", + "Description": "Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-88" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-46835", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da", + "https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg", + "https://linux.oracle.com/cve/CVE-2025-46835.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-46835", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://ubuntu.com/security/notices/USN-7626-2", + "https://ubuntu.com/security/notices/USN-7626-3", + "https://www.cve.org/CVERecord?id=CVE-2025-46835", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-10T15:15:29.503Z", + "LastModifiedDate": "2025-07-15T13:24:41.097Z" + }, + { + "VulnerabilityID": "CVE-2025-48384", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48384", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: Git arbitrary code execution", + "Description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-59", + "CWE-436" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-48384", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89", + "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9", + "https://linux.oracle.com/cve/CVE-2025-48384.html", + "https://linux.oracle.com/errata/ELSA-2025-11688.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48384", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://www.cve.org/CVERecord?id=CVE-2025-48384", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-08T19:15:42.8Z", + "LastModifiedDate": "2025-07-10T13:18:53.83Z" + }, + { + "VulnerabilityID": "CVE-2025-48385", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48385", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: Git arbitrary file writes", + "Description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-73", + "CWE-88" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-48385", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655", + "https://linux.oracle.com/cve/CVE-2025-48385.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48385", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://www.cve.org/CVERecord?id=CVE-2025-48385", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-08T19:15:43.097Z", + "LastModifiedDate": "2025-07-10T13:18:53.83Z" + }, + { + "VulnerabilityID": "CVE-2025-27613", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27613", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "gitk: Git file creation flaw", + "Description": "Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-27613", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5", + "https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652", + "https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v", + "https://linux.oracle.com/cve/CVE-2025-27613.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-27613", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://ubuntu.com/security/notices/USN-7626-2", + "https://ubuntu.com/security/notices/USN-7626-3", + "https://www.cve.org/CVERecord?id=CVE-2025-27613", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-10T15:15:26.243Z", + "LastModifiedDate": "2025-07-15T13:24:41.097Z" + }, + { + "VulnerabilityID": "CVE-2025-27614", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27614", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "gitk: git script execution flaw", + "Description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-27614", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129", + "https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc", + "https://linux.oracle.com/cve/CVE-2025-27614.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-27614", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://www.cve.org/CVERecord?id=CVE-2025-27614", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-10T15:15:26.403Z", + "LastModifiedDate": "2025-07-15T13:24:41.097Z" + }, + { + "VulnerabilityID": "CVE-2018-1000021", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000021", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands", + "Description": "GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V2Score": 6.8, + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html", + "https://access.redhat.com/security/cve/CVE-2018-1000021", + "https://nvd.nist.gov/vuln/detail/CVE-2018-1000021", + "https://www.cve.org/CVERecord?id=CVE-2018-1000021" + ], + "PublishedDate": "2018-02-09T23:29:00.557Z", + "LastModifiedDate": "2024-11-21T03:39:26.66Z" + }, + { + "VulnerabilityID": "CVE-2022-24975", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24975", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: The --mirror option for git leaks secret for deleted content, aka the \"GitBleed\"", + "Description": "The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the \"GitBleed\" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.", + "Severity": "LOW", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "photon": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-24975", + "https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191", + "https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24975", + "https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/", + "https://www.cve.org/CVERecord?id=CVE-2022-24975", + "https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/" + ], + "PublishedDate": "2022-02-11T20:15:07.507Z", + "LastModifiedDate": "2024-11-21T06:51:29.247Z" + }, + { + "VulnerabilityID": "CVE-2024-52005", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: The sideband payload is passed unfiltered to the terminal in git", + "Description": "Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called \"sideband channel\". These messages will be prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.", + "Severity": "LOW", + "CweIDs": [ + "CWE-116", + "CWE-150" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 3, + "debian": 1, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7409", + "https://access.redhat.com/security/cve/CVE-2024-52005", + "https://bugzilla.redhat.com/2338289", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005", + "https://errata.almalinux.org/9/ALSA-2025-7409.html", + "https://errata.rockylinux.org/RLSA-2025:8414", + "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329", + "https://linux.oracle.com/cve/CVE-2024-52005.html", + "https://linux.oracle.com/errata/ELSA-2025-8414.html", + "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net", + "https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t", + "https://nvd.nist.gov/vuln/detail/CVE-2024-52005", + "https://www.cve.org/CVERecord?id=CVE-2024-52005" + ], + "PublishedDate": "2025-01-15T18:15:24.13Z", + "LastModifiedDate": "2025-01-15T18:15:24.13Z" + }, + { + "VulnerabilityID": "CVE-2025-46835", + "PkgID": "git-man@1:2.47.2-0.2", + "PkgName": "git-man", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/git-man@2.47.2-0.2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "d9d4a8368a32c258" + }, + "InstalledVersion": "1:2.47.2-0.2", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-46835", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "git: Git GUI can create and overwrite files for which the user has write permission", + "Description": "Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.", + "Severity": "LOW", + "CweIDs": [ + "CWE-88" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11462", + "https://access.redhat.com/security/cve/CVE-2025-46835", + "https://bugzilla.redhat.com/2337824", + "https://bugzilla.redhat.com/2337956", + "https://bugzilla.redhat.com/2378806", + "https://bugzilla.redhat.com/2378808", + "https://bugzilla.redhat.com/2379124", + "https://bugzilla.redhat.com/2379125", + "https://bugzilla.redhat.com/2379326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2337956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378806", + "https://bugzilla.redhat.com/show_bug.cgi?id=2378808", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379124", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379125", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385", + "https://errata.almalinux.org/9/ALSA-2025-11462.html", + "https://errata.rockylinux.org/RLSA-2025:11534", + "https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da", + "https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg", + "https://linux.oracle.com/cve/CVE-2025-46835.html", + "https://linux.oracle.com/errata/ELSA-2025-11534.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-46835", + "https://ubuntu.com/security/notices/USN-7626-1", + "https://ubuntu.com/security/notices/USN-7626-2", + "https://ubuntu.com/security/notices/USN-7626-3", + "https://www.cve.org/CVERecord?id=CVE-2025-46835", + "https://www.openwall.com/lists/oss-security/2025/07/08/4" + ], + "PublishedDate": "2025-07-10T15:15:29.503Z", + "LastModifiedDate": "2025-07-15T13:24:41.097Z" + }, + { + "VulnerabilityID": "CVE-2011-3374", + "PkgID": "libapt-pkg7.0@3.0.3", + "PkgName": "libapt-pkg7.0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.0", + "UID": "680946e5d4ab85bd" + }, + "InstalledVersion": "3.0.3", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://seclists.org/fulldisclosure/2011/Sep/221", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518", + "https://ubuntu.com/security/CVE-2011-3374" + ], + "PublishedDate": "2019-11-26T00:15:11.03Z", + "LastModifiedDate": "2024-11-21T01:30:22.61Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "libbinutils@2.44-3", + "PkgName": "libbinutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "59ea47ba55a199e7" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.0", + "UID": "6c9693ac78293e63" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgID": "libc-bin@2.41-12", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a531ca45463d06a2" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://access.redhat.com/security/cve/CVE-2010-4756", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "https://www.cve.org/CVERecord?id=CVE-2010-4756" + ], + "PublishedDate": "2011-03-02T20:00:01.037Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgID": "libc-bin@2.41-12", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a531ca45463d06a2" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://access.redhat.com/security/cve/CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2018-20796" + ], + "PublishedDate": "2019-02-26T02:29:00.45Z", + "LastModifiedDate": "2024-11-21T04:02:11.827Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgID": "libc-bin@2.41-12", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a531ca45463d06a2" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 4 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010022", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022", + "https://www.cve.org/CVERecord?id=CVE-2019-1010022" + ], + "PublishedDate": "2019-07-15T04:15:13.317Z", + "LastModifiedDate": "2024-11-21T04:17:55.5Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgID": "libc-bin@2.41-12", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a531ca45463d06a2" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://access.redhat.com/security/cve/CVE-2019-1010023", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023", + "https://www.cve.org/CVERecord?id=CVE-2019-1010023" + ], + "PublishedDate": "2019-07-15T04:15:13.397Z", + "LastModifiedDate": "2024-11-21T04:17:55.643Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgID": "libc-bin@2.41-12", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a531ca45463d06a2" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://access.redhat.com/security/cve/CVE-2019-1010024", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024", + "https://www.cve.org/CVERecord?id=CVE-2019-1010024" + ], + "PublishedDate": "2019-07-15T04:15:13.473Z", + "LastModifiedDate": "2024-11-21T04:17:55.843Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgID": "libc-bin@2.41-12", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a531ca45463d06a2" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-330" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010025", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025", + "https://www.cve.org/CVERecord?id=CVE-2019-1010025" + ], + "PublishedDate": "2019-07-15T04:15:13.537Z", + "LastModifiedDate": "2024-11-21T04:17:55.96Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgID": "libc-bin@2.41-12", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a531ca45463d06a2" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-9192", + "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2019-9192" + ], + "PublishedDate": "2019-02-26T18:29:00.34Z", + "LastModifiedDate": "2024-11-21T04:51:10.53Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgID": "libc-dev-bin@2.41-12", + "PkgName": "libc-dev-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "e10f349b8d7dfe08" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://access.redhat.com/security/cve/CVE-2010-4756", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "https://www.cve.org/CVERecord?id=CVE-2010-4756" + ], + "PublishedDate": "2011-03-02T20:00:01.037Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgID": "libc-dev-bin@2.41-12", + "PkgName": "libc-dev-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "e10f349b8d7dfe08" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://access.redhat.com/security/cve/CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2018-20796" + ], + "PublishedDate": "2019-02-26T02:29:00.45Z", + "LastModifiedDate": "2024-11-21T04:02:11.827Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgID": "libc-dev-bin@2.41-12", + "PkgName": "libc-dev-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "e10f349b8d7dfe08" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 4 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010022", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022", + "https://www.cve.org/CVERecord?id=CVE-2019-1010022" + ], + "PublishedDate": "2019-07-15T04:15:13.317Z", + "LastModifiedDate": "2024-11-21T04:17:55.5Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgID": "libc-dev-bin@2.41-12", + "PkgName": "libc-dev-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "e10f349b8d7dfe08" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://access.redhat.com/security/cve/CVE-2019-1010023", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023", + "https://www.cve.org/CVERecord?id=CVE-2019-1010023" + ], + "PublishedDate": "2019-07-15T04:15:13.397Z", + "LastModifiedDate": "2024-11-21T04:17:55.643Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgID": "libc-dev-bin@2.41-12", + "PkgName": "libc-dev-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "e10f349b8d7dfe08" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://access.redhat.com/security/cve/CVE-2019-1010024", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024", + "https://www.cve.org/CVERecord?id=CVE-2019-1010024" + ], + "PublishedDate": "2019-07-15T04:15:13.473Z", + "LastModifiedDate": "2024-11-21T04:17:55.843Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgID": "libc-dev-bin@2.41-12", + "PkgName": "libc-dev-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "e10f349b8d7dfe08" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-330" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010025", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025", + "https://www.cve.org/CVERecord?id=CVE-2019-1010025" + ], + "PublishedDate": "2019-07-15T04:15:13.537Z", + "LastModifiedDate": "2024-11-21T04:17:55.96Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgID": "libc-dev-bin@2.41-12", + "PkgName": "libc-dev-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "e10f349b8d7dfe08" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-9192", + "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2019-9192" + ], + "PublishedDate": "2019-02-26T18:29:00.34Z", + "LastModifiedDate": "2024-11-21T04:51:10.53Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgID": "libc6@2.41-12", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a6d2d0103571346b" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://access.redhat.com/security/cve/CVE-2010-4756", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "https://www.cve.org/CVERecord?id=CVE-2010-4756" + ], + "PublishedDate": "2011-03-02T20:00:01.037Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgID": "libc6@2.41-12", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a6d2d0103571346b" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://access.redhat.com/security/cve/CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2018-20796" + ], + "PublishedDate": "2019-02-26T02:29:00.45Z", + "LastModifiedDate": "2024-11-21T04:02:11.827Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgID": "libc6@2.41-12", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a6d2d0103571346b" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 4 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010022", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022", + "https://www.cve.org/CVERecord?id=CVE-2019-1010022" + ], + "PublishedDate": "2019-07-15T04:15:13.317Z", + "LastModifiedDate": "2024-11-21T04:17:55.5Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgID": "libc6@2.41-12", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a6d2d0103571346b" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://access.redhat.com/security/cve/CVE-2019-1010023", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023", + "https://www.cve.org/CVERecord?id=CVE-2019-1010023" + ], + "PublishedDate": "2019-07-15T04:15:13.397Z", + "LastModifiedDate": "2024-11-21T04:17:55.643Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgID": "libc6@2.41-12", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a6d2d0103571346b" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://access.redhat.com/security/cve/CVE-2019-1010024", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024", + "https://www.cve.org/CVERecord?id=CVE-2019-1010024" + ], + "PublishedDate": "2019-07-15T04:15:13.473Z", + "LastModifiedDate": "2024-11-21T04:17:55.843Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgID": "libc6@2.41-12", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a6d2d0103571346b" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-330" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010025", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025", + "https://www.cve.org/CVERecord?id=CVE-2019-1010025" + ], + "PublishedDate": "2019-07-15T04:15:13.537Z", + "LastModifiedDate": "2024-11-21T04:17:55.96Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgID": "libc6@2.41-12", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "a6d2d0103571346b" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-9192", + "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2019-9192" + ], + "PublishedDate": "2019-02-26T18:29:00.34Z", + "LastModifiedDate": "2024-11-21T04:51:10.53Z" + }, + { + "VulnerabilityID": "CVE-2010-4756", + "PkgID": "libc6-dev@2.41-12", + "PkgName": "libc6-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "60d58e4f31f01aaf" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V2Score": 4 + }, + "redhat": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://access.redhat.com/security/cve/CVE-2010-4756", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "https://www.cve.org/CVERecord?id=CVE-2010-4756" + ], + "PublishedDate": "2011-03-02T20:00:01.037Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2018-20796", + "PkgID": "libc6-dev@2.41-12", + "PkgName": "libc6-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "60d58e4f31f01aaf" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/107160", + "https://access.redhat.com/security/cve/CVE-2018-20796", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2018-20796" + ], + "PublishedDate": "2019-02-26T02:29:00.45Z", + "LastModifiedDate": "2024-11-21T04:02:11.827Z" + }, + { + "VulnerabilityID": "CVE-2019-1010022", + "PkgID": "libc6-dev@2.41-12", + "PkgName": "libc6-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "60d58e4f31f01aaf" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: stack guard protection bypass", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 4 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010022", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022", + "https://www.cve.org/CVERecord?id=CVE-2019-1010022" + ], + "PublishedDate": "2019-07-15T04:15:13.317Z", + "LastModifiedDate": "2024-11-21T04:17:55.5Z" + }, + { + "VulnerabilityID": "CVE-2019-1010023", + "PkgID": "libc6-dev@2.41-12", + "PkgName": "libc6-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "60d58e4f31f01aaf" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109167", + "https://access.redhat.com/security/cve/CVE-2019-1010023", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023", + "https://www.cve.org/CVERecord?id=CVE-2019-1010023" + ], + "PublishedDate": "2019-07-15T04:15:13.397Z", + "LastModifiedDate": "2024-11-21T04:17:55.643Z" + }, + { + "VulnerabilityID": "CVE-2019-1010024", + "PkgID": "libc6-dev@2.41-12", + "PkgName": "libc6-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "60d58e4f31f01aaf" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: ASLR bypass using cache of thread stack and heap", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/109162", + "https://access.redhat.com/security/cve/CVE-2019-1010024", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024", + "https://www.cve.org/CVERecord?id=CVE-2019-1010024" + ], + "PublishedDate": "2019-07-15T04:15:13.473Z", + "LastModifiedDate": "2024-11-21T04:17:55.843Z" + }, + { + "VulnerabilityID": "CVE-2019-1010025", + "PkgID": "libc6-dev@2.41-12", + "PkgName": "libc6-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "60d58e4f31f01aaf" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: information disclosure of heap addresses of pthread_created thread", + "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-330" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-1010025", + "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025", + "https://www.cve.org/CVERecord?id=CVE-2019-1010025" + ], + "PublishedDate": "2019-07-15T04:15:13.537Z", + "LastModifiedDate": "2024-11-21T04:17:55.96Z" + }, + { + "VulnerabilityID": "CVE-2019-9192", + "PkgID": "libc6-dev@2.41-12", + "PkgName": "libc6-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.0", + "UID": "60d58e4f31f01aaf" + }, + "InstalledVersion": "2.41-12", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 2.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-9192", + "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2019-9192" + ], + "PublishedDate": "2019-02-26T18:29:00.34Z", + "LastModifiedDate": "2024-11-21T04:51:10.53Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "libctf-nobfd0@2.44-3", + "PkgName": "libctf-nobfd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "83182541c9eda1bd" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "libctf0@2.44-3", + "PkgName": "libctf0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "79167ded09bbde3e" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2011-3389", + "PkgID": "libgnutls30t64@3.8.9-3", + "PkgName": "libgnutls30t64", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64\u0026distro=debian-13.0", + "UID": "c1f30538acdb3412" + }, + "InstalledVersion": "3.8.9-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-326" + ], + "VendorSeverity": { + "amazon": 4, + "debian": 1, + "nvd": 2, + "oracle-oval": 4, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", + "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", + "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", + "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", + "http://curl.haxx.se/docs/adv_20120124B.html", + "http://downloads.asterisk.org/pub/security/AST-2016-001.html", + "http://ekoparty.org/2011/juliano-rizzo.php", + "http://eprint.iacr.org/2004/111", + "http://eprint.iacr.org/2006/136", + "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", + "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", + "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", + "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", + "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", + "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", + "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", + "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", + "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", + "http://osvdb.org/74829", + "http://rhn.redhat.com/errata/RHSA-2012-0508.html", + "http://rhn.redhat.com/errata/RHSA-2013-1455.html", + "http://secunia.com/advisories/45791", + "http://secunia.com/advisories/47998", + "http://secunia.com/advisories/48256", + "http://secunia.com/advisories/48692", + "http://secunia.com/advisories/48915", + "http://secunia.com/advisories/48948", + "http://secunia.com/advisories/49198", + "http://secunia.com/advisories/55322", + "http://secunia.com/advisories/55350", + "http://secunia.com/advisories/55351", + "http://security.gentoo.org/glsa/glsa-201203-02.xml", + "http://security.gentoo.org/glsa/glsa-201406-32.xml", + "http://support.apple.com/kb/HT4999", + "http://support.apple.com/kb/HT5001", + "http://support.apple.com/kb/HT5130", + "http://support.apple.com/kb/HT5281", + "http://support.apple.com/kb/HT5501", + "http://support.apple.com/kb/HT6150", + "http://technet.microsoft.com/security/advisory/2588513", + "http://vnhacker.blogspot.com/2011/09/beast.html", + "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", + "http://www.debian.org/security/2012/dsa-2398", + "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", + "http://www.ibm.com/developerworks/java/jdk/alerts/", + "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", + "http://www.insecure.cl/Beast-SSL.rar", + "http://www.kb.cert.org/vuls/id/864643", + "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", + "http://www.opera.com/docs/changelogs/mac/1151/", + "http://www.opera.com/docs/changelogs/mac/1160/", + "http://www.opera.com/docs/changelogs/unix/1151/", + "http://www.opera.com/docs/changelogs/unix/1160/", + "http://www.opera.com/docs/changelogs/windows/1151/", + "http://www.opera.com/docs/changelogs/windows/1160/", + "http://www.opera.com/support/kb/view/1004/", + "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "http://www.redhat.com/support/errata/RHSA-2011-1384.html", + "http://www.redhat.com/support/errata/RHSA-2012-0006.html", + "http://www.securityfocus.com/bid/49388", + "http://www.securityfocus.com/bid/49778", + "http://www.securitytracker.com/id/1029190", + "http://www.securitytracker.com/id?1025997", + "http://www.securitytracker.com/id?1026103", + "http://www.securitytracker.com/id?1026704", + "http://www.ubuntu.com/usn/USN-1263-1", + "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", + "https://access.redhat.com/security/cve/CVE-2011-3389", + "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", + "https://bugzilla.novell.com/show_bug.cgi?id=719047", + "https://bugzilla.redhat.com/show_bug.cgi?id=737506", + "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", + "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", + "https://hermes.opensuse.org/messages/13154861", + "https://hermes.opensuse.org/messages/13155432", + "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "https://linux.oracle.com/cve/CVE-2011-3389.html", + "https://linux.oracle.com/errata/ELSA-2011-1380.html", + "https://nvd.nist.gov/vuln/detail/CVE-2011-3389", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", + "https://ubuntu.com/security/notices/USN-1263-1", + "https://www.cve.org/CVERecord?id=CVE-2011-3389" + ], + "PublishedDate": "2011-09-06T19:55:03.197Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "libgprofng0@2.44-3", + "PkgName": "libgprofng0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "e17187a228e100c" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2018-5709", + "PkgID": "libgssapi-krb5-2@1.21.3-5", + "PkgName": "libgssapi-krb5-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "429778a949236bc8" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", + "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2018-5709", + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "https://www.cve.org/CVERecord?id=CVE-2018-5709" + ], + "PublishedDate": "2018-01-16T09:29:00.5Z", + "LastModifiedDate": "2024-11-21T04:09:13.037Z" + }, + { + "VulnerabilityID": "CVE-2024-26458", + "PkgID": "libgssapi-krb5-2@1.21.3-5", + "PkgName": "libgssapi-krb5-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "429778a949236bc8" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26458", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://linux.oracle.com/cve/CVE-2024-26458.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "https://security.netapp.com/advisory/ntap-20240415-0010/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26458" + ], + "PublishedDate": "2024-02-29T01:44:18.78Z", + "LastModifiedDate": "2025-05-23T15:39:31.357Z" + }, + { + "VulnerabilityID": "CVE-2024-26461", + "PkgID": "libgssapi-krb5-2@1.21.3-5", + "PkgName": "libgssapi-krb5-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "429778a949236bc8" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "debian": 1, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26461", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://linux.oracle.com/cve/CVE-2024-26461.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "https://security.netapp.com/advisory/ntap-20240415-0011/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26461" + ], + "PublishedDate": "2024-02-29T01:44:18.82Z", + "LastModifiedDate": "2025-05-23T15:30:30.847Z" + }, + { + "VulnerabilityID": "CVE-2020-36325", + "PkgID": "libjansson4@2.14-2+b3", + "PkgName": "libjansson4", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libjansson4@2.14-2%2Bb3?arch=amd64\u0026distro=debian-13.0", + "UID": "f9d20083f4e636cc" + }, + "InstalledVersion": "2.14-2+b3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36325", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "jansson: out-of-bounds read in json_loads() due to a parsing error", + "Description": "An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-36325", + "https://github.com/akheron/jansson/issues/548", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36325", + "https://www.cve.org/CVERecord?id=CVE-2020-36325" + ], + "PublishedDate": "2021-04-26T18:15:07.493Z", + "LastModifiedDate": "2024-11-21T05:29:17.143Z" + }, + { + "VulnerabilityID": "CVE-2018-5709", + "PkgID": "libk5crypto3@1.21.3-5", + "PkgName": "libk5crypto3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "d4b31d759afd593f" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", + "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2018-5709", + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "https://www.cve.org/CVERecord?id=CVE-2018-5709" + ], + "PublishedDate": "2018-01-16T09:29:00.5Z", + "LastModifiedDate": "2024-11-21T04:09:13.037Z" + }, + { + "VulnerabilityID": "CVE-2024-26458", + "PkgID": "libk5crypto3@1.21.3-5", + "PkgName": "libk5crypto3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "d4b31d759afd593f" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26458", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://linux.oracle.com/cve/CVE-2024-26458.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "https://security.netapp.com/advisory/ntap-20240415-0010/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26458" + ], + "PublishedDate": "2024-02-29T01:44:18.78Z", + "LastModifiedDate": "2025-05-23T15:39:31.357Z" + }, + { + "VulnerabilityID": "CVE-2024-26461", + "PkgID": "libk5crypto3@1.21.3-5", + "PkgName": "libk5crypto3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "d4b31d759afd593f" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "debian": 1, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26461", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://linux.oracle.com/cve/CVE-2024-26461.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "https://security.netapp.com/advisory/ntap-20240415-0011/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26461" + ], + "PublishedDate": "2024-02-29T01:44:18.82Z", + "LastModifiedDate": "2025-05-23T15:30:30.847Z" + }, + { + "VulnerabilityID": "CVE-2018-5709", + "PkgID": "libkrb5-3@1.21.3-5", + "PkgName": "libkrb5-3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "c23e89280898cb21" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", + "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2018-5709", + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "https://www.cve.org/CVERecord?id=CVE-2018-5709" + ], + "PublishedDate": "2018-01-16T09:29:00.5Z", + "LastModifiedDate": "2024-11-21T04:09:13.037Z" + }, + { + "VulnerabilityID": "CVE-2024-26458", + "PkgID": "libkrb5-3@1.21.3-5", + "PkgName": "libkrb5-3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "c23e89280898cb21" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26458", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://linux.oracle.com/cve/CVE-2024-26458.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "https://security.netapp.com/advisory/ntap-20240415-0010/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26458" + ], + "PublishedDate": "2024-02-29T01:44:18.78Z", + "LastModifiedDate": "2025-05-23T15:39:31.357Z" + }, + { + "VulnerabilityID": "CVE-2024-26461", + "PkgID": "libkrb5-3@1.21.3-5", + "PkgName": "libkrb5-3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "c23e89280898cb21" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "debian": 1, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26461", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://linux.oracle.com/cve/CVE-2024-26461.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "https://security.netapp.com/advisory/ntap-20240415-0011/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26461" + ], + "PublishedDate": "2024-02-29T01:44:18.82Z", + "LastModifiedDate": "2025-05-23T15:30:30.847Z" + }, + { + "VulnerabilityID": "CVE-2018-5709", + "PkgID": "libkrb5support0@1.21.3-5", + "PkgName": "libkrb5support0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "e8d0710e4c875891" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", + "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2018-5709", + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "https://www.cve.org/CVERecord?id=CVE-2018-5709" + ], + "PublishedDate": "2018-01-16T09:29:00.5Z", + "LastModifiedDate": "2024-11-21T04:09:13.037Z" + }, + { + "VulnerabilityID": "CVE-2024-26458", + "PkgID": "libkrb5support0@1.21.3-5", + "PkgName": "libkrb5support0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "e8d0710e4c875891" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26458", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://linux.oracle.com/cve/CVE-2024-26458.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "https://security.netapp.com/advisory/ntap-20240415-0010/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26458" + ], + "PublishedDate": "2024-02-29T01:44:18.78Z", + "LastModifiedDate": "2025-05-23T15:39:31.357Z" + }, + { + "VulnerabilityID": "CVE-2024-26461", + "PkgID": "libkrb5support0@1.21.3-5", + "PkgName": "libkrb5support0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.0", + "UID": "e8d0710e4c875891" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", + "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "debian": 1, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9331", + "https://access.redhat.com/security/cve/CVE-2024-26461", + "https://bugzilla.redhat.com/2266731", + "https://bugzilla.redhat.com/2266740", + "https://bugzilla.redhat.com/2266742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", + "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", + "https://errata.almalinux.org/9/ALSA-2024-9331.html", + "https://errata.rockylinux.org/RLSA-2024:3268", + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://linux.oracle.com/cve/CVE-2024-26461.html", + "https://linux.oracle.com/errata/ELSA-2024-9331.html", + "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "https://security.netapp.com/advisory/ntap-20240415-0011/", + "https://ubuntu.com/security/notices/USN-7314-1", + "https://www.cve.org/CVERecord?id=CVE-2024-26461" + ], + "PublishedDate": "2024-02-29T01:44:18.82Z", + "LastModifiedDate": "2025-05-23T15:30:30.847Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.0", + "UID": "df76396cbfd04981" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2015-3276", + "PkgID": "libldap2@2.6.10+dfsg-1", + "PkgName": "libldap2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.0", + "UID": "44af799c7fa39aef" + }, + "InstalledVersion": "2.6.10+dfsg-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3276", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openldap: incorrect multi-keyword mode cipherstring parsing", + "Description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "Severity": "LOW", + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://access.redhat.com/security/cve/CVE-2015-3276", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322", + "https://linux.oracle.com/cve/CVE-2015-3276.html", + "https://linux.oracle.com/errata/ELSA-2015-2131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "https://www.cve.org/CVERecord?id=CVE-2015-3276" + ], + "PublishedDate": "2015-12-07T20:59:03.023Z", + "LastModifiedDate": "2025-04-12T10:46:40.837Z" + }, + { + "VulnerabilityID": "CVE-2017-14159", + "PkgID": "libldap2@2.6.10+dfsg-1", + "PkgName": "libldap2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.0", + "UID": "44af799c7fa39aef" + }, + "InstalledVersion": "2.6.10+dfsg-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14159", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openldap: Privilege escalation via PID file manipulation", + "Description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "Severity": "LOW", + "CweIDs": [ + "CWE-665" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://access.redhat.com/security/cve/CVE-2017-14159", + "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "https://www.cve.org/CVERecord?id=CVE-2017-14159", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2017-09-05T18:29:00.133Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2017-17740", + "PkgID": "libldap2@2.6.10+dfsg-1", + "PkgName": "libldap2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.0", + "UID": "44af799c7fa39aef" + }, + "InstalledVersion": "2.6.10+dfsg-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17740", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service", + "Description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://access.redhat.com/security/cve/CVE-2017-17740", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365", + "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "https://www.cve.org/CVERecord?id=CVE-2017-17740", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2017-12-18T06:29:00.397Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2020-15719", + "PkgID": "libldap2@2.6.10+dfsg-1", + "PkgName": "libldap2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.0", + "UID": "44af799c7fa39aef" + }, + "InstalledVersion": "2.6.10+dfsg-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15719", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openldap: Certificate validation incorrectly matches name against CN-ID", + "Description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "Severity": "LOW", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "bitnami": 2, + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 4.2 + }, + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V2Score": 4, + "V3Score": 4.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 4.2 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://access.redhat.com/security/cve/CVE-2020-15719", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365", + "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "https://www.cve.org/CVERecord?id=CVE-2020-15719", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2020-07-14T14:15:17.667Z", + "LastModifiedDate": "2024-11-21T05:06:05.903Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.0", + "UID": "6d2d7374cd54451e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2011-4116", + "PkgID": "libperl5.40@5.40.1-6", + "PkgName": "libperl5.40", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libperl5.40@5.40.1-6?arch=amd64\u0026distro=debian-13.0", + "UID": "2317fd40c840954" + }, + "InstalledVersion": "5.40.1-6", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "perl: File:: Temp insecure temporary file handling", + "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 1.5, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2011/11/04/2", + "http://www.openwall.com/lists/oss-security/2011/11/04/4", + "https://access.redhat.com/security/cve/CVE-2011-4116", + "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", + "https://nvd.nist.gov/vuln/detail/CVE-2011-4116", + "https://rt.cpan.org/Public/Bug/Display.html?id=69106", + "https://seclists.org/oss-sec/2011/q4/238", + "https://www.cve.org/CVERecord?id=CVE-2011-4116" + ], + "PublishedDate": "2020-01-31T18:15:11.343Z", + "LastModifiedDate": "2025-08-04T19:04:38.29Z" + }, + { + "VulnerabilityID": "CVE-2025-8714", + "PkgID": "libpq-dev@17.5-1", + "PkgName": "libpq-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq-dev@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "d4fd0b7c13fa80cf" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8714", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL code execution in restore operation", + "Description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8714", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "https://www.cve.org/CVERecord?id=CVE-2025-8714", + "https://www.postgresql.org/support/security/CVE-2025-8714/" + ], + "PublishedDate": "2025-08-14T13:15:37.717Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2025-8715", + "PkgID": "libpq-dev@17.5-1", + "PkgName": "libpq-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq-dev@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "d4fd0b7c13fa80cf" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8715", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL executes arbitrary code in restore operation", + "Description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-93" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8715", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8715", + "https://www.cve.org/CVERecord?id=CVE-2025-8715", + "https://www.postgresql.org/support/security/CVE-2025-8715/" + ], + "PublishedDate": "2025-08-14T13:15:37.88Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2025-8713", + "PkgID": "libpq-dev@17.5-1", + "PkgName": "libpq-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq-dev@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "d4fd0b7c13fa80cf" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8713", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table", + "Description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1230" + ], + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8713", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "https://www.cve.org/CVERecord?id=CVE-2025-8713", + "https://www.postgresql.org/support/security/CVE-2025-8713/" + ], + "PublishedDate": "2025-08-14T13:15:37.543Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2025-8714", + "PkgID": "libpq5@17.5-1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "caa9812a5ee147f1" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8714", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL code execution in restore operation", + "Description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8714", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "https://www.cve.org/CVERecord?id=CVE-2025-8714", + "https://www.postgresql.org/support/security/CVE-2025-8714/" + ], + "PublishedDate": "2025-08-14T13:15:37.717Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2025-8715", + "PkgID": "libpq5@17.5-1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "caa9812a5ee147f1" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8715", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL executes arbitrary code in restore operation", + "Description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-93" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8715", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8715", + "https://www.cve.org/CVERecord?id=CVE-2025-8715", + "https://www.postgresql.org/support/security/CVE-2025-8715/" + ], + "PublishedDate": "2025-08-14T13:15:37.88Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2025-8713", + "PkgID": "libpq5@17.5-1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "caa9812a5ee147f1" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8713", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table", + "Description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1230" + ], + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8713", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "https://www.cve.org/CVERecord?id=CVE-2025-8713", + "https://www.postgresql.org/support/security/CVE-2025-8713/" + ], + "PublishedDate": "2025-08-14T13:15:37.543Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-20673", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: Integer overflow in demangle_template() function", + "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "alma": 1, + "debian": 1, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106454", + "https://access.redhat.com/security/cve/CVE-2018-20673", + "https://linux.oracle.com/cve/CVE-2018-20673.html", + "https://linux.oracle.com/errata/ELSA-2021-4386.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", + "https://www.cve.org/CVERecord?id=CVE-2018-20673" + ], + "PublishedDate": "2019-01-04T18:29:00.21Z", + "LastModifiedDate": "2024-11-21T04:01:57.977Z" + }, + { + "VulnerabilityID": "CVE-2018-20712", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libiberty: heap-based buffer over-read in d_expression_1", + "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/106563", + "https://access.redhat.com/security/cve/CVE-2018-20712", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", + "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", + "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", + "https://support.f5.com/csp/article/K38336243", + "https://www.cve.org/CVERecord?id=CVE-2018-20712" + ], + "PublishedDate": "2019-01-15T00:29:00.257Z", + "LastModifiedDate": "2024-11-21T04:02:00.663Z" + }, + { + "VulnerabilityID": "CVE-2018-9996", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", + "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103733", + "https://access.redhat.com/security/cve/CVE-2018-9996", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", + "https://www.cve.org/CVERecord?id=CVE-2018-9996" + ], + "PublishedDate": "2018-04-10T22:29:00.353Z", + "LastModifiedDate": "2024-11-21T04:16:00.48Z" + }, + { + "VulnerabilityID": "CVE-2021-32256", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", + "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-32256", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", + "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", + "https://security.netapp.com/advisory/ntap-20230824-0013/", + "https://www.cve.org/CVERecord?id=CVE-2021-32256" + ], + "PublishedDate": "2023-07-18T14:15:11.61Z", + "LastModifiedDate": "2024-11-21T06:06:55.1Z" + }, + { + "VulnerabilityID": "CVE-2025-1147", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", + "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-120" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1147", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", + "https://sourceware.org/bugzilla/attachment.cgi?id=15881", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", + "https://vuldb.com/?ctiid.295051", + "https://vuldb.com/?id.295051", + "https://vuldb.com/?submit.485254", + "https://www.cve.org/CVERecord?id=CVE-2025-1147", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.643Z", + "LastModifiedDate": "2025-03-04T15:51:17.86Z" + }, + { + "VulnerabilityID": "CVE-2025-1148", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1148", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295052", + "https://vuldb.com/?id.295052", + "https://vuldb.com/?submit.485747", + "https://www.cve.org/CVERecord?id=CVE-2025-1148", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T14:15:29.927Z", + "LastModifiedDate": "2025-03-04T17:12:35.4Z" + }, + { + "VulnerabilityID": "CVE-2025-1149", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1149", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295053", + "https://vuldb.com/?id.295053", + "https://www.cve.org/CVERecord?id=CVE-2025-1149", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T15:15:13.093Z", + "LastModifiedDate": "2025-03-04T14:53:43.637Z" + }, + { + "VulnerabilityID": "CVE-2025-1150", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1150", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295054", + "https://vuldb.com/?id.295054", + "https://www.cve.org/CVERecord?id=CVE-2025-1150", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.517Z", + "LastModifiedDate": "2025-03-11T19:01:04.727Z" + }, + { + "VulnerabilityID": "CVE-2025-1151", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1151", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295055", + "https://vuldb.com/?id.295055", + "https://www.cve.org/CVERecord?id=CVE-2025-1151", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T17:15:18.713Z", + "LastModifiedDate": "2025-02-10T17:15:18.713Z" + }, + { + "VulnerabilityID": "CVE-2025-1152", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1152", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", + "https://sourceware.org/bugzilla/attachment.cgi?id=15887", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", + "https://vuldb.com/?ctiid.295056", + "https://vuldb.com/?id.295056", + "https://www.cve.org/CVERecord?id=CVE-2025-1152", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T18:15:34.043Z", + "LastModifiedDate": "2025-03-03T16:52:20.953Z" + }, + { + "VulnerabilityID": "CVE-2025-1153", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1153", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295057", + "https://vuldb.com/?id.295057", + "https://vuldb.com/?submit.489991", + "https://www.cve.org/CVERecord?id=CVE-2025-1153", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-10T19:15:39.9Z", + "LastModifiedDate": "2025-03-03T17:28:09.167Z" + }, + { + "VulnerabilityID": "CVE-2025-1176", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", + "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1176", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", + "https://security.netapp.com/advisory/ntap-20250411-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15913", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://ubuntu.com/security/notices/USN-7423-2", + "https://vuldb.com/?ctiid.295079", + "https://vuldb.com/?id.295079", + "https://vuldb.com/?submit.495329", + "https://www.cve.org/CVERecord?id=CVE-2025-1176", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T06:15:22.433Z", + "LastModifiedDate": "2025-04-11T22:15:29.513Z" + }, + { + "VulnerabilityID": "CVE-2025-1178", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", + "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1178", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", + "https://security.netapp.com/advisory/ntap-20250411-0008/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15914", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295081", + "https://vuldb.com/?id.295081", + "https://vuldb.com/?submit.495369", + "https://www.cve.org/CVERecord?id=CVE-2025-1178", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T07:15:29.997Z", + "LastModifiedDate": "2025-05-21T20:35:24.22Z" + }, + { + "VulnerabilityID": "CVE-2025-1180", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", + "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1180", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", + "https://sourceware.org/bugzilla/attachment.cgi?id=15917", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", + "https://vuldb.com/?ctiid.295083", + "https://vuldb.com/?id.295083", + "https://vuldb.com/?submit.495381", + "https://www.cve.org/CVERecord?id=CVE-2025-1180", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.59Z", + "LastModifiedDate": "2025-05-21T20:35:18.05Z" + }, + { + "VulnerabilityID": "CVE-2025-1181", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", + "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1181", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", + "https://security.netapp.com/advisory/ntap-20250425-0007/", + "https://sourceware.org/bugzilla/attachment.cgi?id=15918", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295084", + "https://vuldb.com/?id.295084", + "https://vuldb.com/?submit.495402", + "https://www.cve.org/CVERecord?id=CVE-2025-1181", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T08:15:31.797Z", + "LastModifiedDate": "2025-05-21T20:35:11.073Z" + }, + { + "VulnerabilityID": "CVE-2025-1182", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", + "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1182", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", + "https://sourceware.org/bugzilla/attachment.cgi?id=15919", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", + "https://ubuntu.com/security/notices/USN-7423-1", + "https://vuldb.com/?ctiid.295086", + "https://vuldb.com/?id.295086", + "https://vuldb.com/?submit.495407", + "https://www.cve.org/CVERecord?id=CVE-2025-1182", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-02-11T09:15:09.53Z", + "LastModifiedDate": "2025-05-21T20:35:04.15Z" + }, + { + "VulnerabilityID": "CVE-2025-3198", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", + "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-3198", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", + "https://vuldb.com/?ctiid.303151", + "https://vuldb.com/?id.303151", + "https://vuldb.com/?submit.545773", + "https://www.cve.org/CVERecord?id=CVE-2025-3198", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-04-04T02:15:18.803Z", + "LastModifiedDate": "2025-05-15T19:46:30.95Z" + }, + { + "VulnerabilityID": "CVE-2025-5244", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", + "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5244", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", + "https://sourceware.org/bugzilla/attachment.cgi?id=16010", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", + "https://vuldb.com/?ctiid.310346", + "https://vuldb.com/?id.310346", + "https://vuldb.com/?submit.584634", + "https://www.cve.org/CVERecord?id=CVE-2025-5244", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T13:15:21.76Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-5245", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", + "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-5245", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", + "https://sourceware.org/bugzilla/attachment.cgi?id=16004", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", + "https://vuldb.com/?ctiid.310347", + "https://vuldb.com/?id.310347", + "https://vuldb.com/?submit.584635", + "https://www.cve.org/CVERecord?id=CVE-2025-5245", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-05-27T15:15:36.057Z", + "LastModifiedDate": "2025-05-28T15:01:30.72Z" + }, + { + "VulnerabilityID": "CVE-2025-7545", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Heap Buffer Overflow", + "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-122" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7545", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", + "https://sourceware.org/bugzilla/attachment.cgi?id=16117", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", + "https://vuldb.com/?ctiid.316243", + "https://vuldb.com/?id.316243", + "https://vuldb.com/?submit.614355", + "https://www.cve.org/CVERecord?id=CVE-2025-7545", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:23.873Z", + "LastModifiedDate": "2025-07-30T15:59:48.84Z" + }, + { + "VulnerabilityID": "CVE-2025-7546", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", + "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7546", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", + "https://sourceware.org/bugzilla/attachment.cgi?id=16118", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", + "https://vuldb.com/?ctiid.316244", + "https://vuldb.com/?id.316244", + "https://vuldb.com/?submit.614375", + "https://www.cve.org/CVERecord?id=CVE-2025-7546", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-13T22:15:24.07Z", + "LastModifiedDate": "2025-07-30T15:59:59.203Z" + }, + { + "VulnerabilityID": "CVE-2025-8224", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8224", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils BFD Null Pointer Dereference", + "Description": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8224", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8224", + "https://sourceware.org/bugzilla/attachment.cgi?id=15680", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530", + "https://vuldb.com/?ctiid.317812", + "https://vuldb.com/?id.317812", + "https://vuldb.com/?submit.621878", + "https://www.cve.org/CVERecord?id=CVE-2025-8224", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T06:15:26.947Z", + "LastModifiedDate": "2025-08-01T17:08:29.62Z" + }, + { + "VulnerabilityID": "CVE-2025-8225", + "PkgID": "libsframe1@2.44-3", + "PkgName": "libsframe1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.0", + "UID": "1baf40be486f4045" + }, + "InstalledVersion": "2.44-3", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Binutils DWARF Section Handler Memory Leak", + "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401", + "CWE-404" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8225", + "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", + "https://vuldb.com/?ctiid.317813", + "https://vuldb.com/?id.317813", + "https://vuldb.com/?submit.621883", + "https://www.cve.org/CVERecord?id=CVE-2025-8225", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-07-27T08:15:25.76Z", + "LastModifiedDate": "2025-08-01T17:08:13.977Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.0", + "UID": "bdd963006efde917" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2021-45346", + "PkgID": "libsqlite3-0@3.46.1-7", + "PkgName": "libsqlite3-0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7?arch=amd64\u0026distro=debian-13.0", + "UID": "d3b12dcb7bd33f74" + }, + "InstalledVersion": "3.46.1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45346", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "sqlite: crafted SQL query allows a malicious user to obtain sensitive information", + "Description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", + "Severity": "LOW", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "bitnami": 2, + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4, + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-45346", + "https://github.com/guyinatuxedo/sqlite3_record_leaking", + "https://nvd.nist.gov/vuln/detail/CVE-2021-45346", + "https://security.netapp.com/advisory/ntap-20220303-0001/", + "https://sqlite.org/forum/forumpost/056d557c2f8c452ed5", + "https://sqlite.org/forum/forumpost/53de8864ba114bf6", + "https://www.cve.org/CVERecord?id=CVE-2021-45346", + "https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves" + ], + "PublishedDate": "2022-02-14T19:15:07.793Z", + "LastModifiedDate": "2024-11-21T06:32:07.577Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgID": "libsystemd0@257.7-1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "adaa572d3726e18c" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://access.redhat.com/security/cve/CVE-2013-4392", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060", + "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "https://www.cve.org/CVERecord?id=CVE-2013-4392" + ], + "PublishedDate": "2013-10-28T22:55:03.773Z", + "LastModifiedDate": "2025-06-09T16:15:23.763Z" + }, + { + "VulnerabilityID": "CVE-2023-31437", + "PkgID": "libsystemd0@257.7-1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "adaa572d3726e18c" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", + "Description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" + ], + "PublishedDate": "2023-06-13T17:15:14.657Z", + "LastModifiedDate": "2025-01-03T20:15:26.457Z" + }, + { + "VulnerabilityID": "CVE-2023-31438", + "PkgID": "libsystemd0@257.7-1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "adaa572d3726e18c" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", + "Description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" + ], + "PublishedDate": "2023-06-13T17:15:14.707Z", + "LastModifiedDate": "2024-11-21T08:01:51.953Z" + }, + { + "VulnerabilityID": "CVE-2023-31439", + "PkgID": "libsystemd0@257.7-1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "adaa572d3726e18c" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in systemd 253. An attacker can modify the con ...", + "Description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" + ], + "PublishedDate": "2023-06-13T17:15:14.753Z", + "LastModifiedDate": "2024-11-21T08:01:52.097Z" + }, + { + "VulnerabilityID": "CVE-2025-6141", + "PkgID": "libtinfo6@6.5+20250216-2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.0", + "UID": "39109c87ce11f4ff" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "gnu-ncurses: ncurses Stack Buffer Overflow", + "Description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-121" + ], + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-6141", + "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-6141", + "https://vuldb.com/?ctiid.312610", + "https://vuldb.com/?id.312610", + "https://vuldb.com/?submit.593000", + "https://www.cve.org/CVERecord?id=CVE-2025-6141", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-06-16T22:16:41.527Z", + "LastModifiedDate": "2025-06-17T20:50:23.507Z" + }, + { + "VulnerabilityID": "CVE-2013-4392", + "PkgID": "libudev1@257.7-1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "a07a8f3a156d8dc5" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "V2Score": 3.3 + } + }, + "References": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://access.redhat.com/security/cve/CVE-2013-4392", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060", + "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "https://www.cve.org/CVERecord?id=CVE-2013-4392" + ], + "PublishedDate": "2013-10-28T22:55:03.773Z", + "LastModifiedDate": "2025-06-09T16:15:23.763Z" + }, + { + "VulnerabilityID": "CVE-2023-31437", + "PkgID": "libudev1@257.7-1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "a07a8f3a156d8dc5" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", + "Description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" + ], + "PublishedDate": "2023-06-13T17:15:14.657Z", + "LastModifiedDate": "2025-01-03T20:15:26.457Z" + }, + { + "VulnerabilityID": "CVE-2023-31438", + "PkgID": "libudev1@257.7-1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "a07a8f3a156d8dc5" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", + "Description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" + ], + "PublishedDate": "2023-06-13T17:15:14.707Z", + "LastModifiedDate": "2024-11-21T08:01:51.953Z" + }, + { + "VulnerabilityID": "CVE-2023-31439", + "PkgID": "libudev1@257.7-1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.7-1?arch=amd64\u0026distro=debian-13.0", + "UID": "a07a8f3a156d8dc5" + }, + "InstalledVersion": "257.7-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in systemd 253. An attacker can modify the con ...", + "Description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "amazon": 1, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" + ], + "PublishedDate": "2023-06-13T17:15:14.753Z", + "LastModifiedDate": "2024-11-21T08:01:52.097Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.0", + "UID": "e68ae51900aac46d" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2025-8732", + "PkgID": "libxml2@2.12.7+dfsg+really2.9.14-2.1", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1?arch=amd64\u0026distro=debian-13.0", + "UID": "254b2430aaa9a6cc" + }, + "InstalledVersion": "2.12.7+dfsg+really2.9.14-2.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:1100de33eda1f14d6e5393fc23b3af7cf071d14c6244c2329d853cee78fba0f7", + "DiffID": "sha256:d9b12e852d19f74ae98c366beb4e9e45f7d6338bb9ded408028eecabd34c6206" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8732", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "libxml2: libxml2: Uncontrolled Recursion Vulnerability", + "Description": "A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that \"[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-404", + "CWE-674" + ], + "VendorSeverity": { + "debian": 1, + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8732", + "https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8732", + "https://vuldb.com/?ctiid.319228", + "https://vuldb.com/?id.319228", + "https://vuldb.com/?submit.622285", + "https://www.cve.org/CVERecord?id=CVE-2025-8732" + ], + "PublishedDate": "2025-08-08T17:15:30.583Z", + "LastModifiedDate": "2025-08-08T20:30:18.18Z" + }, + { + "VulnerabilityID": "CVE-2013-7445", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7445", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects", + "Description": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V2Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2013-7445", + "https://bugzilla.kernel.org/show_bug.cgi?id=60533", + "https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)", + "https://nvd.nist.gov/vuln/detail/CVE-2013-7445", + "https://www.cve.org/CVERecord?id=CVE-2013-7445" + ], + "PublishedDate": "2015-10-16T01:59:00.12Z", + "LastModifiedDate": "2025-04-12T10:46:40.837Z" + }, + { + "VulnerabilityID": "CVE-2019-19449", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19449", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c", + "Description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-19449", + "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449", + "https://nvd.nist.gov/vuln/detail/CVE-2019-19449", + "https://security.netapp.com/advisory/ntap-20200103-0001/", + "https://ubuntu.com/security/notices/USN-5120-1", + "https://ubuntu.com/security/notices/USN-5136-1", + "https://ubuntu.com/security/notices/USN-5137-1", + "https://ubuntu.com/security/notices/USN-5137-2", + "https://ubuntu.com/security/notices/USN-5343-1", + "https://www.cve.org/CVERecord?id=CVE-2019-19449" + ], + "PublishedDate": "2019-12-08T02:15:09.97Z", + "LastModifiedDate": "2024-11-21T04:34:45.337Z" + }, + { + "VulnerabilityID": "CVE-2019-19814", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19814", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c", + "Description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 9.3, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-19814", + "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814", + "https://nvd.nist.gov/vuln/detail/CVE-2019-19814", + "https://security.netapp.com/advisory/ntap-20200103-0001/", + "https://www.cve.org/CVERecord?id=CVE-2019-19814" + ], + "PublishedDate": "2019-12-17T06:15:12.843Z", + "LastModifiedDate": "2024-11-21T04:35:26.68Z" + }, + { + "VulnerabilityID": "CVE-2021-3847", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3847", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: low-privileged user privileges escalation", + "Description": "An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-281" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3847", + "https://bugzilla.redhat.com/show_bug.cgi?id=2009704", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3847", + "https://www.cve.org/CVERecord?id=CVE-2021-3847", + "https://www.openwall.com/lists/oss-security/2021/10/14/3" + ], + "PublishedDate": "2022-04-01T23:15:10.597Z", + "LastModifiedDate": "2024-11-21T06:22:38.597Z" + }, + { + "VulnerabilityID": "CVE-2021-3864", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3864", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: descendant's dumpable setting with certain SUID binaries", + "Description": "A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-284" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3864", + "https://bugzilla.redhat.com/show_bug.cgi?id=2015046", + "https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/", + "https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com", + "https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/", + "https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/", + "https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/", + "https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3864", + "https://security-tracker.debian.org/tracker/CVE-2021-3864", + "https://www.cve.org/CVERecord?id=CVE-2021-3864", + "https://www.openwall.com/lists/oss-security/2021/10/20/2" + ], + "PublishedDate": "2022-08-26T16:15:09.68Z", + "LastModifiedDate": "2024-11-21T06:22:41.197Z" + }, + { + "VulnerabilityID": "CVE-2024-21803", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21803", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c", + "Description": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 3, + "cbl-mariner": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-21803", + "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081", + "https://nvd.nist.gov/vuln/detail/CVE-2024-21803", + "https://www.cve.org/CVERecord?id=CVE-2024-21803" + ], + "PublishedDate": "2024-01-30T08:15:41.373Z", + "LastModifiedDate": "2025-08-15T20:31:42.717Z" + }, + { + "VulnerabilityID": "CVE-2025-21709", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21709", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: kernel: be more careful about dup_mmap() failures and uprobe registering", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel: be more careful about dup_mmap() failures and uprobe registering\n\nIf a memory allocation fails during dup_mmap(), the maple tree can be left\nin an unsafe state for other iterators besides the exit path. All the\nlocks are dropped before the exit_mmap() call (in mm/mmap.c), but the\nincomplete mm_struct can be reached through (at least) the rmap finding\nthe vmas which have a pointer back to the mm_struct.\n\nUp to this point, there have been no issues with being able to find an\nmm_struct that was only partially initialised. Syzbot was able to make\nthe incomplete mm_struct fail with recent forking changes, so it has been\nproven unsafe to use the mm_struct that hasn't been initialised, as\nreferenced in the link below.\n\nAlthough 8ac662f5da19f (\"fork: avoid inappropriate uprobe access to\ninvalid mm\") fixed the uprobe access, it does not completely remove the\nrace.\n\nThis patch sets the MMF_OOM_SKIP to avoid the iteration of the vmas on the\noom side (even though this is extremely unlikely to be selected as an oom\nvictim in the race window), and sets MMF_UNSTABLE to avoid other potential\nusers from using a partially initialised mm_struct.\n\nWhen registering vmas for uprobe, skip the vmas in an mm that is marked\nunstable. Modifying a vma in an unstable mm may cause issues if the mm\nisn't fully initialised.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21709", + "https://git.kernel.org/linus/64c37e134b120fb462fb4a80694bfb8e7be77b14 (6.14-rc1)", + "https://git.kernel.org/stable/c/64c37e134b120fb462fb4a80694bfb8e7be77b14", + "https://git.kernel.org/stable/c/da139948aeda677ac09cc0e7d837f8a314de7d55", + "https://lore.kernel.org/linux-cve-announce/2025022643-CVE-2025-21709-e967@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21709", + "https://www.cve.org/CVERecord?id=CVE-2025-21709" + ], + "PublishedDate": "2025-02-27T02:15:14.56Z", + "LastModifiedDate": "2025-02-27T02:15:14.56Z" + }, + { + "VulnerabilityID": "CVE-2025-22104", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22104", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ibmvnic: Use kernel helpers for hex dumps", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n ibmvnic 30000003 env3: Login Buffer:\n ibmvnic 30000003 env3: 01000000af000000\n \u003c...\u003e\n ibmvnic 30000003 env3: 2e6d62692e736261\n ibmvnic 30000003 env3: 65050003006d6f63\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n \u003c...\u003e\n Allocated by task 17681:\n \u003c...\u003e\n ibmvnic_login+0x2f0/0xffc [ibmvnic]\n ibmvnic_open+0x148/0x308 [ibmvnic]\n __dev_open+0x1ac/0x304\n \u003c...\u003e\n The buggy address is located 168 bytes inside of\n allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n \u003c...\u003e\n =================================================================\n ibmvnic 30000003 env3: 000000000033766e", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "oracle-oval": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:9302", + "https://access.redhat.com/security/cve/CVE-2025-22104", + "https://bugzilla.redhat.com/2355415", + "https://bugzilla.redhat.com/2356618", + "https://bugzilla.redhat.com/2360265", + "https://bugzilla.redhat.com/2363268", + "https://bugzilla.redhat.com/2363305", + "https://errata.almalinux.org/9/ALSA-2025-9302.html", + "https://git.kernel.org/linus/d93a6caab5d7d9b5ce034d75b1e1e993338e3852 (6.15-rc1)", + "https://git.kernel.org/stable/c/ae6b1d6c1acee3a2000394d83ec9f1028321e207", + "https://git.kernel.org/stable/c/d93a6caab5d7d9b5ce034d75b1e1e993338e3852", + "https://linux.oracle.com/cve/CVE-2025-22104.html", + "https://linux.oracle.com/errata/ELSA-2025-9896.html", + "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22104-0a82@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22104", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22104" + ], + "PublishedDate": "2025-04-16T15:16:04.733Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22113", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22113", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ext4: avoid journaling sb update on error if journal is destroying", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid journaling sb update on error if journal is destroying\n\nPresently we always BUG_ON if trying to start a transaction on a journal marked\nwith JBD2_UNMOUNT, since this should never happen. However, while ltp running\nstress tests, it was observed that in case of some error handling paths, it is\npossible for update_super_work to start a transaction after the journal is\ndestroyed eg:\n\n(umount)\next4_kill_sb\n kill_block_super\n generic_shutdown_super\n sync_filesystem /* commits all txns */\n evict_inodes\n /* might start a new txn */\n ext4_put_super\n\tflush_work(\u0026sbi-\u003es_sb_upd_work) /* flush the workqueue */\n jbd2_journal_destroy\n journal_kill_thread\n journal-\u003ej_flags |= JBD2_UNMOUNT;\n jbd2_journal_commit_transaction\n jbd2_journal_get_descriptor_buffer\n jbd2_journal_bmap\n ext4_journal_bmap\n ext4_map_blocks\n ...\n ext4_inode_error\n ext4_handle_error\n schedule_work(\u0026sbi-\u003es_sb_upd_work)\n\n /* work queue kicks in */\n update_super_work\n jbd2_journal_start\n start_this_handle\n BUG_ON(journal-\u003ej_flags \u0026\n JBD2_UNMOUNT)\n\nHence, introduce a new mount flag to indicate journal is destroying and only do\na journaled (and deferred) update of sb if this flag is not set. Otherwise, just\nfallback to an un-journaled commit.\n\nFurther, in the journal destroy path, we have the following sequence:\n\n 1. Set mount flag indicating journal is destroying\n 2. force a commit and wait for it\n 3. flush pending sb updates\n\nThis sequence is important as it ensures that, after this point, there is no sb\nupdate that might be journaled so it is safe to update the sb outside the\njournal. (To avoid race discussed in 2d01ddc86606)\n\nAlso, we don't need a similar check in ext4_grp_locked_error since it is only\ncalled from mballoc and AFAICT it would be always valid to schedule work here.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "oracle-oval": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11861", + "https://access.redhat.com/security/cve/CVE-2025-22113", + "https://bugzilla.redhat.com/2348599", + "https://bugzilla.redhat.com/2356613", + "https://bugzilla.redhat.com/2360186", + "https://bugzilla.redhat.com/2360199", + "https://bugzilla.redhat.com/2360212", + "https://bugzilla.redhat.com/2360219", + "https://bugzilla.redhat.com/2363672", + "https://bugzilla.redhat.com/2367572", + "https://bugzilla.redhat.com/2375305", + "https://bugzilla.redhat.com/2376035", + "https://errata.almalinux.org/9/ALSA-2025-11861.html", + "https://git.kernel.org/linus/ce2f26e73783b4a7c46a86e3af5b5c8de0971790 (6.15-rc1)", + "https://git.kernel.org/stable/c/ce2f26e73783b4a7c46a86e3af5b5c8de0971790", + "https://git.kernel.org/stable/c/db05767b5bc307143d99fe2afd8c43af58d2ebef", + "https://linux.oracle.com/cve/CVE-2025-22113.html", + "https://linux.oracle.com/errata/ELSA-2025-12662.html", + "https://lore.kernel.org/linux-cve-announce/2025041625-CVE-2025-22113-34cd@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22113", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22113" + ], + "PublishedDate": "2025-04-16T15:16:05.523Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22121", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22121", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()\n\nThere's issue as follows:\nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790\nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172\n\nCPU: 3 PID: 15172 Comm: syz-executor.0\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0xbe/0xfd lib/dump_stack.c:123\n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137\n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896\n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323\n evict+0x39f/0x880 fs/inode.c:622\n iput_final fs/inode.c:1746 [inline]\n iput fs/inode.c:1772 [inline]\n iput+0x525/0x6c0 fs/inode.c:1758\n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]\n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300\n mount_bdev+0x355/0x410 fs/super.c:1446\n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611\n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576\n do_new_mount fs/namespace.c:2983 [inline]\n path_mount+0x119a/0x1ad0 fs/namespace.c:3316\n do_mount+0xfc/0x110 fs/namespace.c:3329\n __do_sys_mount fs/namespace.c:3540 [inline]\n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nMemory state around the buggy address:\n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\u003effff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ^\n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nAbove issue happens as ext4_xattr_delete_inode() isn't check xattr\nis valid if xattr is in inode.\nTo solve above issue call xattr_check_inode() check if xattr if valid\nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),\nso that there is no divergent verification.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "oracle-oval": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11861", + "https://access.redhat.com/security/cve/CVE-2025-22121", + "https://bugzilla.redhat.com/2348599", + "https://bugzilla.redhat.com/2356613", + "https://bugzilla.redhat.com/2360186", + "https://bugzilla.redhat.com/2360199", + "https://bugzilla.redhat.com/2360212", + "https://bugzilla.redhat.com/2360219", + "https://bugzilla.redhat.com/2363672", + "https://bugzilla.redhat.com/2367572", + "https://bugzilla.redhat.com/2375305", + "https://bugzilla.redhat.com/2376035", + "https://errata.almalinux.org/9/ALSA-2025-11861.html", + "https://git.kernel.org/linus/5701875f9609b000d91351eaa6bfd97fe2f157f4 (6.15-rc1)", + "https://git.kernel.org/stable/c/0c8fbb6ffb3c8f5164572ca88e4ccb6cd6a41ca8", + "https://git.kernel.org/stable/c/5701875f9609b000d91351eaa6bfd97fe2f157f4", + "https://linux.oracle.com/cve/CVE-2025-22121.html", + "https://linux.oracle.com/errata/ELSA-2025-11861.html", + "https://lore.kernel.org/linux-cve-announce/2025041628-CVE-2025-22121-52fd@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22121", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22121" + ], + "PublishedDate": "2025-04-16T15:16:06.277Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-37825", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37825", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: nvmet: fix out-of-bounds access in nvmet_enable_port", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix out-of-bounds access in nvmet_enable_port\n\nWhen trying to enable a port that has no transport configured yet,\nnvmet_enable_port() uses NVMF_TRTYPE_MAX (255) to query the transports\narray, causing an out-of-bounds access:\n\n[ 106.058694] BUG: KASAN: global-out-of-bounds in nvmet_enable_port+0x42/0x1da\n[ 106.058719] Read of size 8 at addr ffffffff89dafa58 by task ln/632\n[...]\n[ 106.076026] nvmet: transport type 255 not supported\n\nSince commit 200adac75888, NVMF_TRTYPE_MAX is the default state as configured by\nnvmet_ports_make().\nAvoid this by checking for NVMF_TRTYPE_MAX before proceeding.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37825", + "https://git.kernel.org/linus/3d7aa0c7b4e96cd460826d932e44710cdeb3378b (6.15-rc4)", + "https://git.kernel.org/stable/c/3d7aa0c7b4e96cd460826d932e44710cdeb3378b", + "https://git.kernel.org/stable/c/83c00860a37b3fcba8026cb344101f1b8af547cf", + "https://lore.kernel.org/linux-cve-announce/2025050822-CVE-2025-37825-547b@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37825", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-37825" + ], + "PublishedDate": "2025-05-08T07:15:53.747Z", + "LastModifiedDate": "2025-05-08T14:39:09.683Z" + }, + { + "VulnerabilityID": "CVE-2025-37906", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37906", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd\n\nublk_cancel_cmd() calls io_uring_cmd_done() to complete uring_cmd, but\nwe may have scheduled task work via io_uring_cmd_complete_in_task() for\ndispatching request, then kernel crash can be triggered.\n\nFix it by not trying to canceling the command if ublk block request is\nstarted.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37906", + "https://git.kernel.org/linus/f40139fde5278d81af3227444fd6e76a76b9506d (6.15-rc4)", + "https://git.kernel.org/stable/c/f40139fde5278d81af3227444fd6e76a76b9506d", + "https://git.kernel.org/stable/c/fb2eb9ddf556f93fef45201e1f9d2b8674bcc975", + "https://lore.kernel.org/linux-cve-announce/2025052057-CVE-2025-37906-0bd6@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37906", + "https://ubuntu.com/security/notices/USN-7649-1", + "https://ubuntu.com/security/notices/USN-7649-2", + "https://ubuntu.com/security/notices/USN-7650-1", + "https://ubuntu.com/security/notices/USN-7665-1", + "https://ubuntu.com/security/notices/USN-7665-2", + "https://www.cve.org/CVERecord?id=CVE-2025-37906" + ], + "PublishedDate": "2025-05-20T16:15:27.07Z", + "LastModifiedDate": "2025-05-21T20:25:16.407Z" + }, + { + "VulnerabilityID": "CVE-2025-38029", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38029", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: kasan: avoid sleepable page allocation from atomic context", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: avoid sleepable page allocation from atomic context\n\napply_to_pte_range() enters the lazy MMU mode and then invokes\nkasan_populate_vmalloc_pte() callback on each page table walk iteration. \nHowever, the callback can go into sleep when trying to allocate a single\npage, e.g. if an architecutre disables preemption on lazy MMU mode enter.\n\nOn s390 if make arch_enter_lazy_mmu_mode() -\u003e preempt_enable() and\narch_leave_lazy_mmu_mode() -\u003e preempt_disable(), such crash occurs:\n\n[ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321\n[ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\n[ 0.663358] preempt_count: 1, expected: 0\n[ 0.663366] RCU nest depth: 0, expected: 0\n[ 0.663375] no locks held by kthreadd/2.\n[ 0.663383] Preemption disabled at:\n[ 0.663386] [\u003c0002f3284cbb4eda\u003e] apply_to_pte_range+0xfa/0x4a0\n[ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT\n[ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux)\n[ 0.663409] Call Trace:\n[ 0.663410] [\u003c0002f3284c385f58\u003e] dump_stack_lvl+0xe8/0x140\n[ 0.663413] [\u003c0002f3284c507b9e\u003e] __might_resched+0x66e/0x700\n[ 0.663415] [\u003c0002f3284cc4f6c0\u003e] __alloc_frozen_pages_noprof+0x370/0x4b0\n[ 0.663419] [\u003c0002f3284ccc73c0\u003e] alloc_pages_mpol+0x1a0/0x4a0\n[ 0.663421] [\u003c0002f3284ccc8518\u003e] alloc_frozen_pages_noprof+0x88/0xc0\n[ 0.663424] [\u003c0002f3284ccc8572\u003e] alloc_pages_noprof+0x22/0x120\n[ 0.663427] [\u003c0002f3284cc341ac\u003e] get_free_pages_noprof+0x2c/0xc0\n[ 0.663429] [\u003c0002f3284cceba70\u003e] kasan_populate_vmalloc_pte+0x50/0x120\n[ 0.663433] [\u003c0002f3284cbb4ef8\u003e] apply_to_pte_range+0x118/0x4a0\n[ 0.663435] [\u003c0002f3284cbc7c14\u003e] apply_to_pmd_range+0x194/0x3e0\n[ 0.663437] [\u003c0002f3284cbc99be\u003e] __apply_to_page_range+0x2fe/0x7a0\n[ 0.663440] [\u003c0002f3284cbc9e88\u003e] apply_to_page_range+0x28/0x40\n[ 0.663442] [\u003c0002f3284ccebf12\u003e] kasan_populate_vmalloc+0x82/0xa0\n[ 0.663445] [\u003c0002f3284cc1578c\u003e] alloc_vmap_area+0x34c/0xc10\n[ 0.663448] [\u003c0002f3284cc1c2a6\u003e] __get_vm_area_node+0x186/0x2a0\n[ 0.663451] [\u003c0002f3284cc1e696\u003e] __vmalloc_node_range_noprof+0x116/0x310\n[ 0.663454] [\u003c0002f3284cc1d950\u003e] __vmalloc_node_noprof+0xd0/0x110\n[ 0.663457] [\u003c0002f3284c454b88\u003e] alloc_thread_stack_node+0xf8/0x330\n[ 0.663460] [\u003c0002f3284c458d56\u003e] dup_task_struct+0x66/0x4d0\n[ 0.663463] [\u003c0002f3284c45be90\u003e] copy_process+0x280/0x4b90\n[ 0.663465] [\u003c0002f3284c460940\u003e] kernel_clone+0xd0/0x4b0\n[ 0.663467] [\u003c0002f3284c46115e\u003e] kernel_thread+0xbe/0xe0\n[ 0.663469] [\u003c0002f3284c4e440e\u003e] kthreadd+0x50e/0x7f0\n[ 0.663472] [\u003c0002f3284c38c04a\u003e] __ret_from_fork+0x8a/0xf0\n[ 0.663475] [\u003c0002f3284ed57ff2\u003e] ret_from_fork+0xa/0x38\n\nInstead of allocating single pages per-PTE, bulk-allocate the shadow\nmemory prior to applying kasan_populate_vmalloc_pte() callback on a page\nrange.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38029", + "https://git.kernel.org/linus/b6ea95a34cbd014ab6ade4248107b86b0aaf2d6c (6.15)", + "https://git.kernel.org/stable/c/6748dd09196248b985cca39eaf651d5317271977", + "https://git.kernel.org/stable/c/b6ea95a34cbd014ab6ade4248107b86b0aaf2d6c", + "https://lore.kernel.org/linux-cve-announce/2025061824-CVE-2025-38029-47a6@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38029", + "https://www.cve.org/CVERecord?id=CVE-2025-38029" + ], + "PublishedDate": "2025-06-18T10:15:34.97Z", + "LastModifiedDate": "2025-06-18T13:46:52.973Z" + }, + { + "VulnerabilityID": "CVE-2025-38036", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38036", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/xe/vf: Perform early GT MMIO initialization to read GMDID", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Perform early GT MMIO initialization to read GMDID\n\nVFs need to communicate with the GuC to obtain the GMDID value\nand existing GuC functions used for that assume that the GT has\nit's MMIO members already setup. However, due to recent refactoring\nthe gt-\u003emmio is initialized later, and any attempt by the VF to use\nxe_mmio_read|write() from GuC functions will lead to NPD crash due\nto unset MMIO register address:\n\n[] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode\n[] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507\n[] BUG: unable to handle page fault for address: 0000000000190240\n\nSince we are already tweaking the id and type of the primary GT to\nmimic it's a Media GT before initializing the GuC communication,\nwe can also call xe_gt_mmio_init() to perform early setup of the\ngt-\u003emmio which will make those GuC functions work again.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38036", + "https://git.kernel.org/linus/13265fe7426ec9ba5aa86baab913417ca361e8a4 (6.15-rc1)", + "https://git.kernel.org/stable/c/13265fe7426ec9ba5aa86baab913417ca361e8a4", + "https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2", + "https://lore.kernel.org/linux-cve-announce/2025061826-CVE-2025-38036-0063@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38036", + "https://www.cve.org/CVERecord?id=CVE-2025-38036" + ], + "PublishedDate": "2025-06-18T10:15:35.897Z", + "LastModifiedDate": "2025-06-18T13:46:52.973Z" + }, + { + "VulnerabilityID": "CVE-2025-38041", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38041", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h616: Reparent GPU clock during frequency changes\n\nThe H616 manual does not state that the GPU PLL supports\ndynamic frequency configuration, so we must take extra care when changing\nthe frequency. Currently any attempt to do device DVFS on the GPU lead\nto panfrost various ooops, and GPU hangs.\n\nThe manual describes the algorithm for changing the PLL\nfrequency, which the CPU PLL notifier code already support, so we reuse\nthat to reparent the GPU clock to GPU1 clock during frequency\nchanges.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38041", + "https://git.kernel.org/linus/eb963d7948ce6571939c6875424b557b25f16610 (6.15-rc1)", + "https://git.kernel.org/stable/c/1439673b78185eaaa5fae444b3a9d58c434ee78e", + "https://git.kernel.org/stable/c/eb963d7948ce6571939c6875424b557b25f16610", + "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2025-38041-7d47@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38041", + "https://www.cve.org/CVERecord?id=CVE-2025-38041" + ], + "PublishedDate": "2025-06-18T10:15:36.533Z", + "LastModifiedDate": "2025-06-18T13:46:52.973Z" + }, + { + "VulnerabilityID": "CVE-2025-38042", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38042", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn\n\nThe user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can\nrun on multiple platforms having different DMA architectures.\nOn some platforms there can be one FDQ for all flows in the RX channel\nwhile for others there is a separate FDQ for each flow in the RX channel.\n\nSo far we have been relying on the skip_fdq argument of\nk3_udma_glue_reset_rx_chn().\n\nInstead of relying on the user to provide this information, infer it\nbased on DMA architecture during k3_udma_glue_request_rx_chn() and save it\nin an internal flag 'single_fdq'. Use that flag at\nk3_udma_glue_reset_rx_chn() to deicide if the FDQ needs\nto be cleared for every flow or just for flow 0.\n\nFixes the below issue on ti_am65_cpsw_nuss driver on AM62-SK.\n\n\u003e ip link set eth1 down\n\u003e ip link set eth0 down\n\u003e ethtool -L eth0 rx 8\n\u003e ip link set eth0 up\n\u003e modprobe -r ti_am65_cpsw_nuss\n\n[ 103.045726] ------------[ cut here ]------------\n[ 103.050505] k3_knav_desc_pool size 512000 != avail 64000\n[ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas\np drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r\nfkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool]\n[ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011\n[ 103.119968] Hardware name: Texas Instruments AM625 SK (DT)\n[ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.154709] sp : ffff8000826ebbc0\n[ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000\n[ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0\n[ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88\n[ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000\n[ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde\n[ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000\n[ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20\n[ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100\n[ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000\n[ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000\n[ 103.229274] Call trace:\n[ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P)\n[ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss]\n[ 103.244942] devm_action_release+0x14/0x20\n[ 103.249040] release_nodes+0x3c/0x68\n[ 103.252610] devres_release_all+0x8c/0xdc\n[ 103.256614] device_unbind_cleanup+0x18/0x60\n[ 103.260876] device_release_driver_internal+0xf8/0x178\n[ 103.266004] driver_detach+0x50/0x9c\n[ 103.269571] bus_remove_driver+0x6c/0xbc\n[ 103.273485] driver_unregister+0x30/0x60\n[ 103.277401] platform_driver_unregister+0x14/0x20\n[ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss]\n[ 103.288620] __arm64_sys_delete_module+0x17c/0x25c\n[ 103.293404] invoke_syscall+0x44/0x100\n[ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0\n[ 103.301845] do_el0_svc+0x1c/0x28\n[ 103.305155] el0_svc+0x28/0x98\n---truncated---", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38042", + "https://git.kernel.org/linus/0da30874729baeb01889b0eca16cfda122687503 (6.15-rc1)", + "https://git.kernel.org/stable/c/0da30874729baeb01889b0eca16cfda122687503", + "https://git.kernel.org/stable/c/d0dd9d133ef8fdc894e0be9aa27dc49ef5f813cb", + "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2025-38042-6f41@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38042", + "https://www.cve.org/CVERecord?id=CVE-2025-38042" + ], + "PublishedDate": "2025-06-18T10:15:36.657Z", + "LastModifiedDate": "2025-06-18T13:46:52.973Z" + }, + { + "VulnerabilityID": "CVE-2025-38064", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38064", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: virtio: break and reset virtio devices on device_shutdown()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region '(null)', reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38064", + "https://git.kernel.org/linus/8bd2fa086a04886798b505f28db4002525895203 (6.15-rc1)", + "https://git.kernel.org/stable/c/8bd2fa086a04886798b505f28db4002525895203", + "https://git.kernel.org/stable/c/aee42f3d57bfa37b2716df4584edeecf63b9df4c", + "https://lore.kernel.org/linux-cve-announce/2025061836-CVE-2025-38064-8108@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38064", + "https://www.cve.org/CVERecord?id=CVE-2025-38064" + ], + "PublishedDate": "2025-06-18T10:15:39.34Z", + "LastModifiedDate": "2025-06-18T13:46:52.973Z" + }, + { + "VulnerabilityID": "CVE-2025-38105", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38105", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ALSA: usb-audio: Kill timer properly at removal", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we're at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38105", + "https://git.kernel.org/linus/0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1 (6.16-rc1)", + "https://git.kernel.org/stable/c/0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1", + "https://git.kernel.org/stable/c/62066758d2ae169278e5d6aea5995b1b6f6ddeb5", + "https://lore.kernel.org/linux-cve-announce/2025070322-CVE-2025-38105-dfcf@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38105", + "https://www.cve.org/CVERecord?id=CVE-2025-38105" + ], + "PublishedDate": "2025-07-03T09:15:23.997Z", + "LastModifiedDate": "2025-07-03T15:13:53.147Z" + }, + { + "VulnerabilityID": "CVE-2025-38137", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38137", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\n\nIt's possible to trigger use-after-free here by:\n\n (a) forcing rescan_work_func() to take a long time and\n (b) utilizing a pwrctrl driver that may be unloaded for some reason\n\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n\n[bhelgaas: tidy commit log]", + "Severity": "HIGH", + "VendorSeverity": { + "oracle-oval": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38137", + "https://git.kernel.org/linus/8b926f237743f020518162c62b93cb7107a2b5eb (6.16-rc1)", + "https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb", + "https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5", + "https://linux.oracle.com/cve/CVE-2025-38137.html", + "https://linux.oracle.com/errata/ELSA-2025-13598.html", + "https://lore.kernel.org/linux-cve-announce/2025070332-CVE-2025-38137-d4bf@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38137", + "https://www.cve.org/CVERecord?id=CVE-2025-38137" + ], + "PublishedDate": "2025-07-03T09:15:28.24Z", + "LastModifiedDate": "2025-07-03T15:13:53.147Z" + }, + { + "VulnerabilityID": "CVE-2025-38140", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38140", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: dm: limit swapping tables for devices with zone write plugs", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: limit swapping tables for devices with zone write plugs\n\ndm_revalidate_zones() only allowed new or previously unzoned devices to\ncall blk_revalidate_disk_zones(). If the device was already zoned,\ndisk-\u003enr_zones would always equal md-\u003enr_zones, so dm_revalidate_zones()\nreturned without doing any work. This would make the zoned settings for\nthe device not match the new table. If the device had zone write plug\nresources, it could run into errors like bdev_zone_is_seq() reading\ninvalid memory because disk-\u003econv_zones_bitmap was the wrong size.\n\nIf the device doesn't have any zone write plug resources, calling\nblk_revalidate_disk_zones() will always correctly update device. If\nblk_revalidate_disk_zones() fails, it can still overwrite or clear the\ncurrent disk-\u003enr_zones value. In this case, DM must restore the previous\nvalue of disk-\u003enr_zones, so that the zoned settings will continue to\nmatch the previous value that it fell back to.\n\nIf the device already has zone write plug resources,\nblk_revalidate_disk_zones() will not correctly update them, if it is\ncalled for arbitrary zoned device changes. Since there is not much need\nfor this ability, the easiest solution is to disallow any table reloads\nthat change the zoned settings, for devices that already have zone plug\nresources. Specifically, if a device already has zone plug resources\nallocated, it can only switch to another zoned table that also emulates\nzone append. Also, it cannot change the device size or the zone size. A\ndevice can switch to an error target.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38140", + "https://git.kernel.org/linus/121218bef4c1df165181f5cd8fc3a2246bac817e (6.16-rc1)", + "https://git.kernel.org/stable/c/121218bef4c1df165181f5cd8fc3a2246bac817e", + "https://git.kernel.org/stable/c/ac8acb0bfd98a1c65f3ca9a3e217a766124eebd8", + "https://lore.kernel.org/linux-cve-announce/2025070333-CVE-2025-38140-0ba9@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38140", + "https://www.cve.org/CVERecord?id=CVE-2025-38140" + ], + "PublishedDate": "2025-07-03T09:15:28.617Z", + "LastModifiedDate": "2025-07-03T15:13:53.147Z" + }, + { + "VulnerabilityID": "CVE-2025-38248", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38248", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: bridge: mcast: Fix use-after-free during router port configuration", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38248", + "https://git.kernel.org/linus/7544f3f5b0b58c396f374d060898b5939da31709 (6.16-rc4)", + "https://git.kernel.org/stable/c/7544f3f5b0b58c396f374d060898b5939da31709", + "https://git.kernel.org/stable/c/f05a4f9e959e0fc098046044c650acf897ea52d2", + "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38248-003c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38248", + "https://www.cve.org/CVERecord?id=CVE-2025-38248" + ], + "PublishedDate": "2025-07-09T11:15:26.963Z", + "LastModifiedDate": "2025-07-10T13:17:30.017Z" + }, + { + "VulnerabilityID": "CVE-2025-38306", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38306", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: fs/fhandle.c: fix a race in call of has_locked_children()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/fhandle.c: fix a race in call of has_locked_children()\n\nmay_decode_fh() is calling has_locked_children() while holding no locks.\nThat's an oopsable race...\n\nThe rest of the callers are safe since they are holding namespace_sem and\nare guaranteed a positive refcount on the mount in question.\n\nRename the current has_locked_children() to __has_locked_children(), make\nit static and switch the fs/namespace.c users to it.\n\nMake has_locked_children() a wrapper for __has_locked_children(), calling\nthe latter under read_seqlock_excl(\u0026mount_lock).", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38306", + "https://git.kernel.org/linus/1f282cdc1d219c4a557f7009e81bc792820d9d9a (6.16-rc1)", + "https://git.kernel.org/stable/c/1f282cdc1d219c4a557f7009e81bc792820d9d9a", + "https://git.kernel.org/stable/c/287c7d34eedd37af1272dfb3b6e8656f4f026424", + "https://lore.kernel.org/linux-cve-announce/2025071014-CVE-2025-38306-66ae@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38306", + "https://www.cve.org/CVERecord?id=CVE-2025-38306" + ], + "PublishedDate": "2025-07-10T08:15:29.44Z", + "LastModifiedDate": "2025-07-10T13:17:30.017Z" + }, + { + "VulnerabilityID": "CVE-2025-38311", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38311", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: iavf: get rid of the crit lock", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: get rid of the crit lock\n\nGet rid of the crit lock.\nThat frees us from the error prone logic of try_locks.\n\nThanks to netdev_lock() by Jakub it is now easy, and in most cases we were\nprotected by it already - replace crit lock by netdev lock when it was not\nthe case.\n\nLockdep reports that we should cancel the work under crit_lock [splat1],\nand that was the scheme we have mostly followed since [1] by Slawomir.\nBut when that is done we still got into deadlocks [splat2]. So instead\nwe should look at the bigger problem, namely \"weird locking/scheduling\"\nof the iavf. The first step to fix that is to remove the crit lock.\nI will followup with a -next series that simplifies scheduling/tasks.\n\nCancel the work without netdev lock (weird unlock+lock scheme),\nto fix the [splat2] (which would be totally ugly if we would kept\nthe crit lock).\n\nExtend protected part of iavf_watchdog_task() to include scheduling\nmore work.\n\nNote that the removed comment in iavf_reset_task() was misplaced,\nit belonged to inside of the removed if condition, so it's gone now.\n\n[splat1] - w/o this patch - The deadlock during VF removal:\n WARNING: possible circular locking dependency detected\n sh/3825 is trying to acquire lock:\n ((work_completion)(\u0026(\u0026adapter-\u003ewatchdog_task)-\u003ework)){+.+.}-{0:0}, at: start_flush_work+0x1a1/0x470\n but task is already holding lock:\n (\u0026adapter-\u003ecrit_lock){+.+.}-{4:4}, at: iavf_remove+0xd1/0x690 [iavf]\n which lock already depends on the new lock.\n\n[splat2] - when cancelling work under crit lock, w/o this series,\n\t see [2] for the band aid attempt\n WARNING: possible circular locking dependency detected\n sh/3550 is trying to acquire lock:\n ((wq_completion)iavf){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x26/0x90\n but task is already holding lock:\n (\u0026dev-\u003elock){+.+.}-{4:4}, at: iavf_remove+0xa6/0x6e0 [iavf]\n which lock already depends on the new lock.\n\n[1] fc2e6b3b132a (\"iavf: Rework mutexes for better synchronisation\")\n[2] https://github.com/pkitszel/linux/commit/52dddbfc2bb60294083f5711a158a", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38311", + "https://git.kernel.org/linus/120f28a6f314fef7f282c99f196923fe44081cad (6.16-rc1)", + "https://git.kernel.org/stable/c/120f28a6f314fef7f282c99f196923fe44081cad", + "https://git.kernel.org/stable/c/620ab4d6215de0b25227f9fff1a8c7fb66837cb8", + "https://lore.kernel.org/linux-cve-announce/2025071015-CVE-2025-38311-2a53@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38311", + "https://www.cve.org/CVERecord?id=CVE-2025-38311" + ], + "PublishedDate": "2025-07-10T08:15:30.01Z", + "LastModifiedDate": "2025-07-10T13:17:30.017Z" + }, + { + "VulnerabilityID": "CVE-2025-38322", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38322", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: perf/x86/intel: Fix crash in icl_update_topdown_event()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Fix crash in icl_update_topdown_event()\n\nThe perf_fuzzer found a hard-lockup crash on a RaptorLake machine:\n\n Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000\n CPU: 23 UID: 0 PID: 0 Comm: swapper/23\n Tainted: [W]=WARN\n Hardware name: Dell Inc. Precision 9660/0VJ762\n RIP: 0010:native_read_pmc+0x7/0x40\n Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ...\n RSP: 000:fffb03100273de8 EFLAGS: 00010046\n ....\n Call Trace:\n \u003cTASK\u003e\n icl_update_topdown_event+0x165/0x190\n ? ktime_get+0x38/0xd0\n intel_pmu_read_event+0xf9/0x210\n __perf_event_read+0xf9/0x210\n\nCPUs 16-23 are E-core CPUs that don't support the perf metrics feature.\nThe icl_update_topdown_event() should not be invoked on these CPUs.\n\nIt's a regression of commit:\n\n f9bdf1f95339 (\"perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read\")\n\nThe bug introduced by that commit is that the is_topdown_event() function\nis mistakenly used to replace the is_topdown_count() call to check if the\ntopdown functions for the perf metrics feature should be invoked.\n\nFix it.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38322", + "https://git.kernel.org/linus/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed (6.16-rc3)", + "https://git.kernel.org/stable/c/79e2dd573116d3338507c311460da9669095c94d", + "https://git.kernel.org/stable/c/a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f", + "https://git.kernel.org/stable/c/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed", + "https://lore.kernel.org/linux-cve-announce/2025071031-CVE-2025-38322-810a@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38322", + "https://www.cve.org/CVERecord?id=CVE-2025-38322" + ], + "PublishedDate": "2025-07-10T09:15:26.24Z", + "LastModifiedDate": "2025-08-01T09:15:32.753Z" + }, + { + "VulnerabilityID": "CVE-2025-38349", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38349", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: eventpoll: don't decrement ep refcount while still holding the ep mutex", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don't decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That's very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it's wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we're\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it's not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren't the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the 'ep' as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn't need mutex protection (that's\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38349", + "https://git.kernel.org/linus/8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2 (6.16-rc6)", + "https://git.kernel.org/stable/c/521e9ff0b67c66a17d6f9593dfccafaa984aae4c", + "https://git.kernel.org/stable/c/605c18698ecfa99165f36b7f59d3ed503e169814", + "https://git.kernel.org/stable/c/6dee745bd0aec9d399df674256e7b1ecdb615444", + "https://git.kernel.org/stable/c/8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2", + "https://lore.kernel.org/linux-cve-announce/2025071819-CVE-2025-38349-ee39@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38349", + "https://www.cve.org/CVERecord?id=CVE-2025-38349" + ], + "PublishedDate": "2025-07-18T08:15:27.543Z", + "LastModifiedDate": "2025-07-22T13:06:27.983Z" + }, + { + "VulnerabilityID": "CVE-2025-38351", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38351", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush\n\nIn KVM guests with Hyper-V hypercalls enabled, the hypercalls\nHVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX\nallow a guest to request invalidation of portions of a virtual TLB.\nFor this, the hypercall parameter includes a list of GVAs that are supposed\nto be invalidated.\n\nHowever, when non-canonical GVAs are passed, there is currently no\nfiltering in place and they are eventually passed to checked invocations of\nINVVPID on Intel / INVLPGA on AMD. While AMD's INVLPGA silently ignores\nnon-canonical addresses (effectively a no-op), Intel's INVVPID explicitly\nsignals VM-Fail and ultimately triggers the WARN_ONCE in invvpid_error():\n\n invvpid failed: ext=0x0 vpid=1 gva=0xaaaaaaaaaaaaa000\n WARNING: CPU: 6 PID: 326 at arch/x86/kvm/vmx/vmx.c:482\n invvpid_error+0x91/0xa0 [kvm_intel]\n Modules linked in: kvm_intel kvm 9pnet_virtio irqbypass fuse\n CPU: 6 UID: 0 PID: 326 Comm: kvm-vm Not tainted 6.15.0 #14 PREEMPT(voluntary)\n RIP: 0010:invvpid_error+0x91/0xa0 [kvm_intel]\n Call Trace:\n vmx_flush_tlb_gva+0x320/0x490 [kvm_intel]\n kvm_hv_vcpu_flush_tlb+0x24f/0x4f0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x3013/0x5810 [kvm]\n\nHyper-V documents that invalid GVAs (those that are beyond a partition's\nGVA space) are to be ignored. While not completely clear whether this\nruling also applies to non-canonical GVAs, it is likely fine to make that\nassumption, and manual testing on Azure confirms \"real\" Hyper-V interprets\nthe specification in the same way.\n\nSkip non-canonical GVAs when processing the list of address to avoid\ntripping the INVVPID failure. Alternatively, KVM could filter out \"bad\"\nGVAs before inserting into the FIFO, but practically speaking the only\ndownside of pushing validation to the final processing is that doing so\nis suboptimal for the guest, and no well-behaved guest will request TLB\nflushes for non-canonical addresses.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38351", + "https://git.kernel.org/linus/fa787ac07b3ceb56dd88a62d1866038498e96230 (6.16-rc6)", + "https://git.kernel.org/stable/c/2d4dea3f76510c0afe3f18c910f647b816f7d566", + "https://git.kernel.org/stable/c/f1b3ad11ec11c88ba9f79a73d27d4cda3f80fb24", + "https://git.kernel.org/stable/c/fa787ac07b3ceb56dd88a62d1866038498e96230", + "https://lore.kernel.org/linux-cve-announce/2025071951-CVE-2025-38351-75ea@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38351", + "https://www.cve.org/CVERecord?id=CVE-2025-38351" + ], + "PublishedDate": "2025-07-19T12:15:35.383Z", + "LastModifiedDate": "2025-08-01T09:15:33.167Z" + }, + { + "VulnerabilityID": "CVE-2025-38439", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38439", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Set DMA unmap len correctly for XDP_REDIRECT\n\nWhen transmitting an XDP_REDIRECT packet, call dma_unmap_len_set()\nwith the proper length instead of 0. This bug triggers this warning\non a system with IOMMU enabled:\n\nWARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170\nRIP: 0010:__iommu_dma_unmap+0x159/0x170\nCode: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45\nb8 4c 89 45 c0 e9 77 ff ff ff \u003c0f\u003e 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00\nRSP: 0018:ff22d31181150c88 EFLAGS: 00010206\nRAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000\nR10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000\nR13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00\nFS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0\nPKRU: 55555554\nCall Trace:\n\u003cIRQ\u003e\n? show_regs+0x6d/0x80\n? __warn+0x89/0x160\n? __iommu_dma_unmap+0x159/0x170\n? report_bug+0x17e/0x1b0\n? handle_bug+0x46/0x90\n? exc_invalid_op+0x18/0x80\n? asm_exc_invalid_op+0x1b/0x20\n? __iommu_dma_unmap+0x159/0x170\n? __iommu_dma_unmap+0xb3/0x170\niommu_dma_unmap_page+0x4f/0x100\ndma_unmap_page_attrs+0x52/0x220\n? srso_alias_return_thunk+0x5/0xfbef5\n? xdp_return_frame+0x2e/0xd0\nbnxt_tx_int_xdp+0xdf/0x440 [bnxt_en]\n__bnxt_poll_work_done+0x81/0x1e0 [bnxt_en]\nbnxt_poll+0xd3/0x1e0 [bnxt_en]", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38439", + "https://git.kernel.org/linus/3cdf199d4755d477972ee87110b2aebc88b3cfad (6.16-rc6)", + "https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee", + "https://git.kernel.org/stable/c/3cdf199d4755d477972ee87110b2aebc88b3cfad", + "https://git.kernel.org/stable/c/50dad9909715094e7d9ca25e9e0412b875987519", + "https://git.kernel.org/stable/c/5909679a82cd74cf0343d9e3ddf4b6931aa7e613", + "https://git.kernel.org/stable/c/8d672a1a6bfc81fef9151925c9c0481f4acf4bec", + "https://git.kernel.org/stable/c/e260f4d49370c85a4701d43c6d16b8c39f8b605f", + "https://git.kernel.org/stable/c/f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a", + "https://git.kernel.org/stable/c/f9eaf6d036075dc820520e1194692c0619b7297b", + "https://lore.kernel.org/linux-cve-announce/2025072501-CVE-2025-38439-3f3b@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38439", + "https://www.cve.org/CVERecord?id=CVE-2025-38439" + ], + "PublishedDate": "2025-07-25T16:15:29.257Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38440", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38440", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net/mlx5e: Fix race between DIM disable and net_dim()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race between DIM disable and net_dim()\n\nThere's a race between disabling DIM and NAPI callbacks using the dim\npointer on the RQ or SQ.\n\nIf NAPI checks the DIM state bit and sees it still set, it assumes\n`rq-\u003edim` or `sq-\u003edim` is valid. But if DIM gets disabled right after\nthat check, the pointer might already be set to NULL, leading to a NULL\npointer dereference in net_dim().\n\nFix this by calling `synchronize_net()` before freeing the DIM context.\nThis ensures all in-progress NAPI callbacks are finished before the\npointer is cleared.\n\nKernel log:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:net_dim+0x23/0x190\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? common_interrupt+0xf/0xa0\n ? sysvec_call_function_single+0xb/0x90\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? net_dim+0x23/0x190\n ? mlx5e_poll_ico_cq+0x41/0x6f0 [mlx5_core]\n ? sysvec_apic_timer_interrupt+0xb/0x90\n mlx5e_handle_rx_dim+0x92/0xd0 [mlx5_core]\n mlx5e_napi_poll+0x2cd/0xac0 [mlx5_core]\n ? mlx5e_poll_ico_cq+0xe5/0x6f0 [mlx5_core]\n busy_poll_stop+0xa2/0x200\n ? mlx5e_napi_poll+0x1d9/0xac0 [mlx5_core]\n ? mlx5e_trigger_irq+0x130/0x130 [mlx5_core]\n __napi_busy_loop+0x345/0x3b0\n ? sysvec_call_function_single+0xb/0x90\n ? asm_sysvec_call_function_single+0x16/0x20\n ? sysvec_apic_timer_interrupt+0xb/0x90\n ? pcpu_free_area+0x1e4/0x2e0\n napi_busy_loop+0x11/0x20\n xsk_recvmsg+0x10c/0x130\n sock_recvmsg+0x44/0x70\n __sys_recvfrom+0xbc/0x130\n ? __schedule+0x398/0x890\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n...\n---[ end trace 0000000000000000 ]---\n...\n---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38440", + "https://git.kernel.org/linus/eb41a264a3a576dc040ee37c3d9d6b7e2d9be968 (6.16-rc6)", + "https://git.kernel.org/stable/c/2bc6fb90486e42dd80e660ef7a40c02b2516c6d6", + "https://git.kernel.org/stable/c/7581afc051542e11ccf3ade68acd01b7fb1a3cde", + "https://git.kernel.org/stable/c/eb41a264a3a576dc040ee37c3d9d6b7e2d9be968", + "https://lore.kernel.org/linux-cve-announce/2025072501-CVE-2025-38440-cb71@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38440", + "https://www.cve.org/CVERecord?id=CVE-2025-38440" + ], + "PublishedDate": "2025-07-25T16:15:29.39Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38445", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38445", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: md/raid1: Fix stack memory use after return in raid1_reshape", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: Fix stack memory use after return in raid1_reshape\n\nIn the raid1_reshape function, newpool is\nallocated on the stack and assigned to conf-\u003er1bio_pool.\nThis results in conf-\u003er1bio_pool.wait.head pointing\nto a stack address.\nAccessing this address later can lead to a kernel panic.\n\nExample access path:\n\nraid1_reshape()\n{\n\t// newpool is on the stack\n\tmempool_t newpool, oldpool;\n\t// initialize newpool.wait.head to stack address\n\tmempool_init(\u0026newpool, ...);\n\tconf-\u003er1bio_pool = newpool;\n}\n\nraid1_read_request() or raid1_write_request()\n{\n\talloc_r1bio()\n\t{\n\t\tmempool_alloc()\n\t\t{\n\t\t\t// if pool-\u003ealloc fails\n\t\t\tremove_element()\n\t\t\t{\n\t\t\t\t--pool-\u003ecurr_nr;\n\t\t\t}\n\t\t}\n\t}\n}\n\nmempool_free()\n{\n\tif (pool-\u003ecurr_nr \u003c pool-\u003emin_nr) {\n\t\t// pool-\u003ewait.head is a stack address\n\t\t// wake_up() will try to access this invalid address\n\t\t// which leads to a kernel panic\n\t\treturn;\n\t\twake_up(\u0026pool-\u003ewait);\n\t}\n}\n\nFix:\nreinit conf-\u003er1bio_pool.wait after assigning newpool.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38445", + "https://git.kernel.org/linus/d67ed2ccd2d1dcfda9292c0ea8697a9d0f2f0d98 (6.16-rc6)", + "https://git.kernel.org/stable/c/12b00ec99624f8da8c325f2dd6e807df26df0025", + "https://git.kernel.org/stable/c/48da050b4f54ed639b66278d0ae6f4107b2c4e2d", + "https://git.kernel.org/stable/c/5f35e48b76655e45522df338876dfef88dafcc71", + "https://git.kernel.org/stable/c/61fd5e93006cf82ec8ee5c115ab5cf4bbd104bdb", + "https://git.kernel.org/stable/c/776e6186dc9ecbdb8a1b706e989166c8a99bbf64", + "https://git.kernel.org/stable/c/d67ed2ccd2d1dcfda9292c0ea8697a9d0f2f0d98", + "https://git.kernel.org/stable/c/d8a6853d00fbaa810765c8ed2f452a5832273968", + "https://git.kernel.org/stable/c/df5894014a92ff0196dbc212a7764e97366fd2b7", + "https://lore.kernel.org/linux-cve-announce/2025072503-CVE-2025-38445-7295@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38445", + "https://www.cve.org/CVERecord?id=CVE-2025-38445" + ], + "PublishedDate": "2025-07-25T16:15:29.98Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38449", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38449", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/gem: Acquire references on GEM handles for framebuffers", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer's GEM buffer objects prevents\nthis from happening. The framebuffer's cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38449", + "https://git.kernel.org/linus/5307dce878d4126e1b375587318955bd019c3741 (6.16-rc5)", + "https://git.kernel.org/stable/c/08480e285c6a82ce689008d643e4a51db0aaef8b", + "https://git.kernel.org/stable/c/3cf520d9860d4ec9f7f32068825da31f18dd3f25", + "https://git.kernel.org/stable/c/5307dce878d4126e1b375587318955bd019c3741", + "https://git.kernel.org/stable/c/cb4c956a15f8b7f870649454771fc3761f504b5f", + "https://lore.kernel.org/linux-cve-announce/2025072504-CVE-2025-38449-cbf0@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38449", + "https://www.cve.org/CVERecord?id=CVE-2025-38449" + ], + "PublishedDate": "2025-07-25T16:15:30.443Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38450", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()\n\nAdd a NULL check for msta-\u003evif before accessing its members to prevent\na kernel panic in AP mode deployment. This also fix the issue reported\nin [1].\n\nThe crash occurs when this function is triggered before the station is\nfully initialized. The call trace shows a page fault at\nmt7925_sta_set_decap_offload() due to accessing resources when msta-\u003evif\nis NULL.\n\nFix this by adding an early return if msta-\u003evif is NULL and also check\nwcid.sta is ready. This ensures we only proceed with decap offload\nconfiguration when the station's state is properly initialized.\n\n[14739.655703] Unable to handle kernel paging request at virtual address ffffffffffffffa0\n[14739.811820] CPU: 0 UID: 0 PID: 895854 Comm: hostapd Tainted: G\n[14739.821394] Tainted: [C]=CRAP, [O]=OOT_MODULE\n[14739.825746] Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n[14739.831577] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[14739.838538] pc : mt7925_sta_set_decap_offload+0xc0/0x1b8 [mt7925_common]\n[14739.845271] lr : mt7925_sta_set_decap_offload+0x58/0x1b8 [mt7925_common]\n[14739.851985] sp : ffffffc085efb500\n[14739.855295] x29: ffffffc085efb500 x28: 0000000000000000 x27: ffffff807803a158\n[14739.862436] x26: ffffff8041ececb8 x25: 0000000000000001 x24: 0000000000000001\n[14739.869577] x23: 0000000000000001 x22: 0000000000000008 x21: ffffff8041ecea88\n[14739.876715] x20: ffffff8041c19ca0 x19: ffffff8078031fe0 x18: 0000000000000000\n[14739.883853] x17: 0000000000000000 x16: ffffffe2aeac1110 x15: 000000559da48080\n[14739.890991] x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000000\n[14739.898130] x11: 0a10020001008e88 x10: 0000000000001a50 x9 : ffffffe26457bfa0\n[14739.905269] x8 : ffffff8042013bb0 x7 : ffffff807fb6cbf8 x6 : dead000000000100\n[14739.912407] x5 : dead000000000122 x4 : ffffff80780326c8 x3 : 0000000000000000\n[14739.919546] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff8041ececb8\n[14739.926686] Call trace:\n[14739.929130] mt7925_sta_set_decap_offload+0xc0/0x1b8 [mt7925_common]\n[14739.935505] ieee80211_check_fast_rx+0x19c/0x510 [mac80211]\n[14739.941344] _sta_info_move_state+0xe4/0x510 [mac80211]\n[14739.946860] sta_info_move_state+0x1c/0x30 [mac80211]\n[14739.952116] sta_apply_auth_flags.constprop.0+0x90/0x1b0 [mac80211]\n[14739.958708] sta_apply_parameters+0x234/0x5e0 [mac80211]\n[14739.964332] ieee80211_add_station+0xdc/0x190 [mac80211]\n[14739.969950] nl80211_new_station+0x46c/0x670 [cfg80211]\n[14739.975516] genl_family_rcv_msg_doit+0xdc/0x150\n[14739.980158] genl_rcv_msg+0x218/0x298\n[14739.983830] netlink_rcv_skb+0x64/0x138\n[14739.987670] genl_rcv+0x40/0x60\n[14739.990816] netlink_unicast+0x314/0x380\n[14739.994742] netlink_sendmsg+0x198/0x3f0\n[14739.998664] __sock_sendmsg+0x64/0xc0\n[14740.002324] ____sys_sendmsg+0x260/0x298\n[14740.006242] ___sys_sendmsg+0xb4/0x110", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38450", + "https://git.kernel.org/linus/35ad47c0b3da04b00b19a8b9ed5632e2f2520472 (6.16-rc6)", + "https://git.kernel.org/stable/c/35ad47c0b3da04b00b19a8b9ed5632e2f2520472", + "https://git.kernel.org/stable/c/91c3dec2453b3742e8f666957b99945edc30577f", + "https://git.kernel.org/stable/c/9b50874f297fcc62adc7396f35209878e51010b0", + "https://lore.kernel.org/linux-cve-announce/2025072504-CVE-2025-38450-a59f@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38450", + "https://www.cve.org/CVERecord?id=CVE-2025-38450" + ], + "PublishedDate": "2025-07-25T16:15:30.56Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38453", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38453", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU\n\nsyzbot reports that defer/local task_work adding via msg_ring can hit\na request that has been freed:\n\nCPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n io_req_local_work_add io_uring/io_uring.c:1184 [inline]\n __io_req_task_work_add+0x589/0x950 io_uring/io_uring.c:1252\n io_msg_remote_post io_uring/msg_ring.c:103 [inline]\n io_msg_data_remote io_uring/msg_ring.c:133 [inline]\n __io_msg_ring_data+0x820/0xaa0 io_uring/msg_ring.c:151\n io_msg_ring_data io_uring/msg_ring.c:173 [inline]\n io_msg_ring+0x134/0xa00 io_uring/msg_ring.c:314\n __io_issue_sqe+0x17e/0x4b0 io_uring/io_uring.c:1739\n io_issue_sqe+0x165/0xfd0 io_uring/io_uring.c:1762\n io_wq_submit_work+0x6e9/0xb90 io_uring/io_uring.c:1874\n io_worker_handle_work+0x7cd/0x1180 io_uring/io-wq.c:642\n io_wq_worker+0x42f/0xeb0 io_uring/io-wq.c:696\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nwhich is supposed to be safe with how requests are allocated. But msg\nring requests alloc and free on their own, and hence must defer freeing\nto a sane time.\n\nAdd an rcu_head and use kfree_rcu() in both spots where requests are\nfreed. Only the one in io_msg_tw_complete() is strictly required as it\nhas been visible on the other ring, but use it consistently in the other\nspot as well.\n\nThis should not cause any other issues outside of KASAN rightfully\ncomplaining about it.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38453", + "https://git.kernel.org/linus/fc582cd26e888b0652bc1494f252329453fd3b23 (6.16-rc6)", + "https://git.kernel.org/stable/c/e5b3432f4a6b418b8bd8fc91f38efbf17a77167a", + "https://git.kernel.org/stable/c/fc582cd26e888b0652bc1494f252329453fd3b23", + "https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38453-69b1@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38453", + "https://www.cve.org/CVERecord?id=CVE-2025-38453" + ], + "PublishedDate": "2025-07-25T16:15:30.913Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38457", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38457", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net/sched: Abort __tc_modify_qdisc if parent class does not exist", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion's patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs' init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc's qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn't correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38457", + "https://git.kernel.org/linus/ffdde7bf5a439aaa1955ebd581f5c64ab1533963 (6.16-rc6)", + "https://git.kernel.org/stable/c/23c165dde88eac405eebb59051ea1fe139a45803", + "https://git.kernel.org/stable/c/25452638f133ac19d75af3f928327d8016952c8e", + "https://git.kernel.org/stable/c/4c691d1b6b6dbd73f30ed9ee7da05f037b0c49af", + "https://git.kernel.org/stable/c/8ecd651ef24ab50123692a4e3e25db93cb11602a", + "https://git.kernel.org/stable/c/90436e72c9622c2f70389070088325a3232d339f", + "https://git.kernel.org/stable/c/923a276c74e25073ae391e930792ac86a9f77f1e", + "https://git.kernel.org/stable/c/e28a383d6485c3bb51dc5953552f76c4dea33eea", + "https://git.kernel.org/stable/c/ffdde7bf5a439aaa1955ebd581f5c64ab1533963", + "https://lore.kernel.org/linux-cve-announce/2025072506-CVE-2025-38457-d302@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38457", + "https://www.cve.org/CVERecord?id=CVE-2025-38457" + ], + "PublishedDate": "2025-07-25T16:15:31.403Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38459", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38459", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: atm: clip: Fix infinite recursive call of clip_push().", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix infinite recursive call of clip_push().\n\nsyzbot reported the splat below. [0]\n\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\n\nDuring the first call, clip_mkip() sets clip_push() to vcc-\u003epush(),\nand the second call copies it to clip_vcc-\u003eold_push().\n\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc-\u003eold_push(),\ntriggering the infinite recursion.\n\nLet's prevent the second ioctl(ATMARP_MKIP) by checking\nvcc-\u003euser_back, which is allocated by the first call as clip_vcc.\n\nNote also that we use lock_sock() to prevent racy calls.\n\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 \u003c41\u003e 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n...\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n vcc_destroy_socket net/atm/common.c:183 [inline]\n vcc_release+0x157/0x460 net/atm/common.c:205\n __sock_release net/socket.c:647 [inline]\n sock_close+0xc0/0x240 net/socket.c:1391\n __fput+0x449/0xa70 fs/file_table.c:465\n task_work_run+0x1d1/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\n exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\n do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n \u003c/TASK\u003e\nModules linked in:", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38459", + "https://git.kernel.org/linus/c489f3283dbfc0f3c00c312149cae90d27552c45 (6.16-rc6)", + "https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e", + "https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352", + "https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f", + "https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31", + "https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8", + "https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45", + "https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88", + "https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2", + "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38459-e941@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38459", + "https://www.cve.org/CVERecord?id=CVE-2025-38459" + ], + "PublishedDate": "2025-07-25T16:15:31.66Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38461", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38461", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: vsock: Fix transport_* TOCTOU", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38461", + "https://git.kernel.org/linus/687aa0c5581b8d4aa87fd92973e4ee576b550cdf (6.16-rc6)", + "https://git.kernel.org/stable/c/36a439049b34cca0b3661276049b84a1f76cc21a", + "https://git.kernel.org/stable/c/687aa0c5581b8d4aa87fd92973e4ee576b550cdf", + "https://git.kernel.org/stable/c/7b73bddf54777fb62d4d8c7729d0affe6df04477", + "https://git.kernel.org/stable/c/8667e8d0eb46bc54fdae30ba2f4786407d3d88eb", + "https://git.kernel.org/stable/c/9ce53e744f18e73059d3124070e960f3aa9902bf", + "https://git.kernel.org/stable/c/9d24bb6780282b0255b9929abe5e8f98007e2c6e", + "https://git.kernel.org/stable/c/ae2c712ba39c7007de63cb0c75b51ce1caaf1da5", + "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38461-33b1@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38461", + "https://www.cve.org/CVERecord?id=CVE-2025-38461" + ], + "PublishedDate": "2025-07-25T16:15:31.923Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38462", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38462", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: vsock: Fix transport_{g2h,h2g} TOCTOU", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38462", + "https://git.kernel.org/linus/209fd720838aaf1420416494c5505096478156b4 (6.16-rc6)", + "https://git.kernel.org/stable/c/209fd720838aaf1420416494c5505096478156b4", + "https://git.kernel.org/stable/c/3734d78210cceb2ee5615719a62a5c55ed381ff8", + "https://git.kernel.org/stable/c/401239811fa728fcdd53e360a91f157ffd23e1f4", + "https://git.kernel.org/stable/c/5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17", + "https://git.kernel.org/stable/c/6a1bcab67bea797d83aa9dd948a0ac6ed52d121d", + "https://git.kernel.org/stable/c/80d7dc15805a93d520a249ac6d13d4f4df161c1b", + "https://git.kernel.org/stable/c/c5496ee685c48ed1cc183cd4263602579bb4a615", + "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38462-3e15@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38462", + "https://www.cve.org/CVERecord?id=CVE-2025-38462" + ], + "PublishedDate": "2025-07-25T16:15:32.117Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38463", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38463", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: tcp: Correct signedness in skb remaining space calculation", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n'''\ncopy = size_goal - skb-\u003elen\n'''\n\nThe types of the variables involved are:\n'''\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n'''\n\nDue to C's type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38463", + "https://git.kernel.org/linus/d3a5f2871adc0c61c61869f37f3e697d97f03d8c (6.16-rc6)", + "https://git.kernel.org/stable/c/62e6160cfb5514787bda833d466509edc38fde23", + "https://git.kernel.org/stable/c/81373cd1d72d87c7d844d4454a526b8f53e72d00", + "https://git.kernel.org/stable/c/9f164fa6bb09fbcc60fa5c3ff551ce9eec1befd7", + "https://git.kernel.org/stable/c/d3a5f2871adc0c61c61869f37f3e697d97f03d8c", + "https://lore.kernel.org/linux-cve-announce/2025072508-CVE-2025-38463-f4a1@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38463", + "https://www.cve.org/CVERecord?id=CVE-2025-38463" + ], + "PublishedDate": "2025-07-25T16:15:32.253Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38464", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38464", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: tipc: Fix use-after-free in tipc_conn_close()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_conn_close().\n\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\n\ntipc_topsrv_stop() iterates tipc_net(net)-\u003etopsrv-\u003econn_idr and calls\ntipc_conn_close() for each tipc_conn.\n\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\n\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast -\u003ekref.\n\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\n\nLet's hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\n\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1fc/0x2ef lib/dump_stack.c:118\n print_address_description.cold+0x54/0x219 mm/kasan/report.c:256\n kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\n kasan_report mm/kasan/report.c:412 [inline]\n __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\n tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\n tipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\n tipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\n ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\n cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nAllocated by task 23:\n kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\n kmalloc include/linux/slab.h:515 [inline]\n kzalloc include/linux/slab.h:709 [inline]\n tipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\n tipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nFreed by task 23:\n __cache_free mm/slab.c:3503 [inline]\n kfree+0xcc/0x210 mm/slab.c:3822\n tipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\n kref_put include/linux/kref.h:70 [inline]\n conn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nThe buggy address belongs to the object at ffff888099305a00\n which belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n 512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003effff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38464", + "https://git.kernel.org/linus/667eeab4999e981c96b447a4df5f20bdf5c26f13 (6.16-rc6)", + "https://git.kernel.org/stable/c/03dcdd2558e1e55bf843822fe4363dcb48743f2b", + "https://git.kernel.org/stable/c/15a6f4971e2f157d57e09ea748d1fbc714277aa4", + "https://git.kernel.org/stable/c/1dbf7cd2454a28b1da700085b99346b5445aeabb", + "https://git.kernel.org/stable/c/3b89e17b2fd64012682bed158d9eb3d2e96dec42", + "https://git.kernel.org/stable/c/50aa2d121bc2cfe2d825f8a331ea75dfaaab6a50", + "https://git.kernel.org/stable/c/667eeab4999e981c96b447a4df5f20bdf5c26f13", + "https://git.kernel.org/stable/c/be4b8392da7978294f2f368799d29dd509fb6c4d", + "https://git.kernel.org/stable/c/dab8ded2e5ff41012a6ff400b44dbe76ccf3592a", + "https://lore.kernel.org/linux-cve-announce/2025072508-CVE-2025-38464-44a1@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38464", + "https://www.cve.org/CVERecord?id=CVE-2025-38464" + ], + "PublishedDate": "2025-07-25T16:15:32.383Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38466", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38466", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: perf: Revert to requiring CAP_SYS_ADMIN for uprobes", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Revert to requiring CAP_SYS_ADMIN for uprobes\n\nJann reports that uprobes can be used destructively when used in the\nmiddle of an instruction. The kernel only verifies there is a valid\ninstruction at the requested offset, but due to variable instruction\nlength cannot determine if this is an instruction as seen by the\nintended execution stream.\n\nAdditionally, Mark Rutland notes that on architectures that mix data\nin the text segment (like arm64), a similar things can be done if the\ndata word is 'mistaken' for an instruction.\n\nAs such, require CAP_SYS_ADMIN for uprobes.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38466", + "https://git.kernel.org/linus/ba677dbe77af5ffe6204e0f3f547f3ba059c6302 (6.16-rc5)", + "https://git.kernel.org/stable/c/183bdb89af1b5193b1d1d9316986053b15ca6fa4", + "https://git.kernel.org/stable/c/8e8bf7bc6aa6f583336c2fda280b6cea0aed5612", + "https://git.kernel.org/stable/c/a0a8009083e569b5526c64f7d3f2a62baca95164", + "https://git.kernel.org/stable/c/ba677dbe77af5ffe6204e0f3f547f3ba059c6302", + "https://git.kernel.org/stable/c/c0aec35f861fa746ca45aa816161c74352e6ada8", + "https://git.kernel.org/stable/c/d5074256b642cdeb46a70ce2f15193e766edca68", + "https://git.kernel.org/stable/c/d7ef1afd5b3f43f4924326164cee5397b66abd9c", + "https://lore.kernel.org/linux-cve-announce/2025072508-CVE-2025-38466-11e8@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38466", + "https://www.cve.org/CVERecord?id=CVE-2025-38466" + ], + "PublishedDate": "2025-07-25T16:15:32.673Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38471", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38471", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: tls: always refresh the queue when reading sock", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38471", + "https://git.kernel.org/linus/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b (6.16-rc7)", + "https://git.kernel.org/stable/c/1f3a429c21e0e43e8b8c55d30701e91411a4df02", + "https://git.kernel.org/stable/c/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b", + "https://git.kernel.org/stable/c/730fed2ff5e259495712518e18d9f521f61972bb", + "https://git.kernel.org/stable/c/c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6", + "https://git.kernel.org/stable/c/cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8", + "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38471-ca92@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38471", + "https://www.cve.org/CVERecord?id=CVE-2025-38471" + ], + "PublishedDate": "2025-07-28T12:15:28.89Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38472", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38472", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack: fix crash due to removal of uninitialised entry\n\nA crash in conntrack was reported while trying to unlink the conntrack\nentry from the hash bucket list:\n [exception RIP: __nf_ct_delete_from_lists+172]\n [..]\n #7 [ff539b5a2b043aa0] nf_ct_delete at ffffffffc124d421 [nf_conntrack]\n #8 [ff539b5a2b043ad0] nf_ct_gc_expired at ffffffffc124d999 [nf_conntrack]\n #9 [ff539b5a2b043ae0] __nf_conntrack_find_get at ffffffffc124efbc [nf_conntrack]\n [..]\n\nThe nf_conn struct is marked as allocated from slab but appears to be in\na partially initialised state:\n\n ct hlist pointer is garbage; looks like the ct hash value\n (hence crash).\n ct-\u003estatus is equal to IPS_CONFIRMED|IPS_DYING, which is expected\n ct-\u003etimeout is 30000 (=30s), which is unexpected.\n\nEverything else looks like normal udp conntrack entry. If we ignore\nct-\u003estatus and pretend its 0, the entry matches those that are newly\nallocated but not yet inserted into the hash:\n - ct hlist pointers are overloaded and store/cache the raw tuple hash\n - ct-\u003etimeout matches the relative time expected for a new udp flow\n rather than the absolute 'jiffies' value.\n\nIf it were not for the presence of IPS_CONFIRMED,\n__nf_conntrack_find_get() would have skipped the entry.\n\nTheory is that we did hit following race:\n\ncpu x \t\t\tcpu y\t\t\tcpu z\n found entry E\t\tfound entry E\n E is expired\t\t\u003cpreemption\u003e\n nf_ct_delete()\n return E to rcu slab\n\t\t\t\t\tinit_conntrack\n\t\t\t\t\tE is re-inited,\n\t\t\t\t\tct-\u003estatus set to 0\n\t\t\t\t\treply tuplehash hnnode.pprev\n\t\t\t\t\tstores hash value.\n\ncpu y found E right before it was deleted on cpu x.\nE is now re-inited on cpu z. cpu y was preempted before\nchecking for expiry and/or confirm bit.\n\n\t\t\t\t\t-\u003erefcnt set to 1\n\t\t\t\t\tE now owned by skb\n\t\t\t\t\t-\u003etimeout set to 30000\n\nIf cpu y were to resume now, it would observe E as\nexpired but would skip E due to missing CONFIRMED bit.\n\n\t\t\t\t\tnf_conntrack_confirm gets called\n\t\t\t\t\tsets: ct-\u003estatus |= CONFIRMED\n\t\t\t\t\tThis is wrong: E is not yet added\n\t\t\t\t\tto hashtable.\n\ncpu y resumes, it observes E as expired but CONFIRMED:\n\t\t\t\u003cresumes\u003e\n\t\t\tnf_ct_expired()\n\t\t\t -\u003e yes (ct-\u003etimeout is 30s)\n\t\t\tconfirmed bit set.\n\ncpu y will try to delete E from the hashtable:\n\t\t\tnf_ct_delete() -\u003e set DYING bit\n\t\t\t__nf_ct_delete_from_lists\n\nEven this scenario doesn't guarantee a crash:\ncpu z still holds the table bucket lock(s) so y blocks:\n\n\t\t\twait for spinlock held by z\n\n\t\t\t\t\tCONFIRMED is set but there is no\n\t\t\t\t\tguarantee ct will be added to hash:\n\t\t\t\t\t\"chaintoolong\" or \"clash resolution\"\n\t\t\t\t\tlogic both skip the insert step.\n\t\t\t\t\treply hnnode.pprev still stores the\n\t\t\t\t\thash value.\n\n\t\t\t\t\tunlocks spinlock\n\t\t\t\t\treturn NF_DROP\n\t\t\t\u003cunblocks, then\n\t\t\t crashes on hlist_nulls_del_rcu pprev\u003e\n\nIn case CPU z does insert the entry into the hashtable, cpu y will unlink\nE again right away but no crash occurs.\n\nWithout 'cpu y' race, 'garbage' hlist is of no consequence:\nct refcnt remains at 1, eventually skb will be free'd and E gets\ndestroyed via: nf_conntrack_put -\u003e nf_conntrack_destroy -\u003e nf_ct_destroy.\n\nTo resolve this, move the IPS_CONFIRMED assignment after the table\ninsertion but before the unlock.\n\nPablo points out that the confirm-bit-store could be reordered to happen\nbefore hlist add resp. the timeout fixup, so switch to set_bit and\nbefore_atomic memory barrier to prevent this.\n\nIt doesn't matter if other CPUs can observe a newly inserted entry right\nbefore the CONFIRMED bit was set:\n\nSuch event cannot be distinguished from above \"E is the old incarnation\"\ncase: the entry will be skipped.\n\nAlso change nf_ct_should_gc() to first check the confirmed bit.\n\nThe gc sequence is:\n 1. Check if entry has expired, if not skip to next entry\n 2. Obtain a reference to the expired entry.\n 3. Call nf_ct_should_gc() to double-check step 1.\n\nnf_ct_should_gc() is thus called only for entries that already failed an\nexpiry check. After this patch, once the confirmed bit check pas\n---truncated---", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38472", + "https://git.kernel.org/linus/2d72afb340657f03f7261e9243b44457a9228ac7 (6.16-rc7)", + "https://git.kernel.org/stable/c/2d72afb340657f03f7261e9243b44457a9228ac7", + "https://git.kernel.org/stable/c/76179961c423cd698080b5e4d5583cf7f4fcdde9", + "https://git.kernel.org/stable/c/938ce0e8422d3793fe30df2ed0e37f6bc0598379", + "https://git.kernel.org/stable/c/a47ef874189d47f934d0809ae738886307c0ea22", + "https://git.kernel.org/stable/c/fc38c249c622ff5e3011b8845fd49dbfd9289afc", + "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38472-fa6d@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38472", + "https://www.cve.org/CVERecord?id=CVE-2025-38472" + ], + "PublishedDate": "2025-07-28T12:15:29.003Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38473", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38473", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet's not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38473", + "https://git.kernel.org/linus/a0075accbf0d76c2dad1ad3993d2e944505d99a0 (6.16-rc7)", + "https://git.kernel.org/stable/c/6d63901dcd592a1e3f71d7c6d78f9be5e8d7eef0", + "https://git.kernel.org/stable/c/a0075accbf0d76c2dad1ad3993d2e944505d99a0", + "https://git.kernel.org/stable/c/ac3a8147bb24314fb3e84986590148e79f9872ec", + "https://git.kernel.org/stable/c/b97be7ee8a1cd96b89817cbd64a9f5cc16c17d08", + "https://git.kernel.org/stable/c/c4f16f6b071a74ac7eefe5c28985285cbbe2cd96", + "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38473-e8bb@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38473", + "https://www.cve.org/CVERecord?id=CVE-2025-38473" + ], + "PublishedDate": "2025-07-28T12:15:29.123Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38474", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38474", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: usb: net: sierra: check for no status endpoint", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38474", + "https://git.kernel.org/linus/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158 (6.16-rc7)", + "https://git.kernel.org/stable/c/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158", + "https://git.kernel.org/stable/c/5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9", + "https://git.kernel.org/stable/c/5dd6a441748dad2f02e27b256984ca0b2d4546b6", + "https://git.kernel.org/stable/c/65c666aff44eb7f9079c55331abd9687fb77ba2d", + "https://git.kernel.org/stable/c/bfe8ef373986e8f185d3d6613eb1801a8749837a", + "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38474-0663@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38474", + "https://www.cve.org/CVERecord?id=CVE-2025-38474" + ], + "PublishedDate": "2025-07-28T12:15:29.247Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38475", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38475", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: smc: Fix various oops due to inet_sock type confusion", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix various oops due to inet_sock type confusion.\n\nsyzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while\nfreeing inet_sk(sk)-\u003einet_opt.\n\nThe address was freed multiple times even though it was read-only memory.\n\ncipso_v4_sock_setattr() did nothing wrong, and the root cause was type\nconfusion.\n\nThe cited commit made it possible to create smc_sock as an INET socket.\n\nThe issue is that struct smc_sock does not have struct inet_sock as the\nfirst member but hijacks AF_INET and AF_INET6 sk_family, which confuses\nvarious places.\n\nIn this case, inet_sock.inet_opt was actually smc_sock.clcsk_data_ready(),\nwhich is an address of a function in the text segment.\n\n $ pahole -C inet_sock vmlinux\n struct inet_sock {\n ...\n struct ip_options_rcu * inet_opt; /* 784 8 */\n\n $ pahole -C smc_sock vmlinux\n struct smc_sock {\n ...\n void (*clcsk_data_ready)(struct sock *); /* 784 8 */\n\nThe same issue for another field was reported before. [2][3]\n\nAt that time, an ugly hack was suggested [4], but it makes both INET\nand SMC code error-prone and hard to change.\n\nAlso, yet another variant was fixed by a hacky commit 98d4435efcbf3\n(\"net/smc: prevent NULL pointer dereference in txopt_get\").\n\nInstead of papering over the root cause by such hacks, we should not\nallow non-INET socket to reuse the INET infra.\n\nLet's add inet_sock as the first member of smc_sock.\n\n[0]:\nkvfree_call_rcu(): Double-freed call. rcu_head 000000006921da73\nWARNING: CPU: 0 PID: 6718 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nModules linked in:\nCPU: 0 UID: 0 PID: 6718 Comm: syz.0.17 Tainted: G W 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nTainted: [W]=WARN\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nlr : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nsp : ffff8000a03a7730\nx29: ffff8000a03a7730 x28: 00000000fffffff5 x27: 1fffe000184823d3\nx26: dfff800000000000 x25: ffff0000c2411e9e x24: ffff0000dd88da00\nx23: ffff8000891ac9a0 x22: 00000000ffffffea x21: ffff8000891ac9a0\nx20: ffff8000891ac9a0 x19: ffff80008afc2480 x18: 00000000ffffffff\nx17: 0000000000000000 x16: ffff80008ae642c8 x15: ffff700011ede14c\nx14: 1ffff00011ede14c x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff700011ede14c x10: 0000000000ff0100 x9 : 5fa3c1ffaf0ff000\nx8 : 5fa3c1ffaf0ff000 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff8000a03a7078 x4 : ffff80008f766c20 x3 : ffff80008054d360\nx2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000\nCall trace:\n kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955 (P)\n cipso_v4_sock_setattr+0x2f0/0x3f4 net/ipv4/cipso_ipv4.c:1914\n netlbl_sock_setattr+0x240/0x334 net/netlabel/netlabel_kapi.c:1000\n smack_netlbl_add+0xa8/0x158 security/smack/smack_lsm.c:2581\n smack_inode_setsecurity+0x378/0x430 security/smack/smack_lsm.c:2912\n security_inode_setsecurity+0x118/0x3c0 security/security.c:2706\n __vfs_setxattr_noperm+0x174/0x5c4 fs/xattr.c:251\n __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295\n vfs_setxattr+0x158/0x2ac fs/xattr.c:321\n do_setxattr fs/xattr.c:636 [inline]\n file_setxattr+0x1b8/0x294 fs/xattr.c:646\n path_setxattrat+0x2ac/0x320 fs/xattr.c:711\n __do_sys_fsetxattr fs/xattr.c:761 [inline]\n __se_sys_fsetxattr fs/xattr.c:758 [inline]\n __arm64_sys_fsetxattr+0xc0/0xdc fs/xattr.c:758\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879\n el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\n[\n---truncated---", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38475", + "https://git.kernel.org/linus/60ada4fe644edaa6c2da97364184b0425e8aeaf5 (6.16-rc7)", + "https://git.kernel.org/stable/c/5b02e397929e5b13b969ef1f8e43c7951e2864f5", + "https://git.kernel.org/stable/c/60ada4fe644edaa6c2da97364184b0425e8aeaf5", + "https://git.kernel.org/stable/c/67a167a6b8b45607bc34aa541d1c75097d18d460", + "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38475-deb5@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38475", + "https://www.cve.org/CVERecord?id=CVE-2025-38475" + ], + "PublishedDate": "2025-07-28T12:15:29.367Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38477", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38477", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when 'agg' is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38477", + "https://git.kernel.org/linus/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64 (6.16-rc7)", + "https://git.kernel.org/stable/c/466e10194ab81caa2ee6a332d33ba16bcceeeba6", + "https://git.kernel.org/stable/c/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64", + "https://git.kernel.org/stable/c/a6d735100f602c830c16d69fb6d780eebd8c9ae1", + "https://git.kernel.org/stable/c/c000a3a330d97f6c073ace5aa5faf94b9adb4b79", + "https://git.kernel.org/stable/c/fbe48f06e64134dfeafa89ad23387f66ebca3527", + "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38477-8b42@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38477", + "https://www.cve.org/CVERecord?id=CVE-2025-38477" + ], + "PublishedDate": "2025-07-28T12:15:29.617Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38488", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38488", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: smb: client: fix use-after-free in crypt_message when using async crypto", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in crypt_message when using async crypto\n\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\n\n crypt_message()\n // Allocate the creq buffer containing the req\n creq = smb2_get_aead_req(..., \u0026req);\n\n // Async encryption returns -EINPROGRESS immediately\n rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n\n // Free creq while async operation is still in progress\n kvfree_sensitive(creq, ...);\n\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\n\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\n\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn't\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\n\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\n\nThis ensures the request buffer isn't freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38488", + "https://git.kernel.org/linus/b220bed63330c0e1733dc06ea8e75d5b9962b6b6 (6.16-rc7)", + "https://git.kernel.org/stable/c/15a0a5de49507062bc3be4014a403d8cea5533de", + "https://git.kernel.org/stable/c/2a76bc2b24ed889a689fb1c9015307bf16aafb5b", + "https://git.kernel.org/stable/c/8ac90f6824fc44d2e55a82503ddfc95defb19ae0", + "https://git.kernel.org/stable/c/9a1d3e8d40f151c2d5a5f40c410e6e433f62f438", + "https://git.kernel.org/stable/c/b220bed63330c0e1733dc06ea8e75d5b9962b6b6", + "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38488-7f36@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38488", + "https://www.cve.org/CVERecord?id=CVE-2025-38488" + ], + "PublishedDate": "2025-07-28T12:15:30.857Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38491", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38491", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: mptcp: make fallback action and fallback decision atomic", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: make fallback action and fallback decision atomic\n\nSyzkaller reported the following splat:\n\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 check_fully_established net/mptcp/options.c:982 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Modules linked in:\n CPU: 1 UID: 0 PID: 7704 Comm: syz.3.1419 Not tainted 6.16.0-rc3-gbd5ce2324dba #20 PREEMPT(voluntary)\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:__mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n RIP: 0010:mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n RIP: 0010:check_fully_established net/mptcp/options.c:982 [inline]\n RIP: 0010:mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Code: 24 18 e8 bb 2a 00 fd e9 1b df ff ff e8 b1 21 0f 00 e8 ec 5f c4 fc 44 0f b7 ac 24 b0 00 00 00 e9 54 f1 ff ff e8 d9 5f c4 fc 90 \u003c0f\u003e 0b 90 e9 b8 f4 ff ff e8 8b 2a 00 fd e9 8d e6 ff ff e8 81 2a 00\n RSP: 0018:ffff8880a3f08448 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff8880180a8000 RCX: ffffffff84afcf45\n RDX: ffff888090223700 RSI: ffffffff84afdaa7 RDI: 0000000000000001\n RBP: ffff888017955780 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff8880180a8910 R14: ffff8880a3e9d058 R15: 0000000000000000\n FS: 00005555791b8500(0000) GS:ffff88811c495000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000110c2800b7 CR3: 0000000058e44000 CR4: 0000000000350ef0\n Call Trace:\n \u003cIRQ\u003e\n tcp_reset+0x26f/0x2b0 net/ipv4/tcp_input.c:4432\n tcp_validate_incoming+0x1057/0x1b60 net/ipv4/tcp_input.c:5975\n tcp_rcv_established+0x5b5/0x21f0 net/ipv4/tcp_input.c:6166\n tcp_v4_do_rcv+0x5dc/0xa70 net/ipv4/tcp_ipv4.c:1925\n tcp_v4_rcv+0x3473/0x44a0 net/ipv4/tcp_ipv4.c:2363\n ip_protocol_deliver_rcu+0xba/0x480 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2f1/0x500 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_local_deliver+0x1be/0x560 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:469 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:447 [inline]\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_rcv+0x514/0x810 net/ipv4/ip_input.c:567\n __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5975\n __netif_receive_skb+0x1f/0x120 net/core/dev.c:6088\n process_backlog+0x301/0x1360 net/core/dev.c:6440\n __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7453\n napi_poll net/core/dev.c:7517 [inline]\n net_rx_action+0xb44/0x1010 net/core/dev.c:7644\n handle_softirqs+0x1d0/0x770 kernel/softirq.c:579\n do_softirq+0x3f/0x90 kernel/softirq.c:480\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xed/0x110 kernel/softirq.c:407\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n inet_csk_listen_stop+0x2c5/0x1070 net/ipv4/inet_connection_sock.c:1524\n mptcp_check_listen_stop.part.0+0x1cc/0x220 net/mptcp/protocol.c:2985\n mptcp_check_listen_stop net/mptcp/mib.h:118 [inline]\n __mptcp_close+0x9b9/0xbd0 net/mptcp/protocol.c:3000\n mptcp_close+0x2f/0x140 net/mptcp/protocol.c:3066\n inet_release+0xed/0x200 net/ipv4/af_inet.c:435\n inet6_release+0x4f/0x70 net/ipv6/af_inet6.c:487\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x402/0xb70 fs/file_table.c:465\n task_work_run+0x150/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xd4\n---truncated---", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38491", + "https://git.kernel.org/linus/f8a1d9b18c5efc76784f5a326e905f641f839894 (6.16-rc7)", + "https://git.kernel.org/stable/c/1d82a8fe6ee4afdc92f4e8808c9dad2a6095bbc5", + "https://git.kernel.org/stable/c/54999dea879fecb761225e28f274b40662918c30", + "https://git.kernel.org/stable/c/75a4c9ab8a7af0d76b31ccd1188ed178c38b35d2", + "https://git.kernel.org/stable/c/f8a1d9b18c5efc76784f5a326e905f641f839894", + "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38491-859c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38491", + "https://www.cve.org/CVERecord?id=CVE-2025-38491" + ], + "PublishedDate": "2025-07-28T12:15:31.24Z", + "LastModifiedDate": "2025-08-01T09:15:33.303Z" + }, + { + "VulnerabilityID": "CVE-2025-38493", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38493", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: tracing/osnoise: Fix crash in timerlat_dump_stack()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix crash in timerlat_dump_stack()\n\nWe have observed kernel panics when using timerlat with stack saving,\nwith the following dmesg output:\n\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\nCall Trace:\n \u003cTASK\u003e\n ? trace_buffer_lock_reserve+0x2a/0x60\n __fortify_panic+0xd/0xf\n __timerlat_dump_stack.cold+0xd/0xd\n timerlat_dump_stack.part.0+0x47/0x80\n timerlat_fd_read+0x36d/0x390\n vfs_read+0xe2/0x390\n ? syscall_exit_to_user_mode+0x1d5/0x210\n ksys_read+0x73/0xe0\n do_syscall_64+0x7b/0x160\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\n\nstruct stack_entry *entry;\n...\nmemcpy(\u0026entry-\u003ecaller, fstack-\u003ecalls, size);\nentry-\u003esize = fstack-\u003enr_entries;\n\nSince commit e7186af7fb26 (\"tracing: Add back FORTIFY_SOURCE logic to\nkernel_stack event structure\"), struct stack_entry marks its caller\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\ncontains garbage from the ringbuffer, which under some circumstances is\nzero, triggering a kernel panic by buffer overflow.\n\nPopulate the size field before the memcpy so that the out-of-bounds\ncheck knows the correct size. This is analogous to\n__ftrace_trace_stack().", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38493", + "https://git.kernel.org/linus/85a3bce695b361d85fc528e6fbb33e4c8089c806 (6.16-rc7)", + "https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41", + "https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b", + "https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806", + "https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b", + "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38493-32f7@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38493", + "https://www.cve.org/CVERecord?id=CVE-2025-38493" + ], + "PublishedDate": "2025-07-28T12:15:31.483Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38494", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38494", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: HID: core: do not bypass hid_hw_raw_request", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38494", + "https://git.kernel.org/linus/c2ca42f190b6714d6c481dfd3d9b62ea091c946b (6.16-rc7)", + "https://git.kernel.org/stable/c/0e5017d84d650ca0eeaf4a3fe9264c5dbc886b81", + "https://git.kernel.org/stable/c/19d1314d46c0d8a5c08ab53ddeb62280c77698c0", + "https://git.kernel.org/stable/c/a62a895edb2bfebffa865b5129a66e3b4287f34f", + "https://git.kernel.org/stable/c/c2ca42f190b6714d6c481dfd3d9b62ea091c946b", + "https://git.kernel.org/stable/c/d18f63e848840100dbc351a82e7042eac5a28cf5", + "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38494-63e4@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38494", + "https://www.cve.org/CVERecord?id=CVE-2025-38494" + ], + "PublishedDate": "2025-07-28T12:15:31.607Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38495", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38495", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: HID: core: ensure the allocated report buffer can contain the reserved report ID", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38495", + "https://git.kernel.org/linus/4f15ee98304b96e164ff2340e1dfd6181c3f42aa (6.16-rc7)", + "https://git.kernel.org/stable/c/4f15ee98304b96e164ff2340e1dfd6181c3f42aa", + "https://git.kernel.org/stable/c/a262370f385e53ff7470efdcdaf40468e5756717", + "https://git.kernel.org/stable/c/a47d9d9895bad9ce0e840a39836f19ca0b2a343a", + "https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055d6a97a936c108f2", + "https://git.kernel.org/stable/c/fcda39a9c5b834346088c14b1374336b079466c1", + "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38495-3b28@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38495", + "https://www.cve.org/CVERecord?id=CVE-2025-38495" + ], + "PublishedDate": "2025-07-28T12:15:31.727Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38496", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38496", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: dm-bufio: fix sched in atomic context", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38496", + "https://git.kernel.org/linus/b1bf1a782fdf5c482215c0c661b5da98b8e75773 (6.16-rc7)", + "https://git.kernel.org/stable/c/3edfdb1d4ef81320dae0caa40bc24baf8c1bbb86", + "https://git.kernel.org/stable/c/469a39a33a9934af157299bf11c58f6e6cb53f85", + "https://git.kernel.org/stable/c/68860d1ade385eef9fcdbf6552f061283091fdb8", + "https://git.kernel.org/stable/c/b1bf1a782fdf5c482215c0c661b5da98b8e75773", + "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38496-4301@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38496", + "https://www.cve.org/CVERecord?id=CVE-2025-38496" + ], + "PublishedDate": "2025-07-28T12:15:31.847Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38497", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38497", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: usb: gadget: configfs: Fix OOB read on empty string write", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either 'qw_sign' or 'landingPage'\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length 'l' is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38497", + "https://git.kernel.org/linus/3014168731b7930300aab656085af784edc861f6 (6.16-rc7)", + "https://git.kernel.org/stable/c/22b7897c289cc25d99c603f5144096142a30d897", + "https://git.kernel.org/stable/c/2798111f8e504ac747cce911226135d50b8de468", + "https://git.kernel.org/stable/c/3014168731b7930300aab656085af784edc861f6", + "https://git.kernel.org/stable/c/58bdd5160184645771553ea732da5c2887fc9bd1", + "https://git.kernel.org/stable/c/783ea37b237a9b524f1e5ca018ea17d772ee0ea0", + "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38497-b5c7@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38497", + "https://www.cve.org/CVERecord?id=CVE-2025-38497" + ], + "PublishedDate": "2025-07-28T12:15:31.963Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38499", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38499", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won't expose something\nhidden by a mount we wouldn't be able to undo. \"Wouldn't be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere's a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38499", + "https://git.kernel.org/linus/c28f922c9dcee0e4876a2c095939d77fe7e15116 (6.16-rc1)", + "https://git.kernel.org/stable/c/38628ae06e2a37770cd794802a3f1310cf9846e3", + "https://git.kernel.org/stable/c/c28f922c9dcee0e4876a2c095939d77fe7e15116", + "https://git.kernel.org/stable/c/d717325b5ecf2a40daca85c61923e17f32306179", + "https://git.kernel.org/stable/c/dc6a664089f10eab0fb36b6e4f705022210191d2", + "https://git.kernel.org/stable/c/e77078e52fbf018ab986efb3c79065ab35025607", + "https://lore.kernel.org/linux-cve-announce/2025081112-CVE-2025-38499-4572@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38499", + "https://www.cve.org/CVERecord?id=CVE-2025-38499" + ], + "PublishedDate": "2025-08-11T16:15:30.057Z", + "LastModifiedDate": "2025-08-11T18:32:48.867Z" + }, + { + "VulnerabilityID": "CVE-2025-38500", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38500", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: xfrm: interface: fix use-after-free after changing collect_md xfrm interface", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: interface: fix use-after-free after changing collect_md xfrm interface\n\ncollect_md property on xfrm interfaces can only be set on device creation,\nthus xfrmi_changelink() should fail when called on such interfaces.\n\nThe check to enforce this was done only in the case where the xi was\nreturned from xfrmi_locate() which doesn't look for the collect_md\ninterface, and thus the validation was never reached.\n\nCalling changelink would thus errornously place the special interface xi\nin the xfrmi_net-\u003exfrmi hash, but since it also exists in the\nxfrmi_net-\u003ecollect_md_xfrmi pointer it would lead to a double free when\nthe net namespace was taken down [1].\n\nChange the check to use the xi from netdev_priv which is available earlier\nin the function to prevent changes in xfrm collect_md interfaces.\n\n[1] resulting oops:\n[ 8.516540] kernel BUG at net/core/dev.c:12029!\n[ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)\n[ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 8.516569] Workqueue: netns cleanup_net\n[ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0\n[ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 \u003c0f\u003e 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24\n[ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206\n[ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60\n[ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122\n[ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100\n[ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00\n[ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00\n[ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000\n[ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0\n[ 8.516625] PKRU: 55555554\n[ 8.516627] Call Trace:\n[ 8.516632] \u003cTASK\u003e\n[ 8.516635] ? rtnl_is_locked+0x15/0x20\n[ 8.516641] ? unregister_netdevice_queue+0x29/0xf0\n[ 8.516650] ops_undo_list+0x1f2/0x220\n[ 8.516659] cleanup_net+0x1ad/0x2e0\n[ 8.516664] process_one_work+0x160/0x380\n[ 8.516673] worker_thread+0x2aa/0x3c0\n[ 8.516679] ? __pfx_worker_thread+0x10/0x10\n[ 8.516686] kthread+0xfb/0x200\n[ 8.516690] ? __pfx_kthread+0x10/0x10\n[ 8.516693] ? __pfx_kthread+0x10/0x10\n[ 8.516697] ret_from_fork+0x82/0xf0\n[ 8.516705] ? __pfx_kthread+0x10/0x10\n[ 8.516709] ret_from_fork_asm+0x1a/0x30\n[ 8.516718] \u003c/TASK\u003e", + "Severity": "HIGH", + "VendorSeverity": { + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38500", + "https://git.kernel.org/linus/a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b (6.16)", + "https://git.kernel.org/stable/c/5918c3f4800a3aef2173865e5903370f21e24f47", + "https://git.kernel.org/stable/c/69a31f7a6a81f5ffd3812c442e09ff0be22960f1", + "https://git.kernel.org/stable/c/a8d4748b954584ab7bd800f1a4e46d5b0eeb5ce4", + "https://git.kernel.org/stable/c/a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b", + "https://git.kernel.org/stable/c/bfebdb85496e1da21d3cf05de099210915c3e706", + "https://lore.kernel.org/linux-cve-announce/2025081245-CVE-2025-38500-7e22@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38500", + "https://www.cve.org/CVERecord?id=CVE-2025-38500" + ], + "PublishedDate": "2025-08-12T16:15:27.277Z", + "LastModifiedDate": "2025-08-15T16:15:29.433Z" + }, + { + "VulnerabilityID": "CVE-2025-40014", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40014", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nobjtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()\n\nIf speed_hz \u003c AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the\nentire amd_spi_freq array without breaking out early, causing 'i' to go\nbeyond the array bounds.\n\nFix that by stopping the loop when it gets to the last entry, so the low\nspeed_hz value gets clamped up to AMD_SPI_MIN_HZ.\n\nFixes the following warning with an UBSAN kernel:\n\n drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()", + "Severity": "HIGH", + "CweIDs": [ + "CWE-129" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-40014", + "https://git.kernel.org/linus/76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc (6.15-rc1)", + "https://git.kernel.org/stable/c/76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc", + "https://git.kernel.org/stable/c/7f2c746e09a3746bf937bc708129dc8af61d8f19", + "https://lore.kernel.org/linux-cve-announce/2025041822-CVE-2025-40014-384f@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-40014", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-40014" + ], + "PublishedDate": "2025-04-18T07:15:44.67Z", + "LastModifiedDate": "2025-04-29T14:10:33.727Z" + }, + { + "VulnerabilityID": "CVE-2019-15213", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15213", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c", + "Description": "An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", + "http://www.openwall.com/lists/oss-security/2019/08/20/2", + "https://access.redhat.com/security/cve/CVE-2019-15213", + "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7", + "https://linux.oracle.com/cve/CVE-2019-15213.html", + "https://linux.oracle.com/errata/ELSA-2019-4872.html", + "https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-15213", + "https://security.netapp.com/advisory/ntap-20190905-0002/", + "https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced", + "https://www.cve.org/CVERecord?id=CVE-2019-15213" + ], + "PublishedDate": "2019-08-19T22:15:11.253Z", + "LastModifiedDate": "2024-11-21T04:28:12.273Z" + }, + { + "VulnerabilityID": "CVE-2019-16089", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16089", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Improper return check in nbd_genl_status function in drivers/block/nbd.c", + "Description": "An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "nvd": 2, + "oracle-oval": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-16089", + "https://linux.oracle.com/cve/CVE-2019-16089.html", + "https://linux.oracle.com/errata/ELSA-2020-5913.html", + "https://lore.kernel.org/lkml/20190911164013.27364-1-navid.emamdoost@gmail.com/", + "https://lore.kernel.org/patchwork/patch/1106884/", + "https://lore.kernel.org/patchwork/patch/1126650/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-16089", + "https://security.netapp.com/advisory/ntap-20191004-0001/", + "https://support.f5.com/csp/article/K03814795?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://ubuntu.com/security/notices/USN-4414-1", + "https://ubuntu.com/security/notices/USN-4425-1", + "https://ubuntu.com/security/notices/USN-4439-1", + "https://ubuntu.com/security/notices/USN-4440-1", + "https://usn.ubuntu.com/4414-1/", + "https://usn.ubuntu.com/4425-1/", + "https://usn.ubuntu.com/4439-1/", + "https://usn.ubuntu.com/4440-1/", + "https://www.cve.org/CVERecord?id=CVE-2019-16089" + ], + "PublishedDate": "2019-09-06T23:15:12.277Z", + "LastModifiedDate": "2024-11-21T04:30:00.6Z" + }, + { + "VulnerabilityID": "CVE-2019-20794", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20794", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: task processes not being properly ended could lead to resource exhaustion", + "Description": "An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-772" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2020/08/24/1", + "https://access.redhat.com/security/cve/CVE-2019-20794", + "https://github.com/sargun/fuse-example", + "https://nvd.nist.gov/vuln/detail/CVE-2019-20794", + "https://security.netapp.com/advisory/ntap-20200608-0001/", + "https://sourceforge.net/p/fuse/mailman/message/36598753/", + "https://www.cve.org/CVERecord?id=CVE-2019-20794" + ], + "PublishedDate": "2020-05-09T18:15:11.157Z", + "LastModifiedDate": "2024-11-21T04:39:22.78Z" + }, + { + "VulnerabilityID": "CVE-2020-14304", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14304", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ethtool when reading eeprom of device could lead to memory leak", + "Description": "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-460", + "CWE-755" + ], + "VendorSeverity": { + "nvd": 2, + "oracle-oval": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-14304", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304", + "https://linux.oracle.com/cve/CVE-2020-14304.html", + "https://linux.oracle.com/errata/ELSA-2021-9410.html", + "https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2020-14304", + "https://www.cve.org/CVERecord?id=CVE-2020-14304" + ], + "PublishedDate": "2020-09-15T20:15:13.103Z", + "LastModifiedDate": "2024-11-21T05:02:57.97Z" + }, + { + "VulnerabilityID": "CVE-2020-36694", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36694", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: netfilter: use-after-free in the packet processing context", + "Description": "An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 6.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-36694", + "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10", + "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc00bcaa589914096edef7fb87ca5cee4a166b5c", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36694", + "https://security.netapp.com/advisory/ntap-20230622-0005/", + "https://syzkaller.appspot.com/bug?id=0c4fd9c6aa04ec116d01e915d3b186f71a212cb2", + "https://www.cve.org/CVERecord?id=CVE-2020-36694" + ], + "PublishedDate": "2023-05-21T23:15:08.96Z", + "LastModifiedDate": "2025-01-31T18:15:29.737Z" + }, + { + "VulnerabilityID": "CVE-2021-47658", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-47658", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/amd/pm: fix a potential gpu_metrics_table memory leak", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in renoir_init_smc_tables(),\nbut not freed in int smu_v12_0_fini_smc_tables(). Free it!", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-47658", + "https://git.kernel.org/linus/583637d66a70fc7090e12fb0ebbacc33d39e2214 (5.17-rc1)", + "https://git.kernel.org/stable/c/583637d66a70fc7090e12fb0ebbacc33d39e2214", + "https://lore.kernel.org/linux-cve-announce/2025022624-CVE-2021-47658-3eb0@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2021-47658", + "https://www.cve.org/CVERecord?id=CVE-2021-47658" + ], + "PublishedDate": "2025-02-26T06:37:07.557Z", + "LastModifiedDate": "2025-02-26T06:37:07.557Z" + }, + { + "VulnerabilityID": "CVE-2023-31082", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31082", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: sleeping function called from an invalid context in gsmld_write", + "Description": "An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-763" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-31082", + "https://bugzilla.suse.com/show_bug.cgi?id=1210781", + "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/", + "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31082", + "https://security.netapp.com/advisory/ntap-20230929-0003/", + "https://www.cve.org/CVERecord?id=CVE-2023-31082" + ], + "PublishedDate": "2023-04-24T06:15:07.783Z", + "LastModifiedDate": "2024-11-21T08:01:22.69Z" + }, + { + "VulnerabilityID": "CVE-2023-3397", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3397", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: slab-use-after-free Write in txEnd due to race condition", + "Description": "A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416", + "CWE-362" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-3397", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217271", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3397", + "https://www.cve.org/CVERecord?id=CVE-2023-3397", + "https://www.spinics.net/lists/kernel/msg4788636.html" + ], + "PublishedDate": "2023-11-01T20:15:08.737Z", + "LastModifiedDate": "2024-11-21T08:17:11.077Z" + }, + { + "VulnerabilityID": "CVE-2023-37454", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-37454", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: udf: use-after-free write in udf_close_lvid", + "Description": "An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-37454", + "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454", + "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5", + "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-37454", + "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55", + "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57", + "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d", + "https://www.cve.org/CVERecord?id=CVE-2023-37454" + ], + "PublishedDate": "2023-07-06T17:15:14.24Z", + "LastModifiedDate": "2024-11-21T08:11:44.337Z" + }, + { + "VulnerabilityID": "CVE-2023-4010", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4010", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()", + "Description": "A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-4010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227726", + "https://github.com/wanrenmi/a-usb-kernel-bug", + "https://github.com/wanrenmi/a-usb-kernel-bug/issues/1", + "https://nvd.nist.gov/vuln/detail/CVE-2023-4010", + "https://www.cve.org/CVERecord?id=CVE-2023-4010" + ], + "PublishedDate": "2023-07-31T17:15:10.277Z", + "LastModifiedDate": "2024-11-21T08:34:13.383Z" + }, + { + "VulnerabilityID": "CVE-2023-6238", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: nvme: memory corruption via unprivileged user passthrough", + "Description": "A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-6238", + "https://bugzilla.redhat.com/show_bug.cgi?id=2250834", + "https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u", + "https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2023-6238", + "https://www.cve.org/CVERecord?id=CVE-2023-6238" + ], + "PublishedDate": "2023-11-21T21:15:09.273Z", + "LastModifiedDate": "2024-11-21T08:43:26.177Z" + }, + { + "VulnerabilityID": "CVE-2023-6240", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6240", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation", + "Description": "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:1881", + "https://access.redhat.com/errata/RHSA-2024:1882", + "https://access.redhat.com/errata/RHSA-2024:2758", + "https://access.redhat.com/errata/RHSA-2024:3414", + "https://access.redhat.com/errata/RHSA-2024:3421", + "https://access.redhat.com/errata/RHSA-2024:3618", + "https://access.redhat.com/errata/RHSA-2024:3627", + "https://access.redhat.com/security/cve/CVE-2023-6240", + "https://bugzilla.redhat.com/2250843", + "https://bugzilla.redhat.com/2270836", + "https://bugzilla.redhat.com/show_bug.cgi?id=2250843", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270836", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25742", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25743", + "https://errata.almalinux.org/9/ALSA-2024-2758.html", + "https://errata.rockylinux.org/RLSA-2024:2758", + "https://linux.oracle.com/cve/CVE-2023-6240.html", + "https://linux.oracle.com/errata/ELSA-2024-3618.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-6240", + "https://people.redhat.com/~hkario/marvin/", + "https://security.netapp.com/advisory/ntap-20240628-0002/", + "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/", + "https://www.cve.org/CVERecord?id=CVE-2023-6240" + ], + "PublishedDate": "2024-02-04T14:15:47.787Z", + "LastModifiedDate": "2024-11-21T08:43:26.437Z" + }, + { + "VulnerabilityID": "CVE-2024-2193", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2193", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "hw: Spectre-SRC that is Speculative Race Conditions (SRCs) for synchronization primitives similar like Spectre V1 with possibility to bypass software features (e.g., IPIs, high-precision timers, etc)", + "Description": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "amazon": 3, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/12/14", + "http://xenbits.xen.org/xsa/advisory-453.html", + "https://access.redhat.com/security/cve/CVE-2024-2193", + "https://download.vusec.net/papers/ghostrace_sec24.pdf", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23", + "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace", + "https://kb.cert.org/vuls/id/488902", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-2193", + "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html", + "https://www.cve.org/CVERecord?id=CVE-2024-2193", + "https://www.kb.cert.org/vuls/id/488902", + "https://www.openwall.com/lists/oss-security/2024/03/12/14", + "https://www.vusec.net/projects/ghostrace/", + "https://xenbits.xen.org/xsa/advisory-453.html" + ], + "PublishedDate": "2024-03-15T18:15:08.53Z", + "LastModifiedDate": "2025-04-30T23:16:01.667Z" + }, + { + "VulnerabilityID": "CVE-2024-24864", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24864", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "A race condition was found in the Linux kernel's media/dvb-core in dvb ...", + "Description": "A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362", + "CWE-476" + ], + "VendorSeverity": { + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://bugzilla.openanolis.cn/show_bug.cgi?id=8178" + ], + "PublishedDate": "2024-02-05T08:15:45.433Z", + "LastModifiedDate": "2024-11-21T08:59:52.41Z" + }, + { + "VulnerabilityID": "CVE-2024-25740", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-25740", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: memory leak in ubi driver", + "Description": "A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj-\u003ename is not released.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-25740", + "https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-25740", + "https://www.cve.org/CVERecord?id=CVE-2024-25740" + ], + "PublishedDate": "2024-02-12T03:15:32.823Z", + "LastModifiedDate": "2025-05-07T21:16:03.333Z" + }, + { + "VulnerabilityID": "CVE-2024-52560", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52560", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()\n\nExtended the `mi_enum_attr()` function interface with an additional\nparameter, `struct ntfs_inode *ni`, to allow marking the inode\nas bad as soon as an error is detected.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-52560", + "https://git.kernel.org/linus/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e (6.14-rc1)", + "https://git.kernel.org/stable/c/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e", + "https://git.kernel.org/stable/c/d9c699f2c4dc174940ffe8600b20c267897da155", + "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-52560-8446@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-52560", + "https://www.cve.org/CVERecord?id=CVE-2024-52560" + ], + "PublishedDate": "2025-02-27T03:15:10.573Z", + "LastModifiedDate": "2025-02-27T03:15:10.573Z" + }, + { + "VulnerabilityID": "CVE-2024-56709", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56709", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: io_uring: check if iowq is killed before queuing", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if iowq is killed before queuing\n\ntask work can be executed after the task has gone through io_uring\ntermination, whether it's the final task_work run or the fallback path.\nIn this case, task work will find -\u003eio_wq being already killed and\nnull'ed, which is a problem if it then tries to forward the request to\nio_queue_iowq(). Make io_queue_iowq() fail requests in this case.\n\nNote that it also checks PF_KTHREAD, because the user can first close\na DEFER_TASKRUN ring and shortly after kill the task, in which case\n-\u003eiowq check would race.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-56709", + "https://git.kernel.org/linus/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 (6.13-rc4)", + "https://git.kernel.org/stable/c/2ca94c8de36091067b9ce7527ae8db3812d38781", + "https://git.kernel.org/stable/c/4f95a2186b7f2af09331e1e8069bcaf34fe019cf", + "https://git.kernel.org/stable/c/534d59ab38010aada88390db65985e65d0de7d9e", + "https://git.kernel.org/stable/c/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156", + "https://linux.oracle.com/cve/CVE-2024-56709.html", + "https://linux.oracle.com/errata/ELSA-2025-20480.html", + "https://lore.kernel.org/linux-cve-announce/2024122918-CVE-2024-56709-655c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-56709", + "https://ubuntu.com/security/notices/USN-7379-1", + "https://ubuntu.com/security/notices/USN-7379-2", + "https://ubuntu.com/security/notices/USN-7380-1", + "https://ubuntu.com/security/notices/USN-7381-1", + "https://ubuntu.com/security/notices/USN-7382-1", + "https://ubuntu.com/security/notices/USN-7513-1", + "https://ubuntu.com/security/notices/USN-7513-2", + "https://ubuntu.com/security/notices/USN-7513-3", + "https://ubuntu.com/security/notices/USN-7513-4", + "https://ubuntu.com/security/notices/USN-7513-5", + "https://ubuntu.com/security/notices/USN-7514-1", + "https://ubuntu.com/security/notices/USN-7515-1", + "https://ubuntu.com/security/notices/USN-7515-2", + "https://ubuntu.com/security/notices/USN-7522-1", + "https://ubuntu.com/security/notices/USN-7523-1", + "https://ubuntu.com/security/notices/USN-7524-1", + "https://www.cve.org/CVERecord?id=CVE-2024-56709" + ], + "PublishedDate": "2024-12-29T09:15:05.82Z", + "LastModifiedDate": "2024-12-29T09:15:05.82Z" + }, + { + "VulnerabilityID": "CVE-2024-57995", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57995", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()\n\nIn ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different\nradio, it gets deleted from that radio through a call to\nath12k_mac_unassign_link_vif(). This action frees the arvif pointer.\nSubsequently, there is a check involving arvif, which will result in a\nread-after-free scenario.\n\nFix this by moving this check after arvif is again assigned via call to\nath12k_mac_assign_link_vif().\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-57995", + "https://git.kernel.org/linus/5a10971c7645a95f5d5dc23c26fbac4bf61801d0 (6.14-rc1)", + "https://git.kernel.org/stable/c/5a10971c7645a95f5d5dc23c26fbac4bf61801d0", + "https://git.kernel.org/stable/c/f3a95a312419e4f1e992525917da9dbcd247038f", + "https://lore.kernel.org/linux-cve-announce/2025022640-CVE-2024-57995-892d@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-57995", + "https://www.cve.org/CVERecord?id=CVE-2024-57995" + ], + "PublishedDate": "2025-02-27T02:15:13.517Z", + "LastModifiedDate": "2025-02-27T02:15:13.517Z" + }, + { + "VulnerabilityID": "CVE-2024-58015", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58015", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath12k: Fix for out-of bound access error", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix for out-of bound access error\n\nSelfgen stats are placed in a buffer using print_array_to_buf_index() function.\nArray length parameter passed to the function is too big, resulting in possible\nout-of bound memory error.\nDecreasing buffer size by one fixes faulty upper bound of passed array.\n\nDiscovered in coverity scan, CID 1600742 and CID 1600758", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58015", + "https://git.kernel.org/linus/eb8c0534713865d190856f10bfc97cf0b88475b1 (6.14-rc1)", + "https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4", + "https://git.kernel.org/stable/c/eb8c0534713865d190856f10bfc97cf0b88475b1", + "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58015-f72e@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58015", + "https://www.cve.org/CVERecord?id=CVE-2024-58015" + ], + "PublishedDate": "2025-02-27T03:15:12.493Z", + "LastModifiedDate": "2025-02-27T03:15:12.493Z" + }, + { + "VulnerabilityID": "CVE-2024-58022", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58022", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: mailbox: th1520: Fix a NULL vs IS_ERR() bug", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: th1520: Fix a NULL vs IS_ERR() bug\n\nThe devm_ioremap() function doesn't return error pointers, it returns\nNULL. Update the error checking to match.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58022", + "https://git.kernel.org/stable/c/d0f98e14c010bcf27898b635a54c1994ac4110a8", + "https://git.kernel.org/stable/c/ecbde88e544ff016fa08bbf2156dc431bb123e9b", + "https://lore.kernel.org/linux-cve-announce/2025022748-CVE-2024-58022-60ab@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58022", + "https://www.cve.org/CVERecord?id=CVE-2024-58022" + ], + "PublishedDate": "2025-02-27T20:16:02.073Z", + "LastModifiedDate": "2025-03-05T14:05:15.387Z" + }, + { + "VulnerabilityID": "CVE-2024-58074", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58074", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/i915: Grab intel_display from the encoder to avoid potential oopsies", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Grab intel_display from the encoder to avoid potential oopsies\n\nGrab the intel_display from 'encoder' rather than 'state'\nin the encoder hooks to avoid the massive footgun that is\nintel_sanitize_encoder(), which passes NULL as the 'state'\nargument to encoder .disable() and .post_disable().\n\nTODO: figure out how to actually fix intel_sanitize_encoder()...", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58074", + "https://git.kernel.org/stable/c/1885401569f24eb35c631bcc4e6543360dbe9292", + "https://git.kernel.org/stable/c/dc3806d9eb66d0105f8d55d462d4ef681d9eac59", + "https://lore.kernel.org/linux-cve-announce/2025030627-CVE-2024-58074-28c1@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58074", + "https://www.cve.org/CVERecord?id=CVE-2024-58074" + ], + "PublishedDate": "2025-03-06T16:15:53.943Z", + "LastModifiedDate": "2025-03-06T16:15:53.943Z" + }, + { + "VulnerabilityID": "CVE-2024-58093", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58093", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: PCI/ASPM: Fix link state exit during switch upstream function removal", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-\u003edownstream would point to free'd memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58093", + "https://git.kernel.org/linus/cbf937dcadfd571a434f8074d057b32cd14fbea5 (6.15-rc1)", + "https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5", + "https://linux.oracle.com/cve/CVE-2024-58093.html", + "https://linux.oracle.com/errata/ELSA-2025-20480.html", + "https://lore.kernel.org/linux-cve-announce/2025041652-CVE-2024-58093-2638@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58093", + "https://ubuntu.com/security/notices/USN-7585-1", + "https://ubuntu.com/security/notices/USN-7585-2", + "https://ubuntu.com/security/notices/USN-7585-3", + "https://ubuntu.com/security/notices/USN-7585-4", + "https://ubuntu.com/security/notices/USN-7585-5", + "https://ubuntu.com/security/notices/USN-7585-6", + "https://ubuntu.com/security/notices/USN-7585-7", + "https://ubuntu.com/security/notices/USN-7591-1", + "https://ubuntu.com/security/notices/USN-7591-2", + "https://ubuntu.com/security/notices/USN-7591-3", + "https://ubuntu.com/security/notices/USN-7591-4", + "https://ubuntu.com/security/notices/USN-7591-5", + "https://ubuntu.com/security/notices/USN-7591-6", + "https://ubuntu.com/security/notices/USN-7592-1", + "https://ubuntu.com/security/notices/USN-7593-1", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://ubuntu.com/security/notices/USN-7597-1", + "https://ubuntu.com/security/notices/USN-7597-2", + "https://ubuntu.com/security/notices/USN-7598-1", + "https://ubuntu.com/security/notices/USN-7602-1", + "https://ubuntu.com/security/notices/USN-7605-1", + "https://ubuntu.com/security/notices/USN-7605-2", + "https://ubuntu.com/security/notices/USN-7606-1", + "https://ubuntu.com/security/notices/USN-7628-1", + "https://ubuntu.com/security/notices/USN-7640-1", + "https://ubuntu.com/security/notices/USN-7655-1", + "https://www.cve.org/CVERecord?id=CVE-2024-58093" + ], + "PublishedDate": "2025-04-16T15:15:53.22Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2024-58094", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58094", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: jfs: add check read-only before truncation in jfs_truncate_nolock()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n jfs_write_failed() {\n jfs_truncate() {\n jfs_truncate_nolock() {\n txEnd() {\n ...\n log = JFS_SBI(tblk-\u003esb)-\u003elog;\n // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58094", + "https://git.kernel.org/linus/b5799dd77054c1ec49b0088b006c9908e256843b (6.15-rc1)", + "https://git.kernel.org/stable/c/b5799dd77054c1ec49b0088b006c9908e256843b", + "https://git.kernel.org/stable/c/f605bc3e162f5c6faa9bd3602ce496053d06a4bb", + "https://lore.kernel.org/linux-cve-announce/2025041652-CVE-2024-58094-b87b@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58094", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2024-58094" + ], + "PublishedDate": "2025-04-16T15:15:53.33Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2024-58095", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58095", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: jfs: add check read-only before txBeginAnon() call", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58095", + "https://git.kernel.org/linus/0176e69743ecc02961f2ae1ea42439cd2bf9ed58 (6.15-rc1)", + "https://git.kernel.org/stable/c/0176e69743ecc02961f2ae1ea42439cd2bf9ed58", + "https://git.kernel.org/stable/c/15469c408af2d7a52fb186a92f2f091b0f13b1fb", + "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58095-9a41@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58095", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2024-58095" + ], + "PublishedDate": "2025-04-16T15:15:53.467Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2024-58096", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58096", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-\u003elock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-\u003elock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-\u003elock for them to avoid such warnings.\n\nInorder to fetch the srng-\u003elock, should change srng's definition from\n'void' to 'struct hal_srng'. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58096", + "https://git.kernel.org/linus/63b7af49496d0e32f7a748b6af3361ec138b1bd3 (6.15-rc1)", + "https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3", + "https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a", + "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58096-2320@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58096", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2024-58096" + ], + "PublishedDate": "2025-04-16T15:15:53.587Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2024-58097", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58097", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath11k: fix RCU stall while reaping monitor destination ring", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-58097", + "https://git.kernel.org/linus/16c6c35c03ea73054a1f6d3302a4ce4a331b427d (6.15-rc1)", + "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d", + "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378", + "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58097-3fcb@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2024-58097", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2024-58097" + ], + "PublishedDate": "2025-04-16T15:15:53.683Z", + "LastModifiedDate": "2025-05-06T16:45:20.957Z" + }, + { + "VulnerabilityID": "CVE-2025-21751", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21751", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net/mlx5: HWS, change error flow on matcher disconnect", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, change error flow on matcher disconnect\n\nCurrently, when firmware failure occurs during matcher disconnect flow,\nthe error flow of the function reconnects the matcher back and returns\nan error, which continues running the calling function and eventually\nfrees the matcher that is being disconnected.\nThis leads to a case where we have a freed matcher on the matchers list,\nwhich in turn leads to use-after-free and eventual crash.\n\nThis patch fixes that by not trying to reconnect the matcher back when\nsome FW command fails during disconnect.\n\nNote that we're dealing here with FW error. We can't overcome this\nproblem. This might lead to bad steering state (e.g. wrong connection\nbetween matchers), and will also lead to resource leakage, as it is\nthe case with any other error handling during resource destruction.\n\nHowever, the goal here is to allow the driver to continue and not crash\nthe machine with use-after-free error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21751", + "https://git.kernel.org/linus/1ce840c7a659aa53a31ef49f0271b4fd0dc10296 (6.14-rc1)", + "https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296", + "https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624", + "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21751-101c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21751", + "https://www.cve.org/CVERecord?id=CVE-2025-21751" + ], + "PublishedDate": "2025-02-27T03:15:15.76Z", + "LastModifiedDate": "2025-03-24T17:20:32.85Z" + }, + { + "VulnerabilityID": "CVE-2025-21752", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21752", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents\n\nDon't use btrfs_set_item_key_safe() to modify the keys in the RAID\nstripe-tree, as this can lead to corruption of the tree, which is caught\nby the checks in btrfs_set_item_key_safe():\n\n BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12\n BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030\n [ snip ]\n item 105 key (354549760 230 20480) itemoff 14587 itemsize 16\n stride 0 devid 5 physical 67502080\n item 106 key (354631680 230 4096) itemoff 14571 itemsize 16\n stride 0 devid 1 physical 88559616\n item 107 key (354631680 230 32768) itemoff 14555 itemsize 16\n stride 0 devid 1 physical 88555520\n item 108 key (354717696 230 28672) itemoff 14539 itemsize 16\n stride 0 devid 2 physical 67604480\n [ snip ]\n BTRFS critical (device nvme1n1): slot 106 key (354631680 230 32768) new key (354635776 230 4096)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2602!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 1055 Comm: fsstress Not tainted 6.13.0-rc1+ #1464\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0xf7/0x270\n Code: \u003csnip\u003e\n RSP: 0018:ffffc90001337ab0 EFLAGS: 00010287\n RAX: 0000000000000000 RBX: ffff8881115fd000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff\n RBP: ffff888110ed6f50 R08: 00000000ffffefff R09: ffffffff8244c500\n R10: 00000000ffffefff R11: 00000000ffffffff R12: ffff888100586000\n R13: 00000000000000c9 R14: ffffc90001337b1f R15: ffff888110f23b58\n FS: 00007f7d75c72740(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa811652c60 CR3: 0000000111398001 CR4: 0000000000370eb0\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x14/0x1a\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x65/0x80\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? exc_invalid_op+0x50/0x70\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? asm_exc_invalid_op+0x1a/0x20\n ? btrfs_set_item_key_safe+0xf7/0x270\n btrfs_partially_delete_raid_extent+0xc4/0xe0\n btrfs_delete_raid_extent+0x227/0x240\n __btrfs_free_extent.isra.0+0x57f/0x9c0\n ? exc_coproc_segment_overrun+0x40/0x40\n __btrfs_run_delayed_refs+0x2fa/0xe80\n btrfs_run_delayed_refs+0x81/0xe0\n btrfs_commit_transaction+0x2dd/0xbe0\n ? preempt_count_add+0x52/0xb0\n btrfs_sync_file+0x375/0x4c0\n do_fsync+0x39/0x70\n __x64_sys_fsync+0x13/0x20\n do_syscall_64+0x54/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f7d7550ef90\n Code: \u003csnip\u003e\n RSP: 002b:00007ffd70237248 EFLAGS: 00000202 ORIG_RAX: 000000000000004a\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7d7550ef90\n RDX: 000000000000013a RSI: 000000000040eb28 RDI: 0000000000000004\n RBP: 000000000000001b R08: 0000000000000078 R09: 00007ffd7023725c\n R10: 00007f7d75400390 R11: 0000000000000202 R12: 028f5c28f5c28f5c\n R13: 8f5c28f5c28f5c29 R14: 000000000040b520 R15: 00007f7d75c726c8\n \u003c/TASK\u003e\n\nWhile the root cause of the tree order corruption isn't clear, using\nbtrfs_duplicate_item() to copy the item and then adjusting both the key\nand the per-device physical addresses is a safe way to counter this\nproblem.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21752", + "https://git.kernel.org/linus/dc14ba10781bd2629835696b7cc1febf914768e9 (6.14-rc1)", + "https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742", + "https://git.kernel.org/stable/c/dc14ba10781bd2629835696b7cc1febf914768e9", + "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2025-21752-5815@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21752", + "https://www.cve.org/CVERecord?id=CVE-2025-21752" + ], + "PublishedDate": "2025-02-27T03:15:15.853Z", + "LastModifiedDate": "2025-02-27T03:15:15.853Z" + }, + { + "VulnerabilityID": "CVE-2025-21807", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21807", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: block: fix queue freeze vs limits lock order in sysfs store methods", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix queue freeze vs limits lock order in sysfs store methods\n\nqueue_attr_store() always freezes a device queue before calling the\nattribute store operation. For attributes that control queue limits, the\nstore operation will also lock the queue limits with a call to\nqueue_limits_start_update(). However, some drivers (e.g. SCSI sd) may\nneed to issue commands to a device to obtain limit values from the\nhardware with the queue limits locked. This creates a potential ABBA\ndeadlock situation if a user attempts to modify a limit (thus freezing\nthe device queue) while the device driver starts a revalidation of the\ndevice queue limits.\n\nAvoid such deadlock by not freezing the queue before calling the\n-\u003estore_limit() method in struct queue_sysfs_entry and instead use the\nqueue_limits_commit_update_frozen helper to freeze the queue after taking\nthe limits lock.\n\nThis also removes taking the sysfs lock for the store_limit method as\nit doesn't protect anything here, but creates even more nesting.\nHopefully it will go away from the actual sysfs methods entirely soon.\n\n(commit log adapted from a similar patch from Damien Le Moal)", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21807", + "https://git.kernel.org/linus/c99f66e4084a62a2cc401c4704a84328aeddc9ec (6.14-rc1)", + "https://git.kernel.org/stable/c/8985da5481562e96b95e94ed8e5cc9b6565eb82b", + "https://git.kernel.org/stable/c/c99f66e4084a62a2cc401c4704a84328aeddc9ec", + "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21807-a4bb@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21807", + "https://www.cve.org/CVERecord?id=CVE-2025-21807" + ], + "PublishedDate": "2025-02-27T20:16:03.317Z", + "LastModifiedDate": "2025-02-27T20:16:03.317Z" + }, + { + "VulnerabilityID": "CVE-2025-21833", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21833", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can't find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21833", + "https://git.kernel.org/linus/60f030f7418d3f1d94f2fb207fe3080e1844630b (6.14-rc1)", + "https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b", + "https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d", + "https://lore.kernel.org/linux-cve-announce/2025030635-CVE-2025-21833-dd2d@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21833", + "https://www.cve.org/CVERecord?id=CVE-2025-21833" + ], + "PublishedDate": "2025-03-06T17:15:23.293Z", + "LastModifiedDate": "2025-03-25T14:27:52.403Z" + }, + { + "VulnerabilityID": "CVE-2025-21884", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21884", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: better track kernel sockets lifetime", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21884", + "https://git.kernel.org/linus/5c70eb5c593d64d93b178905da215a9fd288a4b5 (6.14-rc5)", + "https://git.kernel.org/stable/c/5c70eb5c593d64d93b178905da215a9fd288a4b5", + "https://git.kernel.org/stable/c/c31a732fac46b00b95b78fcc9c37cb48dd6f2e0c", + "https://lore.kernel.org/linux-cve-announce/2025032713-CVE-2025-21884-b70c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21884", + "https://www.cve.org/CVERecord?id=CVE-2025-21884" + ], + "PublishedDate": "2025-03-27T15:15:56.313Z", + "LastModifiedDate": "2025-03-27T16:45:12.21Z" + }, + { + "VulnerabilityID": "CVE-2025-21949", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21949", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: LoongArch: Set hugetlb mmap base address aligned with pmd size", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Set hugetlb mmap base address aligned with pmd size\n\nWith ltp test case \"testcases/bin/hugefork02\", there is a dmesg error\nreport message such as:\n\n kernel BUG at mm/hugetlb.c:5550!\n Oops - BUG[#1]:\n CPU: 0 UID: 0 PID: 1517 Comm: hugefork02 Not tainted 6.14.0-rc2+ #241\n Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n pc 90000000004eaf1c ra 9000000000485538 tp 900000010edbc000 sp 900000010edbf940\n a0 900000010edbfb00 a1 9000000108d20280 a2 00007fffe9474000 a3 00007ffff3474000\n a4 0000000000000000 a5 0000000000000003 a6 00000000003cadd3 a7 0000000000000000\n t0 0000000001ffffff t1 0000000001474000 t2 900000010ecd7900 t3 00007fffe9474000\n t4 00007fffe9474000 t5 0000000000000040 t6 900000010edbfb00 t7 0000000000000001\n t8 0000000000000005 u0 90000000004849d0 s9 900000010edbfa00 s0 9000000108d20280\n s1 00007fffe9474000 s2 0000000002000000 s3 9000000108d20280 s4 9000000002b38b10\n s5 900000010edbfb00 s6 00007ffff3474000 s7 0000000000000406 s8 900000010edbfa08\n ra: 9000000000485538 unmap_vmas+0x130/0x218\n ERA: 90000000004eaf1c __unmap_hugepage_range+0x6f4/0x7d0\n PRMD: 00000004 (PPLV0 +PIE -PWE)\n EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\n PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n Process hugefork02 (pid: 1517, threadinfo=00000000a670eaf4, task=000000007a95fc64)\n Call Trace:\n [\u003c90000000004eaf1c\u003e] __unmap_hugepage_range+0x6f4/0x7d0\n [\u003c9000000000485534\u003e] unmap_vmas+0x12c/0x218\n [\u003c9000000000494068\u003e] exit_mmap+0xe0/0x308\n [\u003c900000000025fdc4\u003e] mmput+0x74/0x180\n [\u003c900000000026a284\u003e] do_exit+0x294/0x898\n [\u003c900000000026aa30\u003e] do_group_exit+0x30/0x98\n [\u003c900000000027bed4\u003e] get_signal+0x83c/0x868\n [\u003c90000000002457b4\u003e] arch_do_signal_or_restart+0x54/0xfa0\n [\u003c90000000015795e8\u003e] irqentry_exit_to_user_mode+0xb8/0x138\n [\u003c90000000002572d0\u003e] tlb_do_page_fault_1+0x114/0x1b4\n\nThe problem is that base address allocated from hugetlbfs is not aligned\nwith pmd size. Here add a checking for hugetlbfs and align base address\nwith pmd size. After this patch the test case \"testcases/bin/hugefork02\"\npasses to run.\n\nThis is similar to the commit 7f24cbc9c4d42db8a3c8484d1 (\"mm/mmap: teach\ngeneric_get_unmapped_area{_topdown} to handle hugetlb mappings\").", + "Severity": "MEDIUM", + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21949", + "https://git.kernel.org/linus/3109d5ff484b7bc7b955f166974c6776d91f247b (6.14-rc6)", + "https://git.kernel.org/stable/c/242b34f48a377afe4b285b472bd0f17744fca8e8", + "https://git.kernel.org/stable/c/3109d5ff484b7bc7b955f166974c6776d91f247b", + "https://lore.kernel.org/linux-cve-announce/2025040136-CVE-2025-21949-e05a@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21949", + "https://www.cve.org/CVERecord?id=CVE-2025-21949" + ], + "PublishedDate": "2025-04-01T16:15:26.067Z", + "LastModifiedDate": "2025-04-11T13:11:06.313Z" + }, + { + "VulnerabilityID": "CVE-2025-21988", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21988", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: fs/netfs/read_collect: add to next-\u003eprev_donated", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/read_collect: add to next-\u003eprev_donated\n\nIf multiple subrequests donate data to the same \"next\" request\n(depending on the subrequest completion order), each of them would\noverwrite the `prev_donated` field, causing data corruption and a\nBUG() crash (\"Can't donate prior to front\").", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-21988", + "https://git.kernel.org/linus/e25cec3b76aba47a49138d2162fc809c6cd49c9e (6.13.8)", + "https://git.kernel.org/stable/c/e25cec3b76aba47a49138d2162fc809c6cd49c9e", + "https://lore.kernel.org/linux-cve-announce/2025040254-CVE-2025-21988-e048@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-21988", + "https://www.cve.org/CVERecord?id=CVE-2025-21988" + ], + "PublishedDate": "2025-04-02T13:15:43.317Z", + "LastModifiedDate": "2025-04-02T14:58:07.527Z" + }, + { + "VulnerabilityID": "CVE-2025-22031", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22031", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion\n\nWhen BIOS neglects to assign bus numbers to PCI bridges, the kernel\nattempts to correct that during PCI device enumeration. If it runs out\nof bus numbers, no pci_bus is allocated and the \"subordinate\" pointer in\nthe bridge's pci_dev remains NULL.\n\nThe PCIe bandwidth controller erroneously does not check for a NULL\nsubordinate pointer and dereferences it on probe.\n\nBandwidth control of unusable devices below the bridge is of questionable\nutility, so simply error out instead. This mirrors what PCIe hotplug does\nsince commit 62e4492c3063 (\"PCI: Prevent NULL dereference during pciehp\nprobe\").\n\nThe PCI core emits a message with KERN_INFO severity if it has run out of\nbus numbers. PCIe hotplug emits an additional message with KERN_ERR\nseverity to inform the user that hotplug functionality is disabled at the\nbridge. A similar message for bandwidth control does not seem merited,\ngiven that its only purpose so far is to expose an up-to-date link speed\nin sysfs and throttle the link speed on certain laptops with limited\nThermal Design Power. So error out silently.\n\nUser-visible messages:\n\n pci 0000:16:02.0: bridge configuration invalid ([bus 00-00]), reconfiguring\n [...]\n pci_bus 0000:45: busn_res: [bus 45-74] end is updated to 74\n pci 0000:16:02.0: devices behind bridge are unusable because [bus 45-74] cannot be assigned for them\n [...]\n pcieport 0000:16:02.0: pciehp: Hotplug bridge without secondary bus, ignoring\n [...]\n BUG: kernel NULL pointer dereference\n RIP: pcie_update_link_speed\n pcie_bwnotif_enable\n pcie_bwnotif_probe\n pcie_port_probe_service\n really_probe", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22031", + "https://git.kernel.org/linus/667f053b05f00a007738cd7ed6fa1901de19dc7e (6.15-rc1)", + "https://git.kernel.org/stable/c/1181924af78e5299ddec6e457789c02dd5966559", + "https://git.kernel.org/stable/c/667f053b05f00a007738cd7ed6fa1901de19dc7e", + "https://git.kernel.org/stable/c/d93d309013e89631630a12b1770d27e4be78362a", + "https://lore.kernel.org/linux-cve-announce/2025041656-CVE-2025-22031-b941@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22031", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22031" + ], + "PublishedDate": "2025-04-16T15:15:55.71Z", + "LastModifiedDate": "2025-04-29T18:57:00.353Z" + }, + { + "VulnerabilityID": "CVE-2025-22051", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22051", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: staging: gpib: Fix Oops after disconnect in agilent usb", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: Fix Oops after disconnect in agilent usb\n\nIf the agilent usb dongle is disconnected subsequent calls to the\ndriver cause a NULL dereference Oops as the bus_interface\nis set to NULL on disconnect.\n\nThis problem was introduced by setting usb_dev from the bus_interface\nfor dev_xxx messages.\n\nPreviously bus_interface was checked for NULL only in the functions\ndirectly calling usb_fill_bulk_urb or usb_control_msg.\n\nCheck for valid bus_interface on all interface entry points\nand return -ENODEV if it is NULL.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22051", + "https://git.kernel.org/linus/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d (6.15-rc1)", + "https://git.kernel.org/stable/c/50ef6e45bec79da4c5a01fad4dc23466ba255099", + "https://git.kernel.org/stable/c/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d", + "https://git.kernel.org/stable/c/e88633705078f40391a9afc6cc8ea3025e6f692b", + "https://lore.kernel.org/linux-cve-announce/2025041603-CVE-2025-22051-68ac@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22051", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22051" + ], + "PublishedDate": "2025-04-16T15:15:58.547Z", + "LastModifiedDate": "2025-04-29T19:03:46.9Z" + }, + { + "VulnerabilityID": "CVE-2025-22052", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22052", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: staging: gpib: Fix Oops after disconnect in ni_usb", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: Fix Oops after disconnect in ni_usb\n\nIf the usb dongle is disconnected subsequent calls to the\ndriver cause a NULL dereference Oops as the bus_interface\nis set to NULL on disconnect.\n\nThis problem was introduced by setting usb_dev from the bus_interface\nfor dev_xxx messages.\n\nPreviously bus_interface was checked for NULL only in the the functions\ndirectly calling usb_fill_bulk_urb or usb_control_msg.\n\nCheck for valid bus_interface on all interface entry points\nand return -ENODEV if it is NULL.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22052", + "https://git.kernel.org/linus/a239c6e91b665f1837cf57b97fe638ef1baf2e78 (6.15-rc1)", + "https://git.kernel.org/stable/c/5dc98ba6f7304c188b267ef481281849638447bf", + "https://git.kernel.org/stable/c/a239c6e91b665f1837cf57b97fe638ef1baf2e78", + "https://git.kernel.org/stable/c/b2d8d7959077c5d4b11d0dc6bd2167791fd1c72e", + "https://lore.kernel.org/linux-cve-announce/2025041603-CVE-2025-22052-54f5@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22052", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22052" + ], + "PublishedDate": "2025-04-16T15:15:58.65Z", + "LastModifiedDate": "2025-04-29T18:50:16.49Z" + }, + { + "VulnerabilityID": "CVE-2025-22061", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22061", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()\n\nFix the following kernel warning deleting HTB offloaded leafs and/or root\nHTB qdisc in airoha_eth driver properly reporting qid in\nairoha_tc_get_htb_get_leaf_queue routine.\n\n$tc qdisc replace dev eth1 root handle 10: htb offload\n$tc class add dev eth1 arent 10: classid 10:4 htb rate 100mbit ceil 100mbit\n$tc qdisc replace dev eth1 parent 10:4 handle 4: ets bands 8 \\\n quanta 1514 3028 4542 6056 7570 9084 10598 12112\n$tc qdisc del dev eth1 root\n\n[ 55.827864] ------------[ cut here ]------------\n[ 55.832493] WARNING: CPU: 3 PID: 2678 at 0xffffffc0798695a4\n[ 55.956510] CPU: 3 PID: 2678 Comm: tc Tainted: G O 6.6.71 #0\n[ 55.963557] Hardware name: Airoha AN7581 Evaluation Board (DT)\n[ 55.969383] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.976344] pc : 0xffffffc0798695a4\n[ 55.979851] lr : 0xffffffc079869a20\n[ 55.983358] sp : ffffffc0850536a0\n[ 55.986665] x29: ffffffc0850536a0 x28: 0000000000000024 x27: 0000000000000001\n[ 55.993800] x26: 0000000000000000 x25: ffffff8008b19000 x24: ffffff800222e800\n[ 56.000935] x23: 0000000000000001 x22: 0000000000000000 x21: ffffff8008b19000\n[ 56.008071] x20: ffffff8002225800 x19: ffffff800379d000 x18: 0000000000000000\n[ 56.015206] x17: ffffffbf9ea59000 x16: ffffffc080018000 x15: 0000000000000000\n[ 56.022342] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001\n[ 56.029478] x11: ffffffc081471008 x10: ffffffc081575a98 x9 : 0000000000000000\n[ 56.036614] x8 : ffffffc08167fd40 x7 : ffffffc08069e104 x6 : ffffff8007f86000\n[ 56.043748] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000001\n[ 56.050884] x2 : 0000000000000000 x1 : 0000000000000250 x0 : ffffff800222c000\n[ 56.058020] Call trace:\n[ 56.060459] 0xffffffc0798695a4\n[ 56.063618] 0xffffffc079869a20\n[ 56.066777] __qdisc_destroy+0x40/0xa0\n[ 56.070528] qdisc_put+0x54/0x6c\n[ 56.073748] qdisc_graft+0x41c/0x648\n[ 56.077324] tc_get_qdisc+0x168/0x2f8\n[ 56.080978] rtnetlink_rcv_msg+0x230/0x330\n[ 56.085076] netlink_rcv_skb+0x5c/0x128\n[ 56.088913] rtnetlink_rcv+0x14/0x1c\n[ 56.092490] netlink_unicast+0x1e0/0x2c8\n[ 56.096413] netlink_sendmsg+0x198/0x3c8\n[ 56.100337] ____sys_sendmsg+0x1c4/0x274\n[ 56.104261] ___sys_sendmsg+0x7c/0xc0\n[ 56.107924] __sys_sendmsg+0x44/0x98\n[ 56.111492] __arm64_sys_sendmsg+0x20/0x28\n[ 56.115580] invoke_syscall.constprop.0+0x58/0xfc\n[ 56.120285] do_el0_svc+0x3c/0xbc\n[ 56.123592] el0_svc+0x18/0x4c\n[ 56.126647] el0t_64_sync_handler+0x118/0x124\n[ 56.131005] el0t_64_sync+0x150/0x154\n[ 56.134660] ---[ end trace 0000000000000000 ]---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22061", + "https://git.kernel.org/linus/57b290d97c6150774bf929117ca737a26d8fc33d (6.15-rc1)", + "https://git.kernel.org/stable/c/57b290d97c6150774bf929117ca737a26d8fc33d", + "https://git.kernel.org/stable/c/d7f76197e49e46a8c082a6fededaa8a07e69a860", + "https://lore.kernel.org/linux-cve-announce/2025041607-CVE-2025-22061-afde@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22061", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22061" + ], + "PublishedDate": "2025-04-16T15:15:59.58Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22069", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22069", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler\n\nNaresh Kamboju reported a \"Bad frame pointer\" kernel warning while\nrunning LTP trace ftrace_stress_test.sh in riscv. We can reproduce the\nsame issue with the following command:\n\n```\n$ cd /sys/kernel/debug/tracing\n$ echo 'f:myprobe do_nanosleep%return args1=$retval' \u003e dynamic_events\n$ echo 1 \u003e events/fprobes/enable\n$ echo 1 \u003e tracing_on\n$ sleep 1\n```\n\nAnd we can get the following kernel warning:\n\n[ 127.692888] ------------[ cut here ]------------\n[ 127.693755] Bad frame pointer: expected ff2000000065be50, received ba34c141e9594000\n[ 127.693755] from func do_nanosleep return to ffffffff800ccb16\n[ 127.698699] WARNING: CPU: 1 PID: 129 at kernel/trace/fgraph.c:755 ftrace_return_to_handler+0x1b2/0x1be\n[ 127.699894] Modules linked in:\n[ 127.700908] CPU: 1 UID: 0 PID: 129 Comm: sleep Not tainted 6.14.0-rc3-g0ab191c74642 #32\n[ 127.701453] Hardware name: riscv-virtio,qemu (DT)\n[ 127.701859] epc : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702032] ra : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702151] epc : ffffffff8013b5e0 ra : ffffffff8013b5e0 sp : ff2000000065bd10\n[ 127.702221] gp : ffffffff819c12f8 tp : ff60000080853100 t0 : 6e00000000000000\n[ 127.702284] t1 : 0000000000000020 t2 : 6e7566206d6f7266 s0 : ff2000000065bd80\n[ 127.702346] s1 : ff60000081262000 a0 : 000000000000007b a1 : ffffffff81894f20\n[ 127.702408] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000\n[ 127.702470] a5 : 0000000000000000 a6 : 0000000000000008 a7 : 0000000000000038\n[ 127.702530] s2 : ba34c141e9594000 s3 : 0000000000000000 s4 : ff2000000065bdd0\n[ 127.702591] s5 : 00007fff8adcf400 s6 : 000055556dc1d8c0 s7 : 0000000000000068\n[ 127.702651] s8 : 00007fff8adf5d10 s9 : 000000000000006d s10: 0000000000000001\n[ 127.702710] s11: 00005555737377c8 t3 : ffffffff819d899e t4 : ffffffff819d899e\n[ 127.702769] t5 : ffffffff819d89a0 t6 : ff2000000065bb18\n[ 127.702826] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003\n[ 127.703292] [\u003cffffffff8013b5e0\u003e] ftrace_return_to_handler+0x1b2/0x1be\n[ 127.703760] [\u003cffffffff80017bce\u003e] return_to_handler+0x16/0x26\n[ 127.704009] [\u003cffffffff80017bb8\u003e] return_to_handler+0x0/0x26\n[ 127.704057] [\u003cffffffff800d3352\u003e] common_nsleep+0x42/0x54\n[ 127.704117] [\u003cffffffff800d44a2\u003e] __riscv_sys_clock_nanosleep+0xba/0x10a\n[ 127.704176] [\u003cffffffff80901c56\u003e] do_trap_ecall_u+0x188/0x218\n[ 127.704295] [\u003cffffffff8090cc3e\u003e] handle_exception+0x14a/0x156\n[ 127.705436] ---[ end trace 0000000000000000 ]---\n\nThe reason is that the stack layout for constructing argument for the\nftrace_return_to_handler in the return_to_handler does not match the\n__arch_ftrace_regs structure of riscv, leading to unexpected results.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22069", + "https://git.kernel.org/linus/67a5ba8f742f247bc83e46dd2313c142b1383276 (6.15-rc1)", + "https://git.kernel.org/stable/c/67a5ba8f742f247bc83e46dd2313c142b1383276", + "https://git.kernel.org/stable/c/78b39c587b8f6c69140177108f9c08a75b1c7c37", + "https://lore.kernel.org/linux-cve-announce/2025041609-CVE-2025-22069-64d9@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22069", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22069" + ], + "PublishedDate": "2025-04-16T15:16:01.1Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22092", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22092", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: PCI: Fix NULL dereference in SR-IOV VF creation error path", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix NULL dereference in SR-IOV VF creation error path\n\nClean up when virtfn setup fails to prevent NULL pointer dereference\nduring device removal. The kernel oops below occurred due to incorrect\nerror handling flow when pci_setup_device() fails.\n\nAdd pci_iov_scan_device(), which handles virtfn allocation and setup and\ncleans up if pci_setup_device() fails, so pci_iov_add_virtfn() doesn't need\nto call pci_stop_and_remove_bus_device(). This prevents accessing\npartially initialized virtfn devices during removal.\n\n BUG: kernel NULL pointer dereference, address: 00000000000000d0\n RIP: 0010:device_del+0x3d/0x3d0\n Call Trace:\n pci_remove_bus_device+0x7c/0x100\n pci_iov_add_virtfn+0xfa/0x200\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x6a/0x160 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n\n[bhelgaas: commit log, return ERR_PTR(-ENOMEM) directly]", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22092", + "https://git.kernel.org/linus/04d50d953ab46d96b0b32d5ad955fceaa28622db (6.15-rc1)", + "https://git.kernel.org/stable/c/04d50d953ab46d96b0b32d5ad955fceaa28622db", + "https://git.kernel.org/stable/c/c67a233834b778b8c78f8b62c072ccf87a9eb6d0", + "https://git.kernel.org/stable/c/ef421b4d206f0d3681804b8f94f06a8458a53aaf", + "https://lore.kernel.org/linux-cve-announce/2025041617-CVE-2025-22092-e56b@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22092", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22092" + ], + "PublishedDate": "2025-04-16T15:16:03.403Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22094", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22094", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'\n\nCommit 176cda0619b6 (\"powerpc/perf: Add perf interface to expose vpa\ncounters\") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided\nL1\u003c-\u003eL2 context switch latency counters to L1 user-space via\nperf-events. However the newly introduced PMU named 'vpa_pmu' doesn't\nassign ownership of the PMU to the module 'vpa_pmu'. Consequently the\nmodule 'vpa_pmu' can be unloaded while one of the perf-events are still\nactive, which can lead to kernel oops and panic of the form below on a\nPseries-LPAR:\n\nBUG: Kernel NULL pointer dereference on read at 0x00000058\n\u003csnip\u003e\n NIP [c000000000506cb8] event_sched_out+0x40/0x258\n LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0\n Call Trace:\n [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)\n [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0\n [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120\n\u003csnip\u003e\n Kernel panic - not syncing: Aiee, killing interrupt handler!\n\nFix this by adding the module ownership to 'vpa_pmu' so that the module\n'vpa_pmu' is ref-counted and prevented from being unloaded when perf-events\nare initialized.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22094", + "https://git.kernel.org/linus/ff99d5b6a246715f2257123cdf6c4a29cb33aa78 (6.15-rc1)", + "https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9", + "https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa", + "https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78", + "https://lore.kernel.org/linux-cve-announce/2025041618-CVE-2025-22094-d447@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22094", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22094" + ], + "PublishedDate": "2025-04-16T15:16:03.593Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22096", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22096", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/msm/gem: Fix error code msm_parse_deps()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: Fix error code msm_parse_deps()\n\nThe SUBMIT_ERROR() macro turns the error code negative. This extra '-'\noperation turns it back to positive EINVAL again. The error code is\npassed to ERR_PTR() and since positive values are not an IS_ERR() it\neventually will lead to an oops. Delete the '-'.\n\nPatchwork: https://patchwork.freedesktop.org/patch/637625/", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22096", + "https://git.kernel.org/linus/0b305b7cadce835505bd93183a599acb1f800a05 (6.15-rc1)", + "https://git.kernel.org/stable/c/0b305b7cadce835505bd93183a599acb1f800a05", + "https://git.kernel.org/stable/c/efe759dcf3352d8379a1adad7b4d14044a4c41a7", + "https://lore.kernel.org/linux-cve-announce/2025041619-CVE-2025-22096-f14d@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22096", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22096" + ], + "PublishedDate": "2025-04-16T15:16:03.96Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22098", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22098", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()\n\nInstead of attempting the same mutex twice, lock and unlock it.\n\nThis bug has been detected by the Clang thread-safety analyzer.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22098", + "https://git.kernel.org/linus/f887685ee0eb4ef716391355568181230338f6eb (6.15-rc1)", + "https://git.kernel.org/stable/c/3f988cd2f65175e79349961a43a9deb115174784", + "https://git.kernel.org/stable/c/7a8d53aa5b7d2a89cda598239d08423bd66920f1", + "https://git.kernel.org/stable/c/f887685ee0eb4ef716391355568181230338f6eb", + "https://lore.kernel.org/linux-cve-announce/2025041620-CVE-2025-22098-ed45@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22098", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22098" + ], + "PublishedDate": "2025-04-16T15:16:04.183Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22099", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22099", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init\n\ndevm_kasprintf() calls can return null pointers on failure.\nBut some return values were not checked in zynqmp_audio_init().\n\nAdd NULL check in zynqmp_audio_init(), avoid referencing null\npointers in the subsequent code.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22099", + "https://git.kernel.org/linus/d0660f9c588a1246a1a543c91a1e3cad910237da (6.15-rc1)", + "https://git.kernel.org/stable/c/066d6f22e7d84953db6bbf2dae507401157660c6", + "https://git.kernel.org/stable/c/d0660f9c588a1246a1a543c91a1e3cad910237da", + "https://lore.kernel.org/linux-cve-announce/2025041620-CVE-2025-22099-3db3@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22099", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22099" + ], + "PublishedDate": "2025-04-16T15:16:04.273Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22100", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22100", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/panthor: Fix race condition when gathering fdinfo group samples", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix race condition when gathering fdinfo group samples\n\nCommit e16635d88fa0 (\"drm/panthor: add DRM fdinfo support\") failed to\nprotect access to groups with an xarray lock, which could lead to\nuse-after-free errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22100", + "https://git.kernel.org/linus/0590c94c3596d6c1a3d549ae611366f2ad4e1d8d (6.15-rc1)", + "https://git.kernel.org/stable/c/0590c94c3596d6c1a3d549ae611366f2ad4e1d8d", + "https://git.kernel.org/stable/c/6d98c83ad67e7bd86a47494fd6c3863e7bb26db9", + "https://git.kernel.org/stable/c/e9d45f42a64a400adba59ee83d03e6db662530b4", + "https://lore.kernel.org/linux-cve-announce/2025041620-CVE-2025-22100-a7e4@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22100", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22100" + ], + "PublishedDate": "2025-04-16T15:16:04.363Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22103", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22103", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: fix NULL pointer dereference in l3mdev_l3_rcv", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer dereference in l3mdev_l3_rcv\n\nWhen delete l3s ipvlan:\n\n ip link del link eth0 ipvlan1 type ipvlan mode l3s\n\nThis may cause a null pointer dereference:\n\n Call trace:\n ip_rcv_finish+0x48/0xd0\n ip_rcv+0x5c/0x100\n __netif_receive_skb_one_core+0x64/0xb0\n __netif_receive_skb+0x20/0x80\n process_backlog+0xb4/0x204\n napi_poll+0xe8/0x294\n net_rx_action+0xd8/0x22c\n __do_softirq+0x12c/0x354\n\nThis is because l3mdev_l3_rcv() visit dev-\u003el3mdev_ops after\nipvlan_l3s_unregister() assign the dev-\u003el3mdev_ops to NULL. The process\nlike this:\n\n (CPU1) | (CPU2)\n l3mdev_l3_rcv() |\n check dev-\u003epriv_flags: |\n master = skb-\u003edev; |\n |\n | ipvlan_l3s_unregister()\n | set dev-\u003epriv_flags\n | dev-\u003el3mdev_ops = NULL;\n |\n visit master-\u003el3mdev_ops |\n\nTo avoid this by do not set dev-\u003el3mdev_ops when unregister l3s ipvlan.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22103", + "https://git.kernel.org/linus/0032c99e83b9ce6d5995d65900aa4b6ffb501cce (6.15-rc1)", + "https://git.kernel.org/stable/c/0032c99e83b9ce6d5995d65900aa4b6ffb501cce", + "https://git.kernel.org/stable/c/f9dff65140efc289f01bcf39c3ca66a8806b6132", + "https://lore.kernel.org/linux-cve-announce/2025041621-CVE-2025-22103-b3a2@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22103", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22103" + ], + "PublishedDate": "2025-04-16T15:16:04.65Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22105", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22105", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: bonding: check xdp prog when set bond mode", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: check xdp prog when set bond mode\n\nFollowing operations can trigger a warning[1]:\n\n ip netns add ns1\n ip netns exec ns1 ip link add bond0 type bond mode balance-rr\n ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp\n ip netns exec ns1 ip link set bond0 type bond mode broadcast\n ip netns del ns1\n\nWhen delete the namespace, dev_xdp_uninstall() is called to remove xdp\nprogram on bond dev, and bond_xdp_set() will check the bond mode. If bond\nmode is changed after attaching xdp program, the warning may occur.\n\nSome bond modes (broadcast, etc.) do not support native xdp. Set bond mode\nwith xdp program attached is not good. Add check for xdp program when set\nbond mode.\n\n [1]\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930\n Modules linked in:\n CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n Workqueue: netns cleanup_net\n RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930\n Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ...\n RSP: 0018:ffffc90000063d80 EFLAGS: 00000282\n RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff\n RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48\n RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb\n R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8\n R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000\n FS: 0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x54/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? bond_net_exit_batch_rtnl+0x5c/0x90\n cleanup_net+0x237/0x3d0\n process_one_work+0x163/0x390\n worker_thread+0x293/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xec/0x1e0\n ? __pfx_kthread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22105", + "https://git.kernel.org/linus/094ee6017ea09c11d6af187935a949df32803ce0 (6.15-rc1)", + "https://git.kernel.org/stable/c/094ee6017ea09c11d6af187935a949df32803ce0", + "https://git.kernel.org/stable/c/0dd4fac43bdea23cfe4bb2a3eabb76d752ac32fb", + "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22105-afef@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22105", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22105" + ], + "PublishedDate": "2025-04-16T15:16:04.827Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22106", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22106", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: vmxnet3: unregister xdp rxq info in the reset path", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: unregister xdp rxq info in the reset path\n\nvmxnet3 does not unregister xdp rxq info in the\nvmxnet3_reset_work() code path as vmxnet3_rq_destroy()\nis not invoked in this code path. So, we get below message with a\nbacktrace.\n\nMissing unregister, handled but fix driver\nWARNING: CPU:48 PID: 500 at net/core/xdp.c:182\n__xdp_rxq_info_reg+0x93/0xf0\n\nThis patch fixes the problem by moving the unregister\ncode of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22106", + "https://git.kernel.org/linus/0dd765fae295832934bf28e45dd5a355e0891ed4 (6.15-rc1)", + "https://git.kernel.org/stable/c/0dd765fae295832934bf28e45dd5a355e0891ed4", + "https://git.kernel.org/stable/c/9908541a9e235b7c5e2fbdd59910eaf9c32c3075", + "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22106-259e@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22106", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22106" + ], + "PublishedDate": "2025-04-16T15:16:04.913Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22107", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22107", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()\n\nThere are actually 2 problems:\n- deleting the last element doesn't require the memmove of elements\n [i + 1, end) over it. Actually, element i+1 is out of bounds.\n- The memmove itself should move size - i - 1 elements, because the last\n element is out of bounds.\n\nThe out-of-bounds element still remains out of bounds after being\naccessed, so the problem is only that we touch it, not that it becomes\nin active use. But I suppose it can lead to issues if the out-of-bounds\nelement is part of an unmapped page.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22107", + "https://git.kernel.org/linus/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481 (6.15-rc1)", + "https://git.kernel.org/stable/c/59b97641de03c081f26b3a8876628c765b5faa25", + "https://git.kernel.org/stable/c/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481", + "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22107-1266@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22107", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22107" + ], + "PublishedDate": "2025-04-16T15:16:04.997Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22108", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22108", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: bnxt_en: Mask the bd_cnt field in the TX BD properly", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Mask the bd_cnt field in the TX BD properly\n\nThe bd_cnt field in the TX BD specifies the total number of BDs for\nthe TX packet. The bd_cnt field has 5 bits and the maximum number\nsupported is 32 with the value 0.\n\nCONFIG_MAX_SKB_FRAGS can be modified and the total number of SKB\nfragments can approach or exceed the maximum supported by the chip.\nAdd a macro to properly mask the bd_cnt field so that the value 32\nwill be properly masked and set to 0 in the bd_cnd field.\n\nWithout this patch, the out-of-range bd_cnt value will corrupt the\nTX BD and may cause TX timeout.\n\nThe next patch will check for values exceeding 32.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22108", + "https://git.kernel.org/linus/107b25db61122d8f990987895c2912927b8b6e3f (6.15-rc1)", + "https://git.kernel.org/stable/c/107b25db61122d8f990987895c2912927b8b6e3f", + "https://git.kernel.org/stable/c/f60b41b815826f15c4d0323f923f398c423178d0", + "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22108-39f0@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22108", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22108" + ], + "PublishedDate": "2025-04-16T15:16:05.083Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22109", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22109", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ax25: Remove broken autobind", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Remove broken autobind\n\nBinding AX25 socket by using the autobind feature leads to memory leaks\nin ax25_connect() and also refcount leaks in ax25_release(). Memory\nleak was detected with kmemleak:\n\n================================================================\nunreferenced object 0xffff8880253cd680 (size 96):\nbacktrace:\n__kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43)\nkmemdup_noprof (mm/util.c:136)\nax25_rt_autobind (net/ax25/ax25_route.c:428)\nax25_connect (net/ax25/af_ax25.c:1282)\n__sys_connect_file (net/socket.c:2045)\n__sys_connect (net/socket.c:2064)\n__x64_sys_connect (net/socket.c:2067)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n================================================================\n\nWhen socket is bound, refcounts must be incremented the way it is done\nin ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of\nautobind, the refcounts are not incremented.\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de\n------------[ cut here ]------------\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\nModules linked in:\nCPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\n...\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4302 [inline]\n netdev_put include/linux/netdevice.h:4319 [inline]\n ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080\n __sock_release net/socket.c:647 [inline]\n sock_close+0xbc/0x240 net/socket.c:1398\n __fput+0x3e9/0x9f0 fs/file_table.c:464\n __do_sys_close fs/open.c:1580 [inline]\n __se_sys_close fs/open.c:1565 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1565\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nConsidering the issues above and the comments left in the code that say:\n\"check if we can remove this feature. It is broken.\"; \"autobinding in this\nmay or may not work\"; - it is better to completely remove this feature than\nto fix it because it is broken and leads to various kinds of memory bugs.\n\nNow calling connect() without first binding socket will result in an\nerror (-EINVAL). Userspace software that relies on the autobind feature\nmight get broken. However, this feature does not seem widely used with\nthis specific driver as it was not reliable at any point of time, and it\nis already broken anyway. E.g. ax25-tools and ax25-apps packages for\npopular distributions do not use the autobind feature for AF_AX25.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22109", + "https://git.kernel.org/linus/2f6efbabceb6b2914ee9bafb86d9a51feae9cce8 (6.15-rc1)", + "https://git.kernel.org/stable/c/2f6efbabceb6b2914ee9bafb86d9a51feae9cce8", + "https://git.kernel.org/stable/c/61203fdd3e35519db9a98b6ff8983c620ffc4696", + "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22109-f8e7@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22109", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22109" + ], + "PublishedDate": "2025-04-16T15:16:05.167Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22110", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22110", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error\n\nIt is possible that ctx in nfqnl_build_packet_message() could be used\nbefore it is properly initialize, which is only initialized\nby nfqnl_get_sk_secctx().\n\nThis patch corrects this problem by initializing the lsmctx to a safe\nvalue when it is declared.\n\nThis is similar to the commit 35fcac7a7c25\n(\"audit: Initialize lsmctx to avoid memory allocation error\").", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22110", + "https://git.kernel.org/linus/778b09d91baafb13408470c721d034d6515cfa5a (6.15-rc1)", + "https://git.kernel.org/stable/c/778b09d91baafb13408470c721d034d6515cfa5a", + "https://git.kernel.org/stable/c/ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759", + "https://lore.kernel.org/linux-cve-announce/2025041624-CVE-2025-22110-6a28@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22110", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22110" + ], + "PublishedDate": "2025-04-16T15:16:05.253Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22111", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22111", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.\n\nSIOCBRDELIF is passed to dev_ioctl() first and later forwarded to\nbr_ioctl_call(), which causes unnecessary RTNL dance and the splat\nbelow [0] under RTNL pressure.\n\nLet's say Thread A is trying to detach a device from a bridge and\nThread B is trying to remove the bridge.\n\nIn dev_ioctl(), Thread A bumps the bridge device's refcnt by\nnetdev_hold() and releases RTNL because the following br_ioctl_call()\nalso re-acquires RTNL.\n\nIn the race window, Thread B could acquire RTNL and try to remove\nthe bridge device. Then, rtnl_unlock() by Thread B will release RTNL\nand wait for netdev_put() by Thread A.\n\nThread A, however, must hold RTNL after the unlock in dev_ifsioc(),\nwhich may take long under RTNL pressure, resulting in the splat by\nThread B.\n\n Thread A (SIOCBRDELIF) Thread B (SIOCBRDELBR)\n ---------------------- ----------------------\n sock_ioctl sock_ioctl\n `- sock_do_ioctl `- br_ioctl_call\n `- dev_ioctl `- br_ioctl_stub\n |- rtnl_lock |\n |- dev_ifsioc '\n ' |- dev = __dev_get_by_name(...)\n |- netdev_hold(dev, ...) .\n / |- rtnl_unlock ------. |\n | |- br_ioctl_call `---\u003e |- rtnl_lock\n Race | | `- br_ioctl_stub |- br_del_bridge\n Window | | | |- dev = __dev_get_by_name(...)\n | | | May take long | `- br_dev_delete(dev, ...)\n | | | under RTNL pressure | `- unregister_netdevice_queue(dev, ...)\n | | | | `- rtnl_unlock\n \\ | |- rtnl_lock \u003c-' `- netdev_run_todo\n | |- ... `- netdev_run_todo\n | `- rtnl_unlock |- __rtnl_unlock\n | |- netdev_wait_allrefs_any\n |- netdev_put(dev, ...) \u003c----------------'\n Wait refcnt decrement\n and log splat below\n\nTo avoid blocking SIOCBRDELBR unnecessarily, let's not call\ndev_ioctl() for SIOCBRADDIF and SIOCBRDELIF.\n\nIn the dev_ioctl() path, we do the following:\n\n 1. Copy struct ifreq by get_user_ifreq in sock_do_ioctl()\n 2. Check CAP_NET_ADMIN in dev_ioctl()\n 3. Call dev_load() in dev_ioctl()\n 4. Fetch the master dev from ifr.ifr_name in dev_ifsioc()\n\n3. can be done by request_module() in br_ioctl_call(), so we move\n1., 2., and 4. to br_ioctl_stub().\n\nNote that 2. is also checked later in add_del_if(), but it's better\nperformed before RTNL.\n\nSIOCBRADDIF and SIOCBRDELIF have been processed in dev_ioctl() since\nthe pre-git era, and there seems to be no specific reason to process\nthem there.\n\n[0]:\nunregister_netdevice: waiting for wpan3 to become free. Usage count = 2\nref_tracker: wpan3@ffff8880662d8608 has 1/1 users at\n __netdev_tracker_alloc include/linux/netdevice.h:4282 [inline]\n netdev_hold include/linux/netdevice.h:4311 [inline]\n dev_ifsioc+0xc6a/0x1160 net/core/dev_ioctl.c:624\n dev_ioctl+0x255/0x10c0 net/core/dev_ioctl.c:826\n sock_do_ioctl+0x1ca/0x260 net/socket.c:1213\n sock_ioctl+0x23a/0x6c0 net/socket.c:1318\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x1a4/0x210 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22111", + "https://git.kernel.org/linus/ed3ba9b6e280e14cc3148c1b226ba453f02fa76c (6.15-rc1)", + "https://git.kernel.org/stable/c/00fe0ac64efd1f5373b3dd9f1f84b19235371e39", + "https://git.kernel.org/stable/c/ed3ba9b6e280e14cc3148c1b226ba453f02fa76c", + "https://lore.kernel.org/linux-cve-announce/2025041624-CVE-2025-22111-8bec@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22111", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22111" + ], + "PublishedDate": "2025-04-16T15:16:05.347Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22114", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22114", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: btrfs: don't clobber ret in btrfs_validate_super()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't clobber ret in btrfs_validate_super()\n\nCommit 2a9bb78cfd36 (\"btrfs: validate system chunk array at\nbtrfs_validate_super()\") introduces a call to validate_sys_chunk_array()\nin btrfs_validate_super(), which clobbers the value of ret set earlier.\nThis has the effect of negating the validity checks done earlier, making\nit so btrfs could potentially try to mount invalid filesystems.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22114", + "https://git.kernel.org/linus/9db9c7dd5b4e1d3205137a094805980082c37716 (6.15-rc1)", + "https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716", + "https://git.kernel.org/stable/c/ef6800a2015e706e9852a5ec15263fec9990d012", + "https://lore.kernel.org/linux-cve-announce/2025041625-CVE-2025-22114-721d@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22114", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22114" + ], + "PublishedDate": "2025-04-16T15:16:05.617Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22115", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22115", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: btrfs: fix block group refcount race in btrfs_create_pending_block_groups()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix block group refcount race in btrfs_create_pending_block_groups()\n\nBlock group creation is done in two phases, which results in a slightly\nunintuitive property: a block group can be allocated/deallocated from\nafter btrfs_make_block_group() adds it to the space_info with\nbtrfs_add_bg_to_space_info(), but before creation is completely completed\nin btrfs_create_pending_block_groups(). As a result, it is possible for a\nblock group to go unused and have 'btrfs_mark_bg_unused' called on it\nconcurrently with 'btrfs_create_pending_block_groups'. This causes a\nnumber of issues, which were fixed with the block group flag\n'BLOCK_GROUP_FLAG_NEW'.\n\nHowever, this fix is not quite complete. Since it does not use the\nunused_bg_lock, it is possible for the following race to occur:\n\nbtrfs_create_pending_block_groups btrfs_mark_bg_unused\n if list_empty // false\n list_del_init\n clear_bit\n else if (test_bit) // true\n list_move_tail\n\nAnd we get into the exact same broken ref count and invalid new_bgs\nstate for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to\nprevent.\n\nThe broken refcount aspect will result in a warning like:\n\n [1272.943527] refcount_t: underflow; use-after-free.\n [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs]\n [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G W 6.14.0-rc5+ #108\n [1272.946368] Tainted: [W]=WARN\n [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs]\n [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110\n [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282\n [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000\n [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff\n [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268\n [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0\n [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0\n [1272.952850] FS: 0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000\n [1272.953458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0\n [1272.954474] Call Trace:\n [1272.954655] \u003cTASK\u003e\n [1272.954812] ? refcount_warn_saturate+0xba/0x110\n [1272.955173] ? __warn.cold+0x93/0xd7\n [1272.955487] ? refcount_warn_saturate+0xba/0x110\n [1272.955816] ? report_bug+0xe7/0x120\n [1272.956103] ? handle_bug+0x53/0x90\n [1272.956424] ? exc_invalid_op+0x13/0x60\n [1272.956700] ? asm_exc_invalid_op+0x16/0x20\n [1272.957011] ? refcount_warn_saturate+0xba/0x110\n [1272.957399] btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs]\n [1272.957853] btrfs_put_block_group.cold+0x5d/0x8e [btrfs]\n [1272.958289] btrfs_discard_workfn+0x194/0x380 [btrfs]\n [1272.958729] process_one_work+0x130/0x290\n [1272.959026] worker_thread+0x2ea/0x420\n [1272.959335] ? __pfx_worker_thread+0x10/0x10\n [1272.959644] kthread+0xd7/0x1c0\n [1272.959872] ? __pfx_kthread+0x10/0x10\n [1272.960172] ret_from_fork+0x30/0x50\n [1272.960474] ? __pfx_kthread+0x10/0x10\n [1272.960745] ret_from_fork_asm+0x1a/0x30\n [1272.961035] \u003c/TASK\u003e\n [1272.961238] ---[ end trace 0000000000000000 ]---\n\nThough we have seen them in the async discard workfn as well. It is\nmost likely to happen after a relocation finishes which cancels discard,\ntears down the block group, etc.\n\nFix this fully by taking the lock arou\n---truncated---", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22115", + "https://git.kernel.org/linus/2d8e5168d48a91e7a802d3003e72afb4304bebfa (6.15-rc1)", + "https://git.kernel.org/stable/c/2d8e5168d48a91e7a802d3003e72afb4304bebfa", + "https://git.kernel.org/stable/c/9d383a6fc59271aaaf07a33b23b2eac5b9268b7a", + "https://git.kernel.org/stable/c/ee56da95f8962b86fec4ef93f866e64c8d025a58", + "https://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22115-857c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22115", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22115" + ], + "PublishedDate": "2025-04-16T15:16:05.71Z", + "LastModifiedDate": "2025-07-24T07:15:52.84Z" + }, + { + "VulnerabilityID": "CVE-2025-22116", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22116", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: idpf: check error for register_netdev() on init", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: check error for register_netdev() on init\n\nCurrent init logic ignores the error code from register_netdev(),\nwhich will cause WARN_ON() on attempt to unregister it, if there was one,\nand there is no info for the user that the creation of the netdev failed.\n\nWARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10\n...\n[ 3707.563641] unregister_netdev+0x1c/0x30\n[ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf]\n[ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf]\n[ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf]\n[ 3707.563739] idpf_remove+0xbf/0x780 [idpf]\n[ 3707.563769] pci_device_remove+0xab/0x1e0\n[ 3707.563786] device_release_driver_internal+0x371/0x530\n[ 3707.563803] driver_detach+0xbf/0x180\n[ 3707.563816] bus_remove_driver+0x11b/0x2a0\n[ 3707.563829] pci_unregister_driver+0x2a/0x250\n\nIntroduce an error check and log the vport number and error code.\nOn removal make sure to check VPORT_REG_NETDEV flag prior to calling\nunregister and free on the netdev.\n\nAdd local variables for idx, vport_config and netdev for readability.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22116", + "https://git.kernel.org/linus/680811c67906191b237bbafe7dabbbad64649b39 (6.15-rc1)", + "https://git.kernel.org/stable/c/680811c67906191b237bbafe7dabbbad64649b39", + "https://git.kernel.org/stable/c/89768e33752211b2240ec4c34138170c95f11f97", + "https://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22116-a2f7@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22116", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22116" + ], + "PublishedDate": "2025-04-16T15:16:05.8Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22117", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22117", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()\n\nFix using the untrusted value of proto-\u003eraw.pkt_len in function\nice_vc_fdir_parse_raw() by verifying if it does not exceed the\nVIRTCHNL_MAX_SIZE_RAW_PACKET value.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22117", + "https://git.kernel.org/linus/1388dd564183a5a18ec4a966748037736b5653c5 (6.15-rc1)", + "https://git.kernel.org/stable/c/1388dd564183a5a18ec4a966748037736b5653c5", + "https://git.kernel.org/stable/c/362f704ba73a359db9cded567e891d9a8f081875", + "https://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22117-2d76@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22117", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22117" + ], + "PublishedDate": "2025-04-16T15:16:05.9Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22118", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22118", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ice: validate queue quanta parameters to prevent OOB access", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: validate queue quanta parameters to prevent OOB access\n\nAdd queue wraparound prevention in quanta configuration.\nEnsure end_qid does not overflow by validating start_qid and num_queues.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22118", + "https://git.kernel.org/linus/e2f7d3f7331b92cb820da23e8c45133305da1e63 (6.15-rc1)", + "https://git.kernel.org/stable/c/4161cf3f4c11006507f4e02bedc048a215a4b81a", + "https://git.kernel.org/stable/c/e2f7d3f7331b92cb820da23e8c45133305da1e63", + "https://lore.kernel.org/linux-cve-announce/2025041627-CVE-2025-22118-6ba3@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22118", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22118" + ], + "PublishedDate": "2025-04-16T15:16:06.003Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22124", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22124", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix wrong bitmap_limit for clustermd when write sb\n\nIn clustermd, separate write-intent-bitmaps are used for each cluster\nnode:\n\n0 4k 8k 12k\n-------------------------------------------------------------------\n| idle | md super | bm super [0] + bits |\n| bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] |\n| bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits |\n| bm bits [3, contd] | | |\n\nSo in node 1, pg_index in __write_sb_page() could equal to\nbitmap-\u003estorage.file_pages. Then bitmap_limit will be calculated to\n0. md_super_write() will be called with 0 size.\nThat means the first 4k sb area of node 1 will never be updated\nthrough filemap_write_page().\nThis bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.\n\nHere use (pg_index % bitmap-\u003estorage.file_pages) to make calculation\nof bitmap_limit correct.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22124", + "https://git.kernel.org/linus/6130825f34d41718c98a9b1504a79a23e379701e (6.15-rc1)", + "https://git.kernel.org/stable/c/6130825f34d41718c98a9b1504a79a23e379701e", + "https://git.kernel.org/stable/c/bc3a9788961631359527763d7e1fcf26554c7cb1", + "https://lore.kernel.org/linux-cve-announce/2025041629-CVE-2025-22124-4561@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22124", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22124" + ], + "PublishedDate": "2025-04-16T15:16:06.54Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22125", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22125", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: md/raid1,raid10: don't ignore IO flags", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1,raid10: don't ignore IO flags\n\nIf blk-wbt is enabled by default, it's found that raid write performance\nis quite bad because all IO are throttled by wbt of underlying disks,\ndue to flag REQ_IDLE is ignored. And turns out this behaviour exist since\nblk-wbt is introduced.\n\nOther than REQ_IDLE, other flags should not be ignored as well, for\nexample REQ_META can be set for filesystems, clearing it can cause priority\nreverse problems; And REQ_NOWAIT should not be cleared as well, because\nio will wait instead of failing directly in underlying disks.\n\nFix those problems by keep IO flags from master bio.\n\nFises: f51d46d0e7cb (\"md: add support for REQ_NOWAIT\")", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22125", + "https://git.kernel.org/linus/e879a0d9cb086c8e52ce6c04e5bfa63825a6213c (6.15-rc1)", + "https://git.kernel.org/stable/c/8a0adf3d778c4a0893c6d34a9e1b0082a6f1c495", + "https://git.kernel.org/stable/c/e879a0d9cb086c8e52ce6c04e5bfa63825a6213c", + "https://lore.kernel.org/linux-cve-announce/2025041629-CVE-2025-22125-ba0f@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22125", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22125" + ], + "PublishedDate": "2025-04-16T15:16:06.63Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-22127", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22127", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: f2fs: fix potential deadloop in prepare_compress_overwrite()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix potential deadloop in prepare_compress_overwrite()\n\nJan Prusakowski reported a kernel hang issue as below:\n\nWhen running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I\nencountered a problem in generic/475 test where fsstress process\ngets blocked in __f2fs_write_data_pages() and the test hangs.\nThe options I used are:\n\nMKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc\nMOUNT_OPTIONS -- -o acl,user_xattr -o discard,compress_extension=* /dev/vdc /vdc\n\nINFO: task kworker/u8:0:11 blocked for more than 122 seconds.\n Not tainted 6.14.0-rc3-xfstests-lockdep #1\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/u8:0 state:D stack:0 pid:11 tgid:11 ppid:2 task_flags:0x4208160 flags:0x00004000\nWorkqueue: writeback wb_workfn (flush-253:0)\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x309/0x8e0\n schedule+0x3a/0x100\n schedule_preempt_disabled+0x15/0x30\n __mutex_lock+0x59a/0xdb0\n __f2fs_write_data_pages+0x3ac/0x400\n do_writepages+0xe8/0x290\n __writeback_single_inode+0x5c/0x360\n writeback_sb_inodes+0x22f/0x570\n wb_writeback+0xb0/0x410\n wb_do_writeback+0x47/0x2f0\n wb_workfn+0x5a/0x1c0\n process_one_work+0x223/0x5b0\n worker_thread+0x1d5/0x3c0\n kthread+0xfd/0x230\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThe root cause is: once generic/475 starts toload error table to dm\ndevice, f2fs_prepare_compress_overwrite() will loop reading compressed\ncluster pages due to IO error, meanwhile it has held .writepages lock,\nit can block all other writeback tasks.\n\nLet's fix this issue w/ below changes:\n- add f2fs_handle_page_eio() in prepare_compress_overwrite() to\ndetect IO error.\n- detect cp_error earler in f2fs_read_multi_pages().", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22127", + "https://git.kernel.org/linus/3147ee567dd9004a49826ddeaf0a4b12865d4409 (6.15-rc1)", + "https://git.kernel.org/stable/c/3147ee567dd9004a49826ddeaf0a4b12865d4409", + "https://git.kernel.org/stable/c/7215cf8ef54bdc9082dffac4662416d54961e258", + "https://lore.kernel.org/linux-cve-announce/2025041630-CVE-2025-22127-81a6@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22127", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22127" + ], + "PublishedDate": "2025-04-16T15:16:06.813Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-23129", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23129", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath11k_pci_alloc_msi(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ. This results in the\nbelow warning:\n\nWARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 free_irq+0x278/0x29c\nCall trace:\n free_irq+0x278/0x29c\n ath11k_pcic_free_irq+0x70/0x10c [ath11k]\n ath11k_pci_probe+0x800/0x820 [ath11k_pci]\n local_pci_probe+0x40/0xbc\n\nThe warning is due to not clearing the affinity hint before freeing the\nIRQs.\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath11k_pcic_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.\n\nTested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-23129", + "https://git.kernel.org/linus/68410c5bd381a81bcc92b808e7dc4e6b9ed25d11 (6.15-rc1)", + "https://git.kernel.org/stable/c/3fc42cfcc6e336f25dee79b34e57c4a63cd652a5", + "https://git.kernel.org/stable/c/68410c5bd381a81bcc92b808e7dc4e6b9ed25d11", + "https://lore.kernel.org/linux-cve-announce/2025041630-CVE-2025-23129-7ada@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-23129", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-23129" + ], + "PublishedDate": "2025-04-16T15:16:07.373Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-23130", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23130", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: f2fs: fix to avoid panic once fallocation fails for pinfile", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid panic once fallocation fails for pinfile\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2746!\nCPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0\nRIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline]\nRIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876\nCall Trace:\n \u003cTASK\u003e\n __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3210\n f2fs_allocate_new_section fs/f2fs/segment.c:3224 [inline]\n f2fs_allocate_pinning_section+0xfa/0x4e0 fs/f2fs/segment.c:3238\n f2fs_expand_inode_data+0x696/0xca0 fs/f2fs/file.c:1830\n f2fs_fallocate+0x537/0xa10 fs/f2fs/file.c:1940\n vfs_fallocate+0x569/0x6e0 fs/open.c:327\n do_vfs_ioctl+0x258c/0x2e40 fs/ioctl.c:885\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x80/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent pinfile allocation may run out of free section, result in\npanic in get_new_segment(), let's expand pin_sem lock coverage to\ninclude f2fs_gc(), so that we can make sure to reclaim enough free\nspace for following allocation.\n\nIn addition, do below changes to enhance error path handling:\n- call f2fs_bug_on() only in non-pinfile allocation path in\nget_new_segment().\n- call reset_curseg_fields() to reset all fields of curseg in\nnew_curseg()", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-23130", + "https://git.kernel.org/linus/48ea8b200414ac69ea96f4c231f5c7ef1fbeffef (6.15-rc1)", + "https://git.kernel.org/stable/c/48ea8b200414ac69ea96f4c231f5c7ef1fbeffef", + "https://git.kernel.org/stable/c/9392862608d081a8346a3b841f862d732fce954b", + "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23130-438d@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-23130", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-23130" + ], + "PublishedDate": "2025-04-16T15:16:07.457Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-23131", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23131", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: dlm: prevent NPD when writing a positive value to event_done", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-23131", + "https://git.kernel.org/linus/8e2bad543eca5c25cd02cbc63d72557934d45f13 (6.15-rc1)", + "https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13", + "https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c", + "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23131-1a88@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-23131", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-23131" + ], + "PublishedDate": "2025-04-16T15:16:07.547Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-23132", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23132", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: f2fs: quota: fix to avoid warning in dquot_writeback_dquots()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: quota: fix to avoid warning in dquot_writeback_dquots()\n\nF2FS-fs (dm-59): checkpoint=enable has some unwritten data.\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308\npc : dquot_writeback_dquots+0x2fc/0x308\nlr : f2fs_quota_sync+0xcc/0x1c4\nCall trace:\ndquot_writeback_dquots+0x2fc/0x308\nf2fs_quota_sync+0xcc/0x1c4\nf2fs_write_checkpoint+0x3d4/0x9b0\nf2fs_issue_checkpoint+0x1bc/0x2c0\nf2fs_sync_fs+0x54/0x150\nf2fs_do_sync_file+0x2f8/0x814\n__f2fs_ioctl+0x1960/0x3244\nf2fs_ioctl+0x54/0xe0\n__arm64_sys_ioctl+0xa8/0xe4\ninvoke_syscall+0x58/0x114\n\ncheckpoint and f2fs_remount may race as below, resulting triggering warning\nin dquot_writeback_dquots().\n\natomic write remount\n - do_remount\n - down_write(\u0026sb-\u003es_umount);\n - f2fs_remount\n- ioctl\n - f2fs_do_sync_file\n - f2fs_sync_fs\n - f2fs_write_checkpoint\n - block_operations\n - locked = down_read_trylock(\u0026sbi-\u003esb-\u003es_umount)\n : fail to lock due to the write lock was held by remount\n - up_write(\u0026sb-\u003es_umount);\n - f2fs_quota_sync\n - dquot_writeback_dquots\n - WARN_ON_ONCE(!rwsem_is_locked(\u0026sb-\u003es_umount))\n : trigger warning because s_umount lock was unlocked by remount\n\nIf checkpoint comes from mount/umount/remount/freeze/quotactl, caller of\ncheckpoint has already held s_umount lock, calling dquot_writeback_dquots()\nin the context should be safe.\n\nSo let's record task to sbi-\u003eumount_lock_holder, so that checkpoint can\nknow whether the lock has held in the context or not by checking current\nw/ it.\n\nIn addition, in order to not misrepresent caller of checkpoint, we should\nnot allow to trigger async checkpoint for those callers: mount/umount/remount/\nfreeze/quotactl.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-23132", + "https://git.kernel.org/linus/eb85c2410d6f581e957cd03a644ff6ddbe592af9 (6.15-rc1)", + "https://git.kernel.org/stable/c/d7acf0a6c87aa282c86a36dbaa2f92fda88c5884", + "https://git.kernel.org/stable/c/eb85c2410d6f581e957cd03a644ff6ddbe592af9", + "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23132-cbf9@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-23132", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-23132" + ], + "PublishedDate": "2025-04-16T15:16:07.63Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-23133", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23133", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath11k: update channel list in reg notifier instead reg worker", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: update channel list in reg notifier instead reg worker\n\nCurrently when ath11k gets a new channel list, it will be processed\naccording to the following steps:\n1. update new channel list to cfg80211 and queue reg_work.\n2. cfg80211 handles new channel list during reg_work.\n3. update cfg80211's handled channel list to firmware by\nath11k_reg_update_chan_list().\n\nBut ath11k will immediately execute step 3 after reg_work is just\nqueued. Since step 2 is asynchronous, cfg80211 may not have completed\nhandling the new channel list, which may leading to an out-of-bounds\nwrite error:\nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list\nCall Trace:\n ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]\n kfree+0x109/0x3a0\n ath11k_regd_update+0x1cf/0x350 [ath11k]\n ath11k_regd_update_work+0x14/0x20 [ath11k]\n process_one_work+0xe35/0x14c0\n\nShould ensure step 2 is completely done before executing step 3. Thus\nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,\ncfg80211 will notify ath11k after step 2 is done.\n\nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will\nnotify ath11k after step 2 is done. At this time, there will be no\nKASAN bug during the execution of the step 3.\n\n[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-23133", + "https://git.kernel.org/linus/933ab187e679e6fbdeea1835ae39efcc59c022d2 (6.15-rc1)", + "https://git.kernel.org/stable/c/933ab187e679e6fbdeea1835ae39efcc59c022d2", + "https://git.kernel.org/stable/c/f952fb83c9c6f908d27500764c4aee1df04b9d3f", + "https://lore.kernel.org/linux-cve-announce/2025041632-CVE-2025-23133-c1c5@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-23133", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-23133" + ], + "PublishedDate": "2025-04-16T15:16:07.717Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-23135", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23135", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: RISC-V: KVM: Teardown riscv specific bits after kvm_exit", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: KVM: Teardown riscv specific bits after kvm_exit\n\nDuring a module removal, kvm_exit invokes arch specific disable\ncall which disables AIA. However, we invoke aia_exit before kvm_exit\nresulting in the following warning. KVM kernel module can't be inserted\nafterwards due to inconsistent state of IRQ.\n\n[25469.031389] percpu IRQ 31 still enabled on CPU0!\n[25469.031732] WARNING: CPU: 3 PID: 943 at kernel/irq/manage.c:2476 __free_percpu_irq+0xa2/0x150\n[25469.031804] Modules linked in: kvm(-)\n[25469.031848] CPU: 3 UID: 0 PID: 943 Comm: rmmod Not tainted 6.14.0-rc5-06947-g91c763118f47-dirty #2\n[25469.031905] Hardware name: riscv-virtio,qemu (DT)\n[25469.031928] epc : __free_percpu_irq+0xa2/0x150\n[25469.031976] ra : __free_percpu_irq+0xa2/0x150\n[25469.032197] epc : ffffffff8007db1e ra : ffffffff8007db1e sp : ff2000000088bd50\n[25469.032241] gp : ffffffff8131cef8 tp : ff60000080b96400 t0 : ff2000000088baf8\n[25469.032285] t1 : fffffffffffffffc t2 : 5249207570637265 s0 : ff2000000088bd90\n[25469.032329] s1 : ff60000098b21080 a0 : 037d527a15eb4f00 a1 : 037d527a15eb4f00\n[25469.032372] a2 : 0000000000000023 a3 : 0000000000000001 a4 : ffffffff8122dbf8\n[25469.032410] a5 : 0000000000000fff a6 : 0000000000000000 a7 : ffffffff8122dc10\n[25469.032448] s2 : ff60000080c22eb0 s3 : 0000000200000022 s4 : 000000000000001f\n[25469.032488] s5 : ff60000080c22e00 s6 : ffffffff80c351c0 s7 : 0000000000000000\n[25469.032582] s8 : 0000000000000003 s9 : 000055556b7fb490 s10: 00007ffff0e12fa0\n[25469.032621] s11: 00007ffff0e13e9a t3 : ffffffff81354ac7 t4 : ffffffff81354ac7\n[25469.032664] t5 : ffffffff81354ac8 t6 : ffffffff81354ac7\n[25469.032698] status: 0000000200000100 badaddr: ffffffff8007db1e cause: 0000000000000003\n[25469.032738] [\u003cffffffff8007db1e\u003e] __free_percpu_irq+0xa2/0x150\n[25469.032797] [\u003cffffffff8007dbfc\u003e] free_percpu_irq+0x30/0x5e\n[25469.032856] [\u003cffffffff013a57dc\u003e] kvm_riscv_aia_exit+0x40/0x42 [kvm]\n[25469.033947] [\u003cffffffff013b4e82\u003e] cleanup_module+0x10/0x32 [kvm]\n[25469.035300] [\u003cffffffff8009b150\u003e] __riscv_sys_delete_module+0x18e/0x1fc\n[25469.035374] [\u003cffffffff8000c1ca\u003e] syscall_handler+0x3a/0x46\n[25469.035456] [\u003cffffffff809ec9a4\u003e] do_trap_ecall_u+0x72/0x134\n[25469.035536] [\u003cffffffff809f5e18\u003e] handle_exception+0x148/0x156\n\nInvoke aia_exit and other arch specific cleanup functions after kvm_exit\nso that disable gets a chance to be called first before exit.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-23135", + "https://git.kernel.org/linus/2d117e67f318303f6ab699a5511d1fac3f170545 (6.15-rc1)", + "https://git.kernel.org/stable/c/1521cc04f0b6e737ff30105aa57fa9dde8493231", + "https://git.kernel.org/stable/c/1edb2de48616b11ee05e9a65d74c70abcb6d9939", + "https://git.kernel.org/stable/c/2d117e67f318303f6ab699a5511d1fac3f170545", + "https://lore.kernel.org/linux-cve-announce/2025041633-CVE-2025-23135-b4dd@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-23135", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-23135" + ], + "PublishedDate": "2025-04-16T15:16:07.883Z", + "LastModifiedDate": "2025-04-17T20:22:16.24Z" + }, + { + "VulnerabilityID": "CVE-2025-37743", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37743", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath12k: Avoid memory leak while enabling statistics", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid memory leak while enabling statistics\n\nDriver uses monitor destination rings for extended statistics mode and\nstandalone monitor mode. In extended statistics mode, TLVs are parsed from\nthe buffer received from the monitor destination ring and assigned to the\nppdu_info structure to update per-packet statistics. In standalone monitor\nmode, along with per-packet statistics, the packet data (payload) is\ncaptured, and the driver updates per MSDU to mac80211.\n\nWhen the AP interface is enabled, only extended statistics mode is\nactivated. As part of enabling monitor rings for collecting statistics,\nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter\nconfiguration. This TLV is received from the monitor destination ring, and\nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a\nmemory leak. The kzalloc for the mon_mpdu object is only required while\nenabling the standalone monitor interface. This causes a memory leak while\nenabling extended statistics mode in the driver.\n\nFix this memory leak by removing the kzalloc for the mon_mpdu object in\nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone\nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs.\nThese TLV tags will be handled properly when enabling standalone monitor\nmode in the future.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37743", + "https://git.kernel.org/linus/ecfc131389923405be8e7a6f4408fd9321e4d19b (6.15-rc1)", + "https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c", + "https://git.kernel.org/stable/c/ecfc131389923405be8e7a6f4408fd9321e4d19b", + "https://lore.kernel.org/linux-cve-announce/2025050134-CVE-2025-37743-35a7@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37743", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-37743" + ], + "PublishedDate": "2025-05-01T13:15:53Z", + "LastModifiedDate": "2025-05-02T13:53:20.943Z" + }, + { + "VulnerabilityID": "CVE-2025-37746", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37746", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: perf/dwc_pcie: fix duplicate pci_dev devices", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/dwc_pcie: fix duplicate pci_dev devices\n\nDuring platform_device_register, wrongly using struct device\npci_dev as platform_data caused a kmemdup copy of pci_dev. Worse\nstill, accessing the duplicated device leads to list corruption as its\nmutex content (e.g., list, magic) remains the same as the original.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37746", + "https://git.kernel.org/linus/7f35b429802a8065aa61e2a3f567089649f4d98e (6.15-rc1)", + "https://git.kernel.org/stable/c/7f35b429802a8065aa61e2a3f567089649f4d98e", + "https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9", + "https://lore.kernel.org/linux-cve-announce/2025050135-CVE-2025-37746-2d53@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37746", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-37746" + ], + "PublishedDate": "2025-05-01T13:15:53.313Z", + "LastModifiedDate": "2025-05-02T13:53:20.943Z" + }, + { + "VulnerabilityID": "CVE-2025-37860", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37860", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: sfc: fix NULL dereferences in ef100_process_design_param()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix NULL dereferences in ef100_process_design_param()\n\nSince cited commit, ef100_probe_main() and hence also\n ef100_check_design_params() run before efx-\u003enet_dev is created;\n consequently, we cannot netif_set_tso_max_size() or _segs() at this\n point.\nMove those netif calls to ef100_probe_netdev(), and also replace\n netif_err within the design params code with pci_err.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37860", + "https://git.kernel.org/linus/8241ecec1cdc6699ae197d52d58e76bddd995fa5 (6.15-rc1)", + "https://git.kernel.org/stable/c/8241ecec1cdc6699ae197d52d58e76bddd995fa5", + "https://git.kernel.org/stable/c/e56391011381d6d029da377a65ac314cb3d5def2", + "https://lore.kernel.org/linux-cve-announce/2025041816-CVE-2025-37860-9af2@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37860", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-37860" + ], + "PublishedDate": "2025-04-18T07:15:42.883Z", + "LastModifiedDate": "2025-04-29T16:55:17.163Z" + }, + { + "VulnerabilityID": "CVE-2025-37925", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37925", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: jfs: reject on-disk inodes of an unsupported type", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: reject on-disk inodes of an unsupported type\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/inode.c:668!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\nRIP: 0010:clear_inode+0x168/0x190\nCode: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7\n 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f\nRSP: 0018:ffffc900027dfae8 EFLAGS: 00010093\nRAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\nRBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38\nR10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000\nR13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80\nFS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? clear_inode+0x168/0x190\n ? do_error_trap+0x1dc/0x2c0\n ? clear_inode+0x168/0x190\n ? __pfx_do_error_trap+0x10/0x10\n ? report_bug+0x3cd/0x500\n ? handle_invalid_op+0x34/0x40\n ? clear_inode+0x168/0x190\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? clear_inode+0x57/0x190\n ? clear_inode+0x167/0x190\n ? clear_inode+0x168/0x190\n ? clear_inode+0x167/0x190\n jfs_evict_inode+0xb5/0x440\n ? __pfx_jfs_evict_inode+0x10/0x10\n evict+0x4ea/0x9b0\n ? __pfx_evict+0x10/0x10\n ? iput+0x713/0xa50\n txUpdateMap+0x931/0xb10\n ? __pfx_txUpdateMap+0x10/0x10\n jfs_lazycommit+0x49a/0xb80\n ? _raw_spin_unlock_irqrestore+0x8f/0x140\n ? lockdep_hardirqs_on+0x99/0x150\n ? __pfx_jfs_lazycommit+0x10/0x10\n ? __pfx_default_wake_function+0x10/0x10\n ? __kthread_parkme+0x169/0x1d0\n ? __pfx_jfs_lazycommit+0x10/0x10\n kthread+0x2f2/0x390\n ? __pfx_jfs_lazycommit+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4d/0x80\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThis happens when 'clear_inode()' makes an attempt to finalize an underlying\nJFS inode of unknown type. According to JFS layout description from\nhttps://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to\n15 are reserved for future extensions and should not be encountered on a valid\nfilesystem. So add an extra check for valid inode type in 'copy_from_dinode()'.", + "Severity": "MEDIUM", + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37925", + "https://git.kernel.org/linus/8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9 (6.15-rc1)", + "https://git.kernel.org/stable/c/28419a4f3a1eeee33472a1b3856ae62aaa5a649b", + "https://git.kernel.org/stable/c/45fd8421081ec79e661e5f3ead2934fdbddb4287", + "https://git.kernel.org/stable/c/8987891c4653874d5e3f5d11f063912f4e0b58eb", + "https://git.kernel.org/stable/c/8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9", + "https://git.kernel.org/stable/c/afc08b0b5587b553799bc375957706936a3e0088", + "https://lore.kernel.org/linux-cve-announce/2025041816-CVE-2025-37925-9765@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37925", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-37925" + ], + "PublishedDate": "2025-04-18T07:15:43.09Z", + "LastModifiedDate": "2025-08-15T16:15:29.14Z" + }, + { + "VulnerabilityID": "CVE-2025-37966", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37966", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL\n\nWhen userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not\navailable, the kernel crashes:\n\nOops - illegal instruction [#1]\n [snip]\nepc : set_tagged_addr_ctrl+0x112/0x15a\n ra : set_tagged_addr_ctrl+0x74/0x15a\nepc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10\n [snip]\nstatus: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002\n set_tagged_addr_ctrl+0x112/0x15a\n __riscv_sys_prctl+0x352/0x73c\n do_trap_ecall_u+0x17c/0x20c\n andle_exception+0x150/0x15c\n\nFix it by checking if Supm is available.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37966", + "https://git.kernel.org/stable/c/4b595a2f5656cd45d534ed2160c94f7662adefe5", + "https://git.kernel.org/stable/c/ae08d55807c099357c047dba17624b09414635dd", + "https://lore.kernel.org/linux-cve-announce/2025052045-CVE-2025-37966-8d4c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37966", + "https://www.cve.org/CVERecord?id=CVE-2025-37966" + ], + "PublishedDate": "2025-05-20T17:15:47.02Z", + "LastModifiedDate": "2025-05-21T20:24:58.133Z" + }, + { + "VulnerabilityID": "CVE-2025-38067", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38067", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: rseq: Fix segfault on registration when rseq_cs is non-zero", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrseq: Fix segfault on registration when rseq_cs is non-zero\n\nThe rseq_cs field is documented as being set to 0 by user-space prior to\nregistration, however this is not currently enforced by the kernel. This\ncan result in a segfault on return to user-space if the value stored in\nthe rseq_cs field doesn't point to a valid struct rseq_cs.\n\nThe correct solution to this would be to fail the rseq registration when\nthe rseq_cs field is non-zero. However, some older versions of glibc\nwill reuse the rseq area of previous threads without clearing the\nrseq_cs field and will also terminate the process if the rseq\nregistration fails in a secondary thread. This wasn't caught in testing\nbecause in this case the leftover rseq_cs does point to a valid struct\nrseq_cs.\n\nWhat we can do is clear the rseq_cs field on registration when it's\nnon-zero which will prevent segfaults on registration and won't break\nthe glibc versions that reuse rseq areas on thread creation.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38067", + "https://git.kernel.org/linus/fd881d0a085fc54354414aed990ccf05f282ba53 (6.15-rc1)", + "https://git.kernel.org/stable/c/2df285dab00fa03a3ef939b6cb0d0d0aeb0791db", + "https://git.kernel.org/stable/c/3e4028ef31b69286c9d4878cee0330235f53f218", + "https://git.kernel.org/stable/c/48900d839a3454050fd5822e34be8d54c4ec9b86", + "https://git.kernel.org/stable/c/b2b05d0dc2f4f0646922068af435aed5763d16ba", + "https://git.kernel.org/stable/c/eaf112069a904b6207b4106ff083e0208232a2eb", + "https://git.kernel.org/stable/c/f004f58d18a2d3dc761cf973ad27b4a5997bd876", + "https://git.kernel.org/stable/c/fd881d0a085fc54354414aed990ccf05f282ba53", + "https://lore.kernel.org/linux-cve-announce/2025061837-CVE-2025-38067-b173@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38067", + "https://www.cve.org/CVERecord?id=CVE-2025-38067" + ], + "PublishedDate": "2025-06-18T10:15:39.78Z", + "LastModifiedDate": "2025-07-17T17:15:36.333Z" + }, + { + "VulnerabilityID": "CVE-2025-38104", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38104", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV\n\nRLCG Register Access is a way for virtual functions to safely access GPU\nregisters in a virtualized environment., including TLB flushes and\nregister reads. When multiple threads or VFs try to access the same\nregisters simultaneously, it can lead to race conditions. By using the\nRLCG interface, the driver can serialize access to the registers. This\nmeans that only one thread can access the registers at a time,\npreventing conflicts and ensuring that operations are performed\ncorrectly. Additionally, when a low-priority task holds a mutex that a\nhigh-priority task needs, ie., If a thread holding a spinlock tries to\nacquire a mutex, it can lead to priority inversion. register access in\namdgpu_virt_rlcg_reg_rw especially in a fast code path is critical.\n\nThe call stack shows that the function amdgpu_virt_rlcg_reg_rw is being\ncalled, which attempts to acquire the mutex. This function is invoked\nfrom amdgpu_sriov_wreg, which in turn is called from\ngmc_v11_0_flush_gpu_tlb.\n\nThe [ BUG: Invalid wait context ] indicates that a thread is trying to\nacquire a mutex while it is in a context that does not allow it to sleep\n(like holding a spinlock).\n\nFixes the below:\n\n[ 253.013423] =============================\n[ 253.013434] [ BUG: Invalid wait context ]\n[ 253.013446] 6.12.0-amdstaging-drm-next-lol-050225 #14 Tainted: G U OE\n[ 253.013464] -----------------------------\n[ 253.013475] kworker/0:1/10 is trying to lock:\n[ 253.013487] ffff9f30542e3cf8 (\u0026adev-\u003evirt.rlcg_reg_lock){+.+.}-{3:3}, at: amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[ 253.013815] other info that might help us debug this:\n[ 253.013827] context-{4:4}\n[ 253.013835] 3 locks held by kworker/0:1/10:\n[ 253.013847] #0: ffff9f3040050f58 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x3f5/0x680\n[ 253.013877] #1: ffffb789c008be40 ((work_completion)(\u0026wfc.work)){+.+.}-{0:0}, at: process_one_work+0x1d6/0x680\n[ 253.013905] #2: ffff9f3054281838 (\u0026adev-\u003egmc.invalidate_lock){+.+.}-{2:2}, at: gmc_v11_0_flush_gpu_tlb+0x198/0x4f0 [amdgpu]\n[ 253.014154] stack backtrace:\n[ 253.014164] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G U OE 6.12.0-amdstaging-drm-next-lol-050225 #14\n[ 253.014189] Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[ 253.014203] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/18/2024\n[ 253.014224] Workqueue: events work_for_cpu_fn\n[ 253.014241] Call Trace:\n[ 253.014250] \u003cTASK\u003e\n[ 253.014260] dump_stack_lvl+0x9b/0xf0\n[ 253.014275] dump_stack+0x10/0x20\n[ 253.014287] __lock_acquire+0xa47/0x2810\n[ 253.014303] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 253.014321] lock_acquire+0xd1/0x300\n[ 253.014333] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[ 253.014562] ? __lock_acquire+0xa6b/0x2810\n[ 253.014578] __mutex_lock+0x85/0xe20\n[ 253.014591] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[ 253.014782] ? sched_clock_noinstr+0x9/0x10\n[ 253.014795] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 253.014808] ? local_clock_noinstr+0xe/0xc0\n[ 253.014822] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[ 253.015012] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 253.015029] mutex_lock_nested+0x1b/0x30\n[ 253.015044] ? mutex_lock_nested+0x1b/0x30\n[ 253.015057] amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[ 253.015249] amdgpu_sriov_wreg+0xc5/0xd0 [amdgpu]\n[ 253.015435] gmc_v11_0_flush_gpu_tlb+0x44b/0x4f0 [amdgpu]\n[ 253.015667] gfx_v11_0_hw_init+0x499/0x29c0 [amdgpu]\n[ 253.015901] ? __pfx_smu_v13_0_update_pcie_parameters+0x10/0x10 [amdgpu]\n[ 253.016159] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 253.016173] ? smu_hw_init+0x18d/0x300 [amdgpu]\n[ 253.016403] amdgpu_device_init+0x29ad/0x36a0 [amdgpu]\n[ 253.016614] amdgpu_driver_load_kms+0x1a/0xc0 [amdgpu]\n[ 253.0170\n---truncated---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38104", + "https://git.kernel.org/linus/dc0297f3198bd60108ccbd167ee5d9fa4af31ed0 (6.15-rc1)", + "https://git.kernel.org/stable/c/07ed75bfa7ede8bfcfa303fd6efc85db1c8684c7", + "https://git.kernel.org/stable/c/1c0378830e42c98acd69e0289882c8637d92f285", + "https://git.kernel.org/stable/c/5c1741a0c176ae11675a64cb7f2dd21d72db6b91", + "https://git.kernel.org/stable/c/dc0297f3198bd60108ccbd167ee5d9fa4af31ed0", + "https://lore.kernel.org/linux-cve-announce/2025041817-CVE-2025-38104-ef68@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38104", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-38104" + ], + "PublishedDate": "2025-04-18T07:15:43.29Z", + "LastModifiedDate": "2025-07-17T17:15:36.83Z" + }, + { + "VulnerabilityID": "CVE-2025-38132", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38132", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: coresight: holding cscfg_csdev_lock while removing cscfg from csdev", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere'll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list's\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38132", + "https://git.kernel.org/linus/53b9e2659719b04f5ba7593f2af0f2335f75e94a (6.16-rc1)", + "https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41", + "https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a", + "https://lore.kernel.org/linux-cve-announce/2025070331-CVE-2025-38132-bfc9@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38132", + "https://www.cve.org/CVERecord?id=CVE-2025-38132" + ], + "PublishedDate": "2025-07-03T09:15:27.563Z", + "LastModifiedDate": "2025-07-03T15:13:53.147Z" + }, + { + "VulnerabilityID": "CVE-2025-38187", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38187", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller's RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller's container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38187", + "https://git.kernel.org/linus/9802f0a63b641f4cddb2139c814c2e95cb825099 (6.16-rc3)", + "https://git.kernel.org/stable/c/9802f0a63b641f4cddb2139c814c2e95cb825099", + "https://git.kernel.org/stable/c/cd4677407c0ee250fc21e36439c8a442ddd62cc1", + "https://lore.kernel.org/linux-cve-announce/2025070413-CVE-2025-38187-dafd@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38187", + "https://www.cve.org/CVERecord?id=CVE-2025-38187" + ], + "PublishedDate": "2025-07-04T14:15:25.64Z", + "LastModifiedDate": "2025-07-08T16:18:53.607Z" + }, + { + "VulnerabilityID": "CVE-2025-38199", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38199", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak due to multiple rx_stats allocation\n\nrx_stats for each arsta is allocated when adding a station.\narsta-\u003erx_stats will be freed when a station is removed.\n\nRedundant allocations are occurring when the same station is added\nmultiple times. This causes ath12k_mac_station_add() to be called\nmultiple times, and rx_stats is allocated each time. As a result there\nis memory leaks.\n\nPrevent multiple allocations of rx_stats when ath12k_mac_station_add()\nis called repeatedly by checking if rx_stats is already allocated\nbefore allocating again. Allocate arsta-\u003erx_stats if arsta-\u003erx_stats\nis NULL respectively.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38199", + "https://git.kernel.org/linus/c426497fa2055c8005196922e7d29c41d7e0948a (6.16-rc1)", + "https://git.kernel.org/stable/c/232f962ae5fca98912a719e64b4964a5aec7c99b", + "https://git.kernel.org/stable/c/c426497fa2055c8005196922e7d29c41d7e0948a", + "https://lore.kernel.org/linux-cve-announce/2025070417-CVE-2025-38199-287e@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38199", + "https://www.cve.org/CVERecord?id=CVE-2025-38199" + ], + "PublishedDate": "2025-07-04T14:15:27.707Z", + "LastModifiedDate": "2025-07-08T16:18:53.607Z" + }, + { + "VulnerabilityID": "CVE-2025-38205", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38205", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid divide by zero by initializing dummy pitch to 1\n\n[Why]\nIf the dummy values in `populate_dummy_dml_surface_cfg()` aren't updated\nthen they can lead to a divide by zero in downstream callers like\nCalculateVMAndRowBytes()\n\n[How]\nInitialize dummy value to a value to avoid divide by zero.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38205", + "https://git.kernel.org/linus/7e40f64896e8e3dca471e287672db5ace12ea0be (6.16-rc1)", + "https://git.kernel.org/stable/c/7e40f64896e8e3dca471e287672db5ace12ea0be", + "https://git.kernel.org/stable/c/8044f981b2cf8c32fe1bd5d1fc991552cdf7ffe0", + "https://lore.kernel.org/linux-cve-announce/2025070419-CVE-2025-38205-0316@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38205", + "https://www.cve.org/CVERecord?id=CVE-2025-38205" + ], + "PublishedDate": "2025-07-04T14:15:28.54Z", + "LastModifiedDate": "2025-07-08T16:18:53.607Z" + }, + { + "VulnerabilityID": "CVE-2025-38207", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38207", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: mm: fix uprobe pte be overwritten when expanding vma", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix uprobe pte be overwritten when expanding vma\n\nPatch series \"Fix uprobe pte be overwritten when expanding vma\".\n\n\nThis patch (of 4):\n\nWe encountered a BUG alert triggered by Syzkaller as follows:\n BUG: Bad rss-counter state mm:00000000b4a60fca type:MM_ANONPAGES val:1\n\nAnd we can reproduce it with the following steps:\n1. register uprobe on file at zero offset\n2. mmap the file at zero offset:\n addr1 = mmap(NULL, 2 * 4096, PROT_NONE, MAP_PRIVATE, fd, 0);\n3. mremap part of vma1 to new vma2:\n addr2 = mremap(addr1, 4096, 2 * 4096, MREMAP_MAYMOVE);\n4. mremap back to orig addr1:\n mremap(addr2, 4096, 4096, MREMAP_MAYMOVE | MREMAP_FIXED, addr1);\n\nIn step 3, the vma1 range [addr1, addr1 + 4096] will be remap to new vma2\nwith range [addr2, addr2 + 8192], and remap uprobe anon page from the vma1\nto vma2, then unmap the vma1 range [addr1, addr1 + 4096].\n\nIn step 4, the vma2 range [addr2, addr2 + 4096] will be remap back to the\naddr range [addr1, addr1 + 4096]. Since the addr range [addr1 + 4096,\naddr1 + 8192] still maps the file, it will take vma_merge_new_range to\nexpand the range, and then do uprobe_mmap in vma_complete. Since the\nmerged vma pgoff is also zero offset, it will install uprobe anon page to\nthe merged vma. However, the upcomming move_page_tables step, which use\nset_pte_at to remap the vma2 uprobe pte to the merged vma, will overwrite\nthe newly uprobe pte in the merged vma, and lead that pte to be orphan.\n\nSince the uprobe pte will be remapped to the merged vma, we can remove the\nunnecessary uprobe_mmap upon merged vma.\n\nThis problem was first found in linux-6.6.y and also exists in the\ncommunity syzkaller:\nhttps://lore.kernel.org/all/000000000000ada39605a5e71711@google.com/T/", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38207", + "https://git.kernel.org/linus/2b12d06c37fd3a394376f42f026a7478d826ed63 (6.16-rc1)", + "https://git.kernel.org/stable/c/2b12d06c37fd3a394376f42f026a7478d826ed63", + "https://git.kernel.org/stable/c/58b83b9a9a929611a2a2e7d88f45cb0d786b7ee0", + "https://lore.kernel.org/linux-cve-announce/2025070420-CVE-2025-38207-e2ea@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38207", + "https://www.cve.org/CVERecord?id=CVE-2025-38207" + ], + "PublishedDate": "2025-07-04T14:15:28.823Z", + "LastModifiedDate": "2025-07-08T16:18:53.607Z" + }, + { + "VulnerabilityID": "CVE-2025-38234", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38234", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: sched/rt: Fix race in push_rt_task", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Fix race in push_rt_task\n\nOverview\n========\nWhen a CPU chooses to call push_rt_task and picks a task to push to\nanother CPU's runqueue then it will call find_lock_lowest_rq method\nwhich would take a double lock on both CPUs' runqueues. If one of the\nlocks aren't readily available, it may lead to dropping the current\nrunqueue lock and reacquiring both the locks at once. During this window\nit is possible that the task is already migrated and is running on some\nother CPU. These cases are already handled. However, if the task is\nmigrated and has already been executed and another CPU is now trying to\nwake it up (ttwu) such that it is queued again on the runqeue\n(on_rq is 1) and also if the task was run by the same CPU, then the\ncurrent checks will pass even though the task was migrated out and is no\nlonger in the pushable tasks list.\n\nCrashes\n=======\nThis bug resulted in quite a few flavors of crashes triggering kernel\npanics with various crash signatures such as assert failures, page\nfaults, null pointer dereferences, and queue corruption errors all\ncoming from scheduler itself.\n\nSome of the crashes:\n-\u003e kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u003e= MAX_RT_PRIO)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? pick_next_task_rt+0x6e/0x1d0\n ? do_error_trap+0x64/0xa0\n ? pick_next_task_rt+0x6e/0x1d0\n ? exc_invalid_op+0x4c/0x60\n ? pick_next_task_rt+0x6e/0x1d0\n ? asm_exc_invalid_op+0x12/0x20\n ? pick_next_task_rt+0x6e/0x1d0\n __schedule+0x5cb/0x790\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: kernel NULL pointer dereference, address: 00000000000000c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? __warn+0x8a/0xe0\n ? exc_page_fault+0x3d6/0x520\n ? asm_exc_page_fault+0x1e/0x30\n ? pick_next_task_rt+0xb5/0x1d0\n ? pick_next_task_rt+0x8c/0x1d0\n __schedule+0x583/0x7e0\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: unable to handle page fault for address: ffff9464daea5900\n kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u003ecpu != task_cpu(p))\n\n-\u003e kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u003enr_running)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? do_error_trap+0x64/0xa0\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? exc_invalid_op+0x4c/0x60\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? asm_exc_invalid_op+0x12/0x20\n ? dequeue_top_rt_rq+0xa2/0xb0\n dequeue_rt_entity+0x1f/0x70\n dequeue_task_rt+0x2d/0x70\n __schedule+0x1a8/0x7e0\n ? blk_finish_plug+0x25/0x40\n schedule+0x3c/0xb0\n futex_wait_queue_me+0xb6/0x120\n futex_wait+0xd9/0x240\n do_futex+0x344/0xa90\n ? get_mm_exe_file+0x30/0x60\n ? audit_exe_compare+0x58/0x70\n ? audit_filter_rules.constprop.26+0x65e/0x1220\n __x64_sys_futex+0x148/0x1f0\n do_syscall_64+0x30/0x80\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\n\n-\u003e BUG: unable to handle page fault for address: ffff8cf3608bc2c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? spurious_kernel_fault+0x171/0x1c0\n ? exc_page_fault+0x3b6/0x520\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? asm_exc_page_fault+0x1e/0x30\n ? _cond_resched+0x15/0x30\n ? futex_wait_queue_me+0xc8/0x120\n ? futex_wait+0xd9/0x240\n ? try_to_wake_up+0x1b8/0x490\n ? futex_wake+0x78/0x160\n ? do_futex+0xcd/0xa90\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? plist_del+0x6a/0xd0\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? dequeue_pushable_task+0x20/0x70\n ? __schedule+0x382/0x7e0\n ? asm_sysvec_reschedule_i\n---truncated---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38234", + "https://git.kernel.org/linus/690e47d1403e90b7f2366f03b52ed3304194c793 (6.16-rc1)", + "https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d", + "https://git.kernel.org/stable/c/690e47d1403e90b7f2366f03b52ed3304194c793", + "https://lore.kernel.org/linux-cve-announce/2025070430-CVE-2025-38234-6984@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38234", + "https://www.cve.org/CVERecord?id=CVE-2025-38234" + ], + "PublishedDate": "2025-07-04T14:15:33.087Z", + "LastModifiedDate": "2025-07-08T16:18:53.607Z" + }, + { + "VulnerabilityID": "CVE-2025-38237", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38237", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()\n\nIn fimc_is_hw_change_mode(), the function changes camera modes without\nwaiting for hardware completion, risking corrupted data or system hangs\nif subsequent operations proceed before the hardware is ready.\n\nAdd fimc_is_hw_wait_intmsr0_intmsd0() after mode configuration, ensuring\nhardware state synchronization and stable interrupt handling.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38237", + "https://git.kernel.org/linus/bd9f6ce7d512fa21249415c16af801a4ed5d97b6 (6.16-rc1)", + "https://git.kernel.org/stable/c/14acbb5af101b7bb58c0952949bba4c5fdf0ee7e", + "https://git.kernel.org/stable/c/b0d92b94278561f43057003a73a17ce13b7c1a1a", + "https://git.kernel.org/stable/c/bb97dfab7615fea97322b8a6131546e80f878a69", + "https://git.kernel.org/stable/c/bd9f6ce7d512fa21249415c16af801a4ed5d97b6", + "https://git.kernel.org/stable/c/e4077a10a25560ec0bd0b42322e4ea027d6f76e2", + "https://lore.kernel.org/linux-cve-announce/2025070807-CVE-2025-38237-68e7@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38237", + "https://www.cve.org/CVERecord?id=CVE-2025-38237" + ], + "PublishedDate": "2025-07-08T08:15:21.87Z", + "LastModifiedDate": "2025-07-08T16:18:14.207Z" + }, + { + "VulnerabilityID": "CVE-2025-38261", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38261", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: riscv: save the SR_SUM status over switches", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: save the SR_SUM status over switches\n\nWhen threads/tasks are switched we need to ensure the old execution's\nSR_SUM state is saved and the new thread has the old SR_SUM state\nrestored.\n\nThe issue was seen under heavy load especially with the syz-stress tool\nrunning, with crashes as follows in schedule_tail:\n\nUnable to handle kernel access to user memory without uaccess routines\nat virtual address 000000002749f0d0\nOops [#1]\nModules linked in:\nCPU: 1 PID: 4875 Comm: syz-executor.0 Not tainted\n5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0\nHardware name: riscv-virtio,qemu (DT)\nepc : schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n ra : task_pid_vnr include/linux/sched.h:1421 [inline]\n ra : schedule_tail+0x70/0xb2 kernel/sched/core.c:4264\nepc : ffffffe00008c8b0 ra : ffffffe00008c8ae sp : ffffffe025d17ec0\n gp : ffffffe005d25378 tp : ffffffe00f0d0000 t0 : 0000000000000000\n t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe025d17ee0\n s1 : 000000002749f0d0 a0 : 000000000000002a a1 : 0000000000000003\n a2 : 1ffffffc0cfac500 a3 : ffffffe0000c80cc a4 : 5ae9db91c19bbe00\n a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe000082eba\n s2 : 0000000000040000 s3 : ffffffe00eef96c0 s4 : ffffffe022c77fe0\n s5 : 0000000000004000 s6 : ffffffe067d74e00 s7 : ffffffe067d74850\n s8 : ffffffe067d73e18 s9 : ffffffe067d74e00 s10: ffffffe00eef96e8\n s11: 000000ae6cdf8368 t3 : 5ae9db91c19bbe00 t4 : ffffffc4043cafb2\n t5 : ffffffc4043cafba t6 : 0000000000040000\nstatus: 0000000000000120 badaddr: 000000002749f0d0 cause:\n000000000000000f\nCall Trace:\n[\u003cffffffe00008c8b0\u003e] schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n[\u003cffffffe000005570\u003e] ret_from_exception+0x0/0x14\nDumping ftrace buffer:\n (ftrace buffer empty)\n---[ end trace b5f8f9231dc87dda ]---\n\nThe issue comes from the put_user() in schedule_tail\n(kernel/sched/core.c) doing the following:\n\nasmlinkage __visible void schedule_tail(struct task_struct *prev)\n{\n...\n if (current-\u003eset_child_tid)\n put_user(task_pid_vnr(current), current-\u003eset_child_tid);\n...\n}\n\nthe put_user() macro causes the code sequence to come out as follows:\n\n1:\t__enable_user_access()\n2:\treg = task_pid_vnr(current);\n3:\t*current-\u003eset_child_tid = reg;\n4:\t__disable_user_access()\n\nThe problem is that we may have a sleeping function as argument which\ncould clear SR_SUM causing the panic above. This was fixed by\nevaluating the argument of the put_user() macro outside the user-enabled\nsection in commit 285a76bb2cf5 (\"riscv: evaluate put_user() arg before\nenabling user access\")\"\n\nIn order for riscv to take advantage of unsafe_get/put_XXX() macros and\nto avoid the same issue we had with put_user() and sleeping functions we\nmust ensure code flow can go through switch_to() from within a region of\ncode with SR_SUM enabled and come back with SR_SUM still enabled. This\npatch addresses the problem allowing future work to enable full use of\nunsafe_get/put_XXX() macros without needing to take a CSR bit flip cost\non every access. Make switch_to() save and restore SR_SUM.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38261", + "https://git.kernel.org/linus/788aa64c01f1262310b4c1fb827a36df170d86ea (6.16-rc1)", + "https://git.kernel.org/stable/c/69ea599a8dab93a620c92c255be4239a06290a77", + "https://git.kernel.org/stable/c/788aa64c01f1262310b4c1fb827a36df170d86ea", + "https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38261-54c0@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38261", + "https://www.cve.org/CVERecord?id=CVE-2025-38261" + ], + "PublishedDate": "2025-07-09T11:15:28.46Z", + "LastModifiedDate": "2025-07-10T13:17:30.017Z" + }, + { + "VulnerabilityID": "CVE-2025-38272", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38272", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: dsa: b53: do not enable EEE on bcm63xx", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38272", + "https://git.kernel.org/linus/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c (6.16-rc1)", + "https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c", + "https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc", + "https://lore.kernel.org/linux-cve-announce/2025071008-CVE-2025-38272-2f33@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38272", + "https://www.cve.org/CVERecord?id=CVE-2025-38272" + ], + "PublishedDate": "2025-07-10T08:15:25.423Z", + "LastModifiedDate": "2025-07-10T13:17:30.017Z" + }, + { + "VulnerabilityID": "CVE-2025-38284", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38284", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: wifi: rtw89: pci: configure manual DAC mode via PCI config API only", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: pci: configure manual DAC mode via PCI config API only\n\nTo support 36-bit DMA, configure chip proprietary bit via PCI config API\nor chip DBI interface. However, the PCI device mmap isn't set yet and\nthe DBI is also inaccessible via mmap, so only if the bit can be accessible\nvia PCI config API, chip can support 36-bit DMA. Otherwise, fallback to\n32-bit DMA.\n\nWith NULL mmap address, kernel throws trace:\n\n BUG: unable to handle page fault for address: 0000000000001090\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 71 Comm: irq/26-pciehp Tainted: G OE 6.14.2-061402-generic #202504101348\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n RIP: 0010:rtw89_pci_ops_write16+0x12/0x30 [rtw89_pci]\n RSP: 0018:ffffb0ffc0acf9d8 EFLAGS: 00010206\n RAX: ffffffffc158f9c0 RBX: ffff94865e702020 RCX: 0000000000000000\n RDX: 0000000000000718 RSI: 0000000000001090 RDI: ffff94865e702020\n RBP: ffffb0ffc0acf9d8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000015\n R13: 0000000000000719 R14: ffffb0ffc0acfa1f R15: ffffffffc1813060\n FS: 0000000000000000(0000) GS:ffff9486f3480000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000001090 CR3: 0000000090440001 CR4: 00000000000626f0\n Call Trace:\n \u003cTASK\u003e\n rtw89_pci_read_config_byte+0x6d/0x120 [rtw89_pci]\n rtw89_pci_cfg_dac+0x5b/0xb0 [rtw89_pci]\n rtw89_pci_probe+0xa96/0xbd0 [rtw89_pci]\n ? __pfx___device_attach_driver+0x10/0x10\n ? __pfx___device_attach_driver+0x10/0x10\n local_pci_probe+0x47/0xa0\n pci_call_probe+0x5d/0x190\n pci_device_probe+0xa7/0x160\n really_probe+0xf9/0x370\n ? pm_runtime_barrier+0x55/0xa0\n __driver_probe_device+0x8c/0x140\n driver_probe_device+0x24/0xd0\n __device_attach_driver+0xcd/0x170\n bus_for_each_drv+0x99/0x100\n __device_attach+0xb4/0x1d0\n device_attach+0x10/0x20\n pci_bus_add_device+0x59/0x90\n pci_bus_add_devices+0x31/0x80\n pciehp_configure_device+0xaa/0x170\n pciehp_enable_slot+0xd6/0x240\n pciehp_handle_presence_or_link_change+0xf1/0x180\n pciehp_ist+0x162/0x1c0\n irq_thread_fn+0x24/0x70\n irq_thread+0xef/0x1c0\n ? __pfx_irq_thread_fn+0x10/0x10\n ? __pfx_irq_thread_dtor+0x10/0x10\n ? __pfx_irq_thread+0x10/0x10\n kthread+0xfc/0x230\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x47/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38284", + "https://git.kernel.org/linus/a70cf04b08f44f41bce14659aa7012674b15d9de (6.16-rc1)", + "https://git.kernel.org/stable/c/a70cf04b08f44f41bce14659aa7012674b15d9de", + "https://git.kernel.org/stable/c/e1e0f046041474004dc6ebce5ce1d3e86556291d", + "https://lore.kernel.org/linux-cve-announce/2025071010-CVE-2025-38284-1574@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38284", + "https://www.cve.org/CVERecord?id=CVE-2025-38284" + ], + "PublishedDate": "2025-07-10T08:15:26.857Z", + "LastModifiedDate": "2025-07-10T13:17:30.017Z" + }, + { + "VulnerabilityID": "CVE-2025-38335", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38335", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn't\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there's no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38335", + "https://git.kernel.org/linus/f4a8f561d08e39f7833d4a278ebfb12a41eef15f (6.16-rc1)", + "https://git.kernel.org/stable/c/a7b79db25846459de63ca8974268f0c41c734c4b", + "https://git.kernel.org/stable/c/a8f01e51109f77229e426b57c5d19251b462c6aa", + "https://git.kernel.org/stable/c/ec8f5da79b425deef5aebacdd4fe645620cd4f0b", + "https://git.kernel.org/stable/c/f4a8f561d08e39f7833d4a278ebfb12a41eef15f", + "https://git.kernel.org/stable/c/fa53beab4740c4e5fe969f218a379f9558be33dc", + "https://lore.kernel.org/linux-cve-announce/2025071034-CVE-2025-38335-b96e@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38335", + "https://www.cve.org/CVERecord?id=CVE-2025-38335" + ], + "PublishedDate": "2025-07-10T09:15:28.1Z", + "LastModifiedDate": "2025-08-15T16:15:29.3Z" + }, + { + "VulnerabilityID": "CVE-2025-38359", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38359", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: s390/mm: Fix in_atomic() handling in do_secure_storage_access()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Fix in_atomic() handling in do_secure_storage_access()\n\nKernel user spaces accesses to not exported pages in atomic context\nincorrectly try to resolve the page fault.\nWith debug options enabled call traces like this can be seen:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39\npreempt_count: 1, expected: 0\nRCU nest depth: 0, expected: 0\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003c00000383ea47cfa2\u003e] copy_page_from_iter_atomic+0xa2/0x8a0\nCPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39\nTainted: G W 6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT\nTainted: [W]=WARN\nHardware name: IBM 3931 A01 703 (LPAR)\nCall Trace:\n [\u003c00000383e990d282\u003e] dump_stack_lvl+0xa2/0xe8\n [\u003c00000383e99bf152\u003e] __might_resched+0x292/0x2d0\n [\u003c00000383eaa7c374\u003e] down_read+0x34/0x2d0\n [\u003c00000383e99432f8\u003e] do_secure_storage_access+0x108/0x360\n [\u003c00000383eaa724b0\u003e] __do_pgm_check+0x130/0x220\n [\u003c00000383eaa842e4\u003e] pgm_check_handler+0x114/0x160\n [\u003c00000383ea47d028\u003e] copy_page_from_iter_atomic+0x128/0x8a0\n([\u003c00000383ea47d016\u003e] copy_page_from_iter_atomic+0x116/0x8a0)\n [\u003c00000383e9c45eae\u003e] generic_perform_write+0x16e/0x310\n [\u003c00000383e9eb87f4\u003e] ext4_buffered_write_iter+0x84/0x160\n [\u003c00000383e9da0de4\u003e] vfs_write+0x1c4/0x460\n [\u003c00000383e9da123c\u003e] ksys_write+0x7c/0x100\n [\u003c00000383eaa7284e\u003e] __do_syscall+0x15e/0x280\n [\u003c00000383eaa8417e\u003e] system_call+0x6e/0x90\nINFO: lockdep is turned off.\n\nIt is not allowed to take the mmap_lock while in atomic context. Therefore\nhandle such a secure storage access fault as if the accessed page is not\nmapped: the uaccess function will return -EFAULT, and the caller has to\ndeal with this. Usually this means that the access is retried in process\ncontext, which allows to resolve the page fault (or in this case export the\npage).", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38359", + "https://git.kernel.org/linus/11709abccf93b08adde95ef313c300b0d4bc28f1 (6.16-rc1)", + "https://git.kernel.org/stable/c/11709abccf93b08adde95ef313c300b0d4bc28f1", + "https://git.kernel.org/stable/c/d2e317dfd2d1fe416c77315d17c5d57dbe374915", + "https://lore.kernel.org/linux-cve-announce/2025072556-CVE-2025-38359-8cda@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38359", + "https://www.cve.org/CVERecord?id=CVE-2025-38359" + ], + "PublishedDate": "2025-07-25T13:15:24.687Z", + "LastModifiedDate": "2025-07-25T15:29:19.837Z" + }, + { + "VulnerabilityID": "CVE-2025-38421", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38421", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: platform/x86/amd: pmf: Use device managed allocations", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: pmf: Use device managed allocations\n\nIf setting up smart PC fails for any reason then this can lead to\na double free when unloading amd-pmf. This is because dev-\u003ebuf was\nfreed but never set to NULL and is again freed in amd_pmf_remove().\n\nTo avoid subtle allocation bugs in failures leading to a double free\nchange all allocations into device managed allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38421", + "https://git.kernel.org/linus/d9db3a941270d92bbd1a6a6b54a10324484f2f2d (6.16-rc3)", + "https://git.kernel.org/stable/c/0d10b532f861253c283863522d59d099fcb0796d", + "https://git.kernel.org/stable/c/d9db3a941270d92bbd1a6a6b54a10324484f2f2d", + "https://lore.kernel.org/linux-cve-announce/2025072554-CVE-2025-38421-8601@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38421", + "https://www.cve.org/CVERecord?id=CVE-2025-38421" + ], + "PublishedDate": "2025-07-25T15:15:26.927Z", + "LastModifiedDate": "2025-07-25T15:29:19.837Z" + }, + { + "VulnerabilityID": "CVE-2025-38426", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38426", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/amdgpu: Add basic validation for RAS header", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38426", + "https://git.kernel.org/linus/5df0d6addb7e9b6f71f7162d1253762a5be9138e (6.16-rc1)", + "https://git.kernel.org/stable/c/5df0d6addb7e9b6f71f7162d1253762a5be9138e", + "https://git.kernel.org/stable/c/b52f52bc5ba9feb026c0be600f8ac584fd12d187", + "https://lore.kernel.org/linux-cve-announce/2025072555-CVE-2025-38426-718c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38426", + "https://www.cve.org/CVERecord?id=CVE-2025-38426" + ], + "PublishedDate": "2025-07-25T15:15:27.51Z", + "LastModifiedDate": "2025-07-25T15:29:19.837Z" + }, + { + "VulnerabilityID": "CVE-2025-38437", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38437", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ksmbd: fix potential use-after-free in oplock/lease break ack", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potential use-after-free in oplock/lease break ack\n\nIf ksmbd_iov_pin_rsp return error, use-after-free can happen by\naccessing opinfo-\u003estate and opinfo_put and ksmbd_fd_put could\ncalled twice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38437", + "https://git.kernel.org/linus/50f930db22365738d9387c974416f38a06e8057e (6.16-rc6)", + "https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057e", + "https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acd", + "https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477", + "https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9", + "https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0", + "https://lore.kernel.org/linux-cve-announce/2025072559-CVE-2025-38437-9752@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38437", + "https://www.cve.org/CVERecord?id=CVE-2025-38437" + ], + "PublishedDate": "2025-07-25T16:15:29.03Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38438", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38438", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.\n\nsof_pdata-\u003etplg_filename can have address allocated by kstrdup()\nand can be overwritten. Memory leak was detected with kmemleak:\n\nunreferenced object 0xffff88812391ff60 (size 16):\n comm \"kworker/4:1\", pid 161, jiffies 4294802931\n hex dump (first 16 bytes):\n 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic.\n backtrace (crc 4bf1675c):\n __kmalloc_node_track_caller_noprof+0x49c/0x6b0\n kstrdup+0x46/0xc0\n hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]\n sof_init_environment+0x16f/0xb50 [snd_sof]\n sof_probe_continue+0x45/0x7c0 [snd_sof]\n sof_probe_work+0x1e/0x40 [snd_sof]\n process_one_work+0x894/0x14b0\n worker_thread+0x5e5/0xfb0\n kthread+0x39d/0x760\n ret_from_fork+0x31/0x70\n ret_from_fork_asm+0x1a/0x30", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38438", + "https://git.kernel.org/linus/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e (6.16-rc4)", + "https://git.kernel.org/stable/c/58ecf51af12cb32b890858b52b2c34e80590c74a", + "https://git.kernel.org/stable/c/68397fda2caa90e99a7c0bcb2cf604e42ef3b91f", + "https://git.kernel.org/stable/c/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e", + "https://lore.kernel.org/linux-cve-announce/2025072501-CVE-2025-38438-f653@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38438", + "https://www.cve.org/CVERecord?id=CVE-2025-38438" + ], + "PublishedDate": "2025-07-25T16:15:29.143Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38441", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38441", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()\n\nsyzbot found a potential access to uninit-value in nf_flow_pppoe_proto()\n\nBlamed commit forgot the Ethernet header.\n\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5742 [inline]\n __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837\n __netif_receive_skb_one_core net/core/dev.c:5975 [inline]\n __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090\n netif_receive_skb_internal net/core/dev.c:6176 [inline]\n netif_receive_skb+0x57/0x630 net/core/dev.c:6235\n tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485\n tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938\n tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0xb4b/0x1580 fs/read_write.c:686\n ksys_write fs/read_write.c:738 [inline]\n __do_sys_write fs/read_write.c:749 [inline]", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38441", + "https://git.kernel.org/linus/18cdb3d982da8976b28d57691eb256ec5688fad2 (6.16-rc6)", + "https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2", + "https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536c5ea425fdabb221", + "https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa4cafdc036e8a2dd", + "https://git.kernel.org/stable/c/cfbf0665969af2c69d10c377d4c3d306e717efb4", + "https://git.kernel.org/stable/c/e0dd2e9729660f3f4fcb16e0aef87342911528ef", + "https://git.kernel.org/stable/c/eed8960b289327235185b7c32649c3470a3e969b", + "https://lore.kernel.org/linux-cve-announce/2025072502-CVE-2025-38441-bb71@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38441", + "https://www.cve.org/CVERecord?id=CVE-2025-38441" + ], + "PublishedDate": "2025-07-25T16:15:29.497Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38443", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38443", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: nbd: fix uaf in nbd_genl_connect() error path", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38443", + "https://git.kernel.org/linus/aa9552438ebf015fc5f9f890dbfe39f0c53cf37e (6.16-rc6)", + "https://git.kernel.org/stable/c/002aca89753f666d878ca0eb8584c372684ac4ba", + "https://git.kernel.org/stable/c/8586552df591e0a367eff44af0c586213eeecc3f", + "https://git.kernel.org/stable/c/91fa560c73a8126868848ed6cd70607cbf8d87e2", + "https://git.kernel.org/stable/c/aa9552438ebf015fc5f9f890dbfe39f0c53cf37e", + "https://git.kernel.org/stable/c/cb121c47f364b51776c4db904a6a5a90ab0a7ec5", + "https://git.kernel.org/stable/c/d46186eb7bbd9a11c145120f2d77effa8d4d44c2", + "https://lore.kernel.org/linux-cve-announce/2025072502-CVE-2025-38443-419c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38443", + "https://www.cve.org/CVERecord?id=CVE-2025-38443" + ], + "PublishedDate": "2025-07-25T16:15:29.737Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38444", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38444", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: raid10: cleanup memleak at raid10_make_request", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid10: cleanup memleak at raid10_make_request\n\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\n\nunreferenced object 0xffff8884802c3200 (size 192):\n comm \"fio\", pid 9197, jiffies 4298078271\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A......\n 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc c1a049a2):\n __kmalloc+0x2bb/0x450\n mempool_alloc+0x11b/0x320\n raid10_make_request+0x19e/0x650 [raid10]\n md_handle_request+0x3b3/0x9e0\n __submit_bio+0x394/0x560\n __submit_bio_noacct+0x145/0x530\n submit_bio_noacct_nocheck+0x682/0x830\n __blkdev_direct_IO_async+0x4dc/0x6b0\n blkdev_read_iter+0x1e5/0x3b0\n __io_read+0x230/0x1110\n io_read+0x13/0x30\n io_issue_sqe+0x134/0x1180\n io_submit_sqes+0x48c/0xe90\n __do_sys_io_uring_enter+0x574/0x8b0\n do_syscall_64+0x5c/0xe0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38444", + "https://git.kernel.org/linus/43806c3d5b9bb7d74ba4e33a6a8a41ac988bde24 (6.16-rc6)", + "https://git.kernel.org/stable/c/10c6021a609deb95f23f0cc2f89aa9d4bffb14c7", + "https://git.kernel.org/stable/c/2941155d9a5ae098b480d551f3a5f8605d4f9af5", + "https://git.kernel.org/stable/c/43806c3d5b9bb7d74ba4e33a6a8a41ac988bde24", + "https://git.kernel.org/stable/c/8fc3d7b23d139e3cbc944c15d99b3cdbed797d2d", + "https://git.kernel.org/stable/c/9af149ca9d0dab6e59e813519d309eff62499864", + "https://git.kernel.org/stable/c/ed7bcd9f617e4107ac0813c516e72e6b8f6029bd", + "https://lore.kernel.org/linux-cve-announce/2025072503-CVE-2025-38444-4b60@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38444", + "https://www.cve.org/CVERecord?id=CVE-2025-38444" + ], + "PublishedDate": "2025-07-25T16:15:29.86Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38446", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38446", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data\n\nWhen num_parents is 4, __clk_register() occurs an out-of-bounds\nwhen accessing parent_names member. Use ARRAY_SIZE() instead of\nhardcode number here.\n\n BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8\n Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59\n Hardware name: NXP i.MX95 19X19 board (DT)\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x8c/0xcc\n print_report+0x398/0x5fc\n kasan_report+0xd4/0x114\n __asan_report_load8_noabort+0x20/0x2c\n __clk_register+0x1844/0x20d8\n clk_hw_register+0x44/0x110\n __clk_hw_register_mux+0x284/0x3a8\n imx95_bc_probe+0x4f4/0xa70", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38446", + "https://git.kernel.org/linus/aacc875a448d363332b9df0621dde6d3a225ea9f (6.16-rc6)", + "https://git.kernel.org/stable/c/a956daad67cec454ee985e103e167711fab5b9b8", + "https://git.kernel.org/stable/c/aacc875a448d363332b9df0621dde6d3a225ea9f", + "https://git.kernel.org/stable/c/fcee75daecc5234ee3482d8cf3518bf021d8a0a5", + "https://lore.kernel.org/linux-cve-announce/2025072503-CVE-2025-38446-492b@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38446", + "https://www.cve.org/CVERecord?id=CVE-2025-38446" + ], + "PublishedDate": "2025-07-25T16:15:30.1Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38448", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38448", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: usb: gadget: u_serial: Fix race condition in TTY wakeup", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38448", + "https://git.kernel.org/linus/c529c3730bd09115684644e26bf01ecbd7e2c2c9 (6.16-rc5)", + "https://git.kernel.org/stable/c/18d58a467ccf011078352d91b4d6a0108c7318e8", + "https://git.kernel.org/stable/c/a5012673d49788f16bb4e375b002d7743eb642d9", + "https://git.kernel.org/stable/c/abf3620cba68e0e51e5c21054ce4f925f75b3661", + "https://git.kernel.org/stable/c/c529c3730bd09115684644e26bf01ecbd7e2c2c9", + "https://git.kernel.org/stable/c/c6eb4a05af3d0ba3bc4e8159287722fb9abc6359", + "https://git.kernel.org/stable/c/c8c80a3a35c2e3488409de2d5376ef7e662a2bf5", + "https://git.kernel.org/stable/c/d43657b59f36e88289a6066f15bc9a80df5014eb", + "https://git.kernel.org/stable/c/ee8d688e2ba558f3bb8ac225113740be5f335417", + "https://lore.kernel.org/linux-cve-announce/2025072504-CVE-2025-38448-f242@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38448", + "https://www.cve.org/CVERecord?id=CVE-2025-38448" + ], + "PublishedDate": "2025-07-25T16:15:30.317Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38451", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38451", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: md/md-bitmap: fix GPF in bitmap_get_stats()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix GPF in bitmap_get_stats()\n\nThe commit message of commit 6ec1f0239485 (\"md/md-bitmap: fix stats\ncollection for external bitmaps\") states:\n\n Remove the external bitmap check as the statistics should be\n available regardless of bitmap storage location.\n\n Return -EINVAL only for invalid bitmap with no storage (neither in\n superblock nor in external file).\n\nBut, the code does not adhere to the above, as it does only check for\na valid super-block for \"internal\" bitmaps. Hence, we observe:\n\nOops: GPF, probably for non-canonical address 0x1cd66f1f40000028\nRIP: 0010:bitmap_get_stats+0x45/0xd0\nCall Trace:\n\n seq_read_iter+0x2b9/0x46a\n seq_read+0x12f/0x180\n proc_reg_read+0x57/0xb0\n vfs_read+0xf6/0x380\n ksys_read+0x6d/0xf0\n do_syscall_64+0x8c/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nWe fix this by checking the existence of a super-block for both the\ninternal and external case.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38451", + "https://git.kernel.org/linus/c17fb542dbd1db745c9feac15617056506dd7195 (6.16-rc6)", + "https://git.kernel.org/stable/c/3d82a729530bd2110ba66e4a1f73461c776edec2", + "https://git.kernel.org/stable/c/3e0542701b37aa25b025d8531583458e4f014c2e", + "https://git.kernel.org/stable/c/a18f9b08c70e10ea3a897058fee8a4f3b4c146ec", + "https://git.kernel.org/stable/c/a23b16ba3274961494f5ad236345d238364349ff", + "https://git.kernel.org/stable/c/c17fb542dbd1db745c9feac15617056506dd7195", + "https://lore.kernel.org/linux-cve-announce/2025072504-CVE-2025-38451-ee66@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38451", + "https://www.cve.org/CVERecord?id=CVE-2025-38451" + ], + "PublishedDate": "2025-07-25T16:15:30.68Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38452", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38452", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()\n\nAdd check for the return value of rcar_gen4_ptp_alloc()\nto prevent potential null pointer dereference.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38452", + "https://git.kernel.org/linus/95a234f6affbf51f06338383537ab80d637bb785 (6.16-rc6)", + "https://git.kernel.org/stable/c/95a234f6affbf51f06338383537ab80d637bb785", + "https://git.kernel.org/stable/c/9f260e16b297f8134c5f90bb5a20e805ff57e853", + "https://git.kernel.org/stable/c/d52eb4f0e0ca9a5213b8795abbeb11a325d9b22d", + "https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38452-d9d1@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38452", + "https://www.cve.org/CVERecord?id=CVE-2025-38452" + ], + "PublishedDate": "2025-07-25T16:15:30.8Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38454", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38454", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()\n\nUse pr_warn() instead of dev_warn() when 'pdev' is NULL to avoid a\npotential NULL pointer dereference.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38454", + "https://git.kernel.org/linus/043faef334a1f3d96ae88e1b7618bfa2b4946388 (6.16-rc6)", + "https://git.kernel.org/stable/c/043faef334a1f3d96ae88e1b7618bfa2b4946388", + "https://git.kernel.org/stable/c/e14bffc90866596ba19ffe549f199d7870da4241", + "https://git.kernel.org/stable/c/ef84c94d11ff972ecc3507f1ed092046bf6204b2", + "https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38454-8908@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38454", + "https://www.cve.org/CVERecord?id=CVE-2025-38454" + ], + "PublishedDate": "2025-07-25T16:15:31.03Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38455", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38455", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU's\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don't check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38455", + "https://git.kernel.org/linus/ecf371f8b02d5e31b9aa1da7f159f1b2107bdb01 (6.16-rc6)", + "https://git.kernel.org/stable/c/8c8e8d4d7544bb783e15078eda8ba2580e192246", + "https://git.kernel.org/stable/c/b5725213149597cd9c2b075b87bc4e0f87e906c1", + "https://git.kernel.org/stable/c/e0d9a7cf37ca09c513420dc88e0d0e805a4f0820", + "https://git.kernel.org/stable/c/ecf371f8b02d5e31b9aa1da7f159f1b2107bdb01", + "https://git.kernel.org/stable/c/fd044c99d831e9f837518816c7c366b04014d405", + "https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38455-9331@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38455", + "https://www.cve.org/CVERecord?id=CVE-2025-38455" + ], + "PublishedDate": "2025-07-25T16:15:31.143Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38456", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:msghandler: Fix potential memory corruption in ipmi_create_user()\n\nThe \"intf\" list iterator is an invalid pointer if the correct\n\"intf-\u003eintf_num\" is not found. Calling atomic_dec(\u0026intf-\u003enr_users) on\nand invalid pointer will lead to memory corruption.\n\nWe don't really need to call atomic_dec() if we haven't called\natomic_add_return() so update the if (intf-\u003ein_shutdown) path as well.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38456", + "https://git.kernel.org/linus/fa332f5dc6fc662ad7d3200048772c96b861cf6b (6.16-rc1)", + "https://git.kernel.org/stable/c/7c1a6ddb99858e7d68961f74ae27caeeeca67b6a", + "https://git.kernel.org/stable/c/9e0d33e75c1604c3fad5586ad4dfa3b2695a3950", + "https://git.kernel.org/stable/c/cbc1670297f675854e982d23c8583900ff0cc67a", + "https://git.kernel.org/stable/c/e2d5c005dfc96fe857676d1d8ac46b29275cb89b", + "https://git.kernel.org/stable/c/fa332f5dc6fc662ad7d3200048772c96b861cf6b", + "https://lore.kernel.org/linux-cve-announce/2025072506-CVE-2025-38456-3c0a@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38456", + "https://www.cve.org/CVERecord?id=CVE-2025-38456" + ], + "PublishedDate": "2025-07-25T16:15:31.283Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38458", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38458", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: atm: clip: Fix NULL pointer dereference in vcc_sendmsg()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix NULL pointer dereference in vcc_sendmsg()\n\natmarpd_dev_ops does not implement the send method, which may cause crash\nas bellow.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: Oops: 0010 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffc9000d3cf778 EFLAGS: 00010246\nRAX: 1ffffffff1910dd1 RBX: 00000000000000c0 RCX: dffffc0000000000\nRDX: ffffc9000dc82000 RSI: ffff88803e4c4640 RDI: ffff888052cd0000\nRBP: ffffc9000d3cf8d0 R08: ffff888052c9143f R09: 1ffff1100a592287\nR10: dffffc0000000000 R11: 0000000000000000 R12: 1ffff92001a79f00\nR13: ffff888052cd0000 R14: ffff88803e4c4640 R15: ffffffff8c886e88\nFS: 00007fbc762566c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 0000000041f1b000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc50 net/atm/common.c:644\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n ____sys_sendmsg+0x52d/0x830 net/socket.c:2566\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620\n __sys_sendmmsg+0x227/0x430 net/socket.c:2709\n __do_sys_sendmmsg net/socket.c:2736 [inline]\n __se_sys_sendmmsg net/socket.c:2733 [inline]\n __x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2733\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38458", + "https://git.kernel.org/linus/22fc46cea91df3dce140a7dc6847c6fcf0354505 (6.16-rc6)", + "https://git.kernel.org/stable/c/07b585ae3699c0a5026f86ac846f144e34875eee", + "https://git.kernel.org/stable/c/22fc46cea91df3dce140a7dc6847c6fcf0354505", + "https://git.kernel.org/stable/c/27b5bb7ea1a8fa7b8c4cfde4d2bf8650cca2e8e8", + "https://git.kernel.org/stable/c/34a09d6240a25185ef6fc5a19dbb3cdbb6a78bc0", + "https://git.kernel.org/stable/c/7f1cad84ac1a6af42d9d57e879de47ce37995024", + "https://git.kernel.org/stable/c/7f8a9b396037daae453a108faec5b28886361323", + "https://git.kernel.org/stable/c/9ec7e943aee5c28c173933f9defd40892fb3be3d", + "https://git.kernel.org/stable/c/a16fbe6087e91c8e7c4aa50e1af7ad56edbd9e3e", + "https://lore.kernel.org/linux-cve-announce/2025072506-CVE-2025-38458-d999@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38458", + "https://www.cve.org/CVERecord?id=CVE-2025-38458" + ], + "PublishedDate": "2025-07-25T16:15:31.53Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38460", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38460", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: atm: clip: Fix potential null-ptr-deref in to_atmarpd().", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet's use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38460", + "https://git.kernel.org/linus/706cc36477139c1616a9b2b96610a8bb520b7119 (6.16-rc6)", + "https://git.kernel.org/stable/c/06935c50cfa3ac57cce80bba67b6d38ec1406e92", + "https://git.kernel.org/stable/c/3251ce3979f41bd228f77a7615f9dd616d06a110", + "https://git.kernel.org/stable/c/36caab990b69ef4eec1d81c52a19f080b7daa059", + "https://git.kernel.org/stable/c/706cc36477139c1616a9b2b96610a8bb520b7119", + "https://git.kernel.org/stable/c/70eac9ba7ce25d99c1d99bbf4ddb058940f631f9", + "https://git.kernel.org/stable/c/a4c5785feb979cd996a99cfaad8bf353b2e79301", + "https://git.kernel.org/stable/c/ee4d9e4ddf3f9c4ee2ec0a3aad6196ee36d30e57", + "https://git.kernel.org/stable/c/f58e4270c73e7f086322978d585ea67c8076ce49", + "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38460-40fb@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38460", + "https://www.cve.org/CVERecord?id=CVE-2025-38460" + ], + "PublishedDate": "2025-07-25T16:15:31.787Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38465", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38465", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: netlink: Fix wraparounds of sk-\u003esk_rmem_alloc.", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet's fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38465", + "https://git.kernel.org/linus/ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc (6.16-rc6)", + "https://git.kernel.org/stable/c/4b8e18af7bea92f8b7fb92d40aeae729209db250", + "https://git.kernel.org/stable/c/55baecb9eb90238f60a8350660d6762046ebd3bd", + "https://git.kernel.org/stable/c/76602d8e13864524382b0687dc32cd8f19164d5a", + "https://git.kernel.org/stable/c/9da025150b7c14a8390fc06aea314c0a4011e82c", + "https://git.kernel.org/stable/c/ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc", + "https://git.kernel.org/stable/c/c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98", + "https://git.kernel.org/stable/c/cd7ff61bfffd7000143c42bbffb85eeb792466d6", + "https://git.kernel.org/stable/c/fd69af06101090eaa60b3d216ae715f9c0a58e5b", + "https://lore.kernel.org/linux-cve-announce/2025072508-CVE-2025-38465-28ad@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38465", + "https://www.cve.org/CVERecord?id=CVE-2025-38465" + ], + "PublishedDate": "2025-07-25T16:15:32.527Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38467", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38467", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there's support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don't happen. This indicates that it's some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38467", + "https://git.kernel.org/linus/b846350aa272de99bf6fecfa6b08e64ebfb13173 (6.16-rc5)", + "https://git.kernel.org/stable/c/391e5ea5b877230b844c9bd8bbcd91b681b1ce2d", + "https://git.kernel.org/stable/c/87825fbd1e176cd5b896940f3959e7c9a916945d", + "https://git.kernel.org/stable/c/996740652e620ef8ee1e5c65832cf2ffa498577d", + "https://git.kernel.org/stable/c/a2130463fc9451005660b0eda7b61d5f746f7d74", + "https://git.kernel.org/stable/c/a40a35166f7e4f6dcd4b087d620c8228922dcb0a", + "https://git.kernel.org/stable/c/b4e72c0bf878f02faa00a7dc7c9ffc4ff7c116a7", + "https://git.kernel.org/stable/c/b846350aa272de99bf6fecfa6b08e64ebfb13173", + "https://git.kernel.org/stable/c/e9d9b25f376737b81f06de9c5aa422b488f47184", + "https://lore.kernel.org/linux-cve-announce/2025072509-CVE-2025-38467-eb0c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38467", + "https://www.cve.org/CVERecord?id=CVE-2025-38467" + ], + "PublishedDate": "2025-07-25T16:15:33.267Z", + "LastModifiedDate": "2025-07-29T14:14:55.157Z" + }, + { + "VulnerabilityID": "CVE-2025-38468", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38468", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38468", + "https://git.kernel.org/linus/0e1d5d9b5c5966e2e42e298670808590db5ed628 (6.16-rc7)", + "https://git.kernel.org/stable/c/0e1d5d9b5c5966e2e42e298670808590db5ed628", + "https://git.kernel.org/stable/c/3691f84269a23f7edd263e9b6edbc27b7ae332f4", + "https://git.kernel.org/stable/c/7ff2d83ecf2619060f30ecf9fad4f2a700fca344", + "https://git.kernel.org/stable/c/890a5d423ef0a7bd13447ceaffad21189f557301", + "https://git.kernel.org/stable/c/e5c480dc62a3025b8428d4818e722da30ad6804f", + "https://lore.kernel.org/linux-cve-announce/2025072834-CVE-2025-38468-4110@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38468", + "https://www.cve.org/CVERecord?id=CVE-2025-38468" + ], + "PublishedDate": "2025-07-28T12:15:28.503Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38469", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38469", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls\n\nkvm_xen_schedop_poll does a kmalloc_array() when a VM polls the host\nfor more than one event channel potr (nr_ports \u003e 1).\n\nAfter the kmalloc_array(), the error paths need to go through the\n\"out\" label, but the call to kvm_read_guest_virt() does not.\n\n[Adjusted commit message. - Paolo]", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38469", + "https://git.kernel.org/linus/5a53249d149f48b558368c5338b9921b76a12f8c (6.16)", + "https://git.kernel.org/stable/c/061c553c66bc1638c280739999224c8000fd4602", + "https://git.kernel.org/stable/c/3ee59c38ae7369ad1f7b846e05633ccf0d159fab", + "https://git.kernel.org/stable/c/5a53249d149f48b558368c5338b9921b76a12f8c", + "https://git.kernel.org/stable/c/fd627ac8a5cff4d45269f164b13ddddc0726f2cc", + "https://lore.kernel.org/linux-cve-announce/2025072811-CVE-2025-38469-4e11@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38469", + "https://www.cve.org/CVERecord?id=CVE-2025-38469" + ], + "PublishedDate": "2025-07-28T12:15:28.64Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38470", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38470", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38470", + "https://git.kernel.org/linus/579d4f9ca9a9a605184a9b162355f6ba131f678d (6.16-rc7)", + "https://git.kernel.org/stable/c/579d4f9ca9a9a605184a9b162355f6ba131f678d", + "https://git.kernel.org/stable/c/8984bcbd1edf5bee5be06ad771d157333b790c33", + "https://git.kernel.org/stable/c/93715aa2d80e6c5cea1bb486321fc4585076928b", + "https://git.kernel.org/stable/c/bb515c41306454937464da055609b5fb0a27821b", + "https://git.kernel.org/stable/c/d43ef15bf4856c8c4c6c3572922331a5f06deb77", + "https://lore.kernel.org/linux-cve-announce/2025072811-CVE-2025-38470-a4d4@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38470", + "https://www.cve.org/CVERecord?id=CVE-2025-38470" + ], + "PublishedDate": "2025-07-28T12:15:28.76Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38476", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38476", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: rpl: Fix use-after-free in rpl_do_srh_inline()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet's fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38476", + "https://git.kernel.org/linus/b640daa2822a39ff76e70200cb2b7b892b896dce (6.16-rc7)", + "https://git.kernel.org/stable/c/034b428aa3583373a5a20b1c5931bb2b3cae1f36", + "https://git.kernel.org/stable/c/06ec83b6c792fde1f710c1de3e836da6e257c4c4", + "https://git.kernel.org/stable/c/62dcd9d6e61c39122d2f251a26829e2e55b0a11d", + "https://git.kernel.org/stable/c/b640daa2822a39ff76e70200cb2b7b892b896dce", + "https://git.kernel.org/stable/c/e8101506ab86dd78f823b7028f2036a380f3a12a", + "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38476-ab35@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38476", + "https://www.cve.org/CVERecord?id=CVE-2025-38476" + ], + "PublishedDate": "2025-07-28T12:15:29.483Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38478", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38478", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: comedi: Fix initialization of data for instructions that write to subdevice", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38478", + "https://git.kernel.org/linus/46d8c744136ce2454aa4c35c138cc06817f92b8e (6.16-rc7)", + "https://git.kernel.org/stable/c/46d8c744136ce2454aa4c35c138cc06817f92b8e", + "https://git.kernel.org/stable/c/673ee92bd2d31055bca98a1d96b653f5284289c4", + "https://git.kernel.org/stable/c/c42116dc70af6664526f7aa82cf937824ab42649", + "https://git.kernel.org/stable/c/d3436638738ace8f101af7bdee2eae1bc38e9b29", + "https://git.kernel.org/stable/c/fe8713fb4e4e82a4f91910d9a41bf0613e69a0b9", + "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38478-298f@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38478", + "https://www.cve.org/CVERecord?id=CVE-2025-38478" + ], + "PublishedDate": "2025-07-28T12:15:29.733Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38480", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38480", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: comedi: Fix use of uninitialized data in insn_rw_emulate_bits()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice's `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38480", + "https://git.kernel.org/linus/e9cb26291d009243a4478a7ffb37b3a9175bfce9 (6.16-rc7)", + "https://git.kernel.org/stable/c/10f9024a8c824a41827fff1fefefb314c98e2c88", + "https://git.kernel.org/stable/c/2af1e7d389c2619219171d23f5b96dbcbb7f9656", + "https://git.kernel.org/stable/c/3050d197d6bc9ef128944a70210f42d2430b3000", + "https://git.kernel.org/stable/c/3ab55ffaaf75d0c7b68e332c1cdcc1b0e0044870", + "https://git.kernel.org/stable/c/e9cb26291d009243a4478a7ffb37b3a9175bfce9", + "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38480-d8ab@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38480", + "https://www.cve.org/CVERecord?id=CVE-2025-38480" + ], + "PublishedDate": "2025-07-28T12:15:29.853Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38481", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38481", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38481", + "https://git.kernel.org/linus/08ae4b20f5e82101d77326ecab9089e110f224cc (6.16-rc7)", + "https://git.kernel.org/stable/c/08ae4b20f5e82101d77326ecab9089e110f224cc", + "https://git.kernel.org/stable/c/992d600f284e719242a434166e86c1999649b71c", + "https://git.kernel.org/stable/c/c9d3d9667443caafa804cd07940aeaef8e53aa90", + "https://git.kernel.org/stable/c/d4c73ce13f5b5a0fe0319f1f352ff602f0ace8e3", + "https://git.kernel.org/stable/c/e3b8322cc8081d142ee4c1a43e1d702bdba1ed76", + "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38481-1476@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38481", + "https://www.cve.org/CVERecord?id=CVE-2025-38481" + ], + "PublishedDate": "2025-07-28T12:15:29.98Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38482", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38482", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: comedi: das6402: Fix bit shift out of bounds", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38482", + "https://git.kernel.org/linus/70f2b28b5243df557f51c054c20058ae207baaac (6.16-rc7)", + "https://git.kernel.org/stable/c/3eab654f5d199ecd45403c6588cda63e491fcfca", + "https://git.kernel.org/stable/c/4a3c18cde02e35aba87e0ad5672b3e1c72dda5a4", + "https://git.kernel.org/stable/c/70f2b28b5243df557f51c054c20058ae207baaac", + "https://git.kernel.org/stable/c/8a3637027ceeba4ca5e500b23cb7d24c25592513", + "https://git.kernel.org/stable/c/a18a42e77545afcacd6a2b8d9fc16191b87454df", + "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38482-f4ed@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38482", + "https://www.cve.org/CVERecord?id=CVE-2025-38482" + ], + "PublishedDate": "2025-07-28T12:15:30.117Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38483", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38483", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: comedi: das16m1: Fix bit shift out of bounds", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38483", + "https://git.kernel.org/linus/ed93c6f68a3be06e4e0c331c6e751f462dee3932 (6.16-rc7)", + "https://git.kernel.org/stable/c/076b13ee60eb01ed0d140ef261f95534562a3077", + "https://git.kernel.org/stable/c/65c03e6fc524eb2868abedffd8a4613d78abc288", + "https://git.kernel.org/stable/c/adb7df8a8f9d788423e161b779764527dd3ec2d0", + "https://git.kernel.org/stable/c/ed93c6f68a3be06e4e0c331c6e751f462dee3932", + "https://git.kernel.org/stable/c/f211572818ed5bec2b3f5d4e0719ef8699b3c269", + "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38483-ab88@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38483", + "https://www.cve.org/CVERecord?id=CVE-2025-38483" + ], + "PublishedDate": "2025-07-28T12:15:30.253Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38484", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38484", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: iio: backend: fix out-of-bound write", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: backend: fix out-of-bound write\n\nThe buffer is set to 80 character. If a caller write more characters,\ncount is truncated to the max available space in \"simple_write_to_buffer\".\nBut afterwards a string terminator is written to the buffer at offset count\nwithout boundary check. The zero termination is written OUT-OF-BOUND.\n\nAdd a check that the given buffer is smaller then the buffer to prevent.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38484", + "https://git.kernel.org/linus/da9374819eb3885636934c1006d450c3cb1a02ed (6.16-rc7)", + "https://git.kernel.org/stable/c/01e941aa7f5175125df4ac5d3aab099961525602", + "https://git.kernel.org/stable/c/6eea9f7648ddb9e4903735a1f77cf196c957aa38", + "https://git.kernel.org/stable/c/da9374819eb3885636934c1006d450c3cb1a02ed", + "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38484-4faf@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38484", + "https://www.cve.org/CVERecord?id=CVE-2025-38484" + ], + "PublishedDate": "2025-07-28T12:15:30.367Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38485", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38485", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38485", + "https://git.kernel.org/linus/1fe16dc1a2f5057772e5391ec042ed7442966c9a (6.16-rc7)", + "https://git.kernel.org/stable/c/1803d372460aaa9ae0188a30c9421d3f157f2f04", + "https://git.kernel.org/stable/c/1fe16dc1a2f5057772e5391ec042ed7442966c9a", + "https://git.kernel.org/stable/c/6ecd61c201b27ad2760b3975437ad2b97d725b98", + "https://git.kernel.org/stable/c/bfcda3e1015791b3a63fb4d3aad408da9cf76e8f", + "https://git.kernel.org/stable/c/dda42f23a8f5439eaac9521ce0531547d880cc54", + "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38485-3cec@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38485", + "https://www.cve.org/CVERecord?id=CVE-2025-38485" + ], + "PublishedDate": "2025-07-28T12:15:30.487Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38487", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38487", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don't disable channels that aren't enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38487", + "https://git.kernel.org/linus/56448e78a6bb4e1a8528a0e2efe94eff0400c247 (6.16-rc7)", + "https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be", + "https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247", + "https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448", + "https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f", + "https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a", + "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38487-1ffa@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38487", + "https://www.cve.org/CVERecord?id=CVE-2025-38487" + ], + "PublishedDate": "2025-07-28T12:15:30.72Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38489", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38489", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf's on_switch() prog to reappear.\n\nRestore the fix and add a comment.", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38489", + "https://git.kernel.org/linus/6a5abf8cf182f577c7ae6c62f14debc9754ec986 (6.16-rc7)", + "https://git.kernel.org/stable/c/0c7b20f7785cfdd59403333612c90b458b12307c", + "https://git.kernel.org/stable/c/6a5abf8cf182f577c7ae6c62f14debc9754ec986", + "https://git.kernel.org/stable/c/a4f9c7846b1ac428921ce9676b1b8c80ed60093c", + "https://git.kernel.org/stable/c/d5629d1af0600f8cc7c9245e8d832a66358ef889", + "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38489-0fd7@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38489", + "https://www.cve.org/CVERecord?id=CVE-2025-38489" + ], + "PublishedDate": "2025-07-28T12:15:30.99Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2025-38490", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38490", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: net: libwx: remove duplicate page_pool_put_full_page()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: remove duplicate page_pool_put_full_page()\n\npage_pool_put_full_page() should only be invoked when freeing Rx buffers\nor building a skb if the size is too short. At other times, the pages\nneed to be reused. So remove the redundant page put. In the original\ncode, double free pages cause kernel panic:\n\n[ 876.949834] __irq_exit_rcu+0xc7/0x130\n[ 876.949836] common_interrupt+0xb8/0xd0\n[ 876.949838] \u003c/IRQ\u003e\n[ 876.949838] \u003cTASK\u003e\n[ 876.949840] asm_common_interrupt+0x22/0x40\n[ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420\n[ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 \u003c45\u003e 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d\n[ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246\n[ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000\n[ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e\n[ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed\n[ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580\n[ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000\n[ 876.949852] ? cpuidle_enter_state+0xb3/0x420\n[ 876.949855] cpuidle_enter+0x29/0x40\n[ 876.949857] cpuidle_idle_call+0xfd/0x170\n[ 876.949859] do_idle+0x7a/0xc0\n[ 876.949861] cpu_startup_entry+0x25/0x30\n[ 876.949862] start_secondary+0x117/0x140\n[ 876.949864] common_startup_64+0x13e/0x148\n[ 876.949867] \u003c/TASK\u003e\n[ 876.949868] ---[ end trace 0000000000000000 ]---\n[ 876.949869] ------------[ cut here ]------------\n[ 876.949870] list_del corruption, ffffead40445a348-\u003enext is NULL\n[ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120\n[ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E)\n[ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi\n[ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary)\n[ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE\n[ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n[ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120\n[ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff \u003c0f\u003e 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8\n[ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282\n[ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000\n[ 876.949942] RDX: 0000000000000105 RSI: 00000\n---truncated---", + "Severity": "MEDIUM", + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-38490", + "https://git.kernel.org/linus/1b7e585c04cd5f0731dd25ffd396277e55fae0e6 (6.16-rc7)", + "https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130", + "https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a", + "https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6", + "https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa", + "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38490-7528@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-38490", + "https://www.cve.org/CVERecord?id=CVE-2025-38490" + ], + "PublishedDate": "2025-07-28T12:15:31.113Z", + "LastModifiedDate": "2025-07-29T14:14:29.59Z" + }, + { + "VulnerabilityID": "CVE-2004-0230", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2004-0230", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "TCP, when using a large Window Size, makes it easier for remote attack ...", + "Description": "TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 5 + } + }, + "References": [ + "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc", + "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt", + "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt", + "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt", + "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc", + "http://kb.juniper.net/JSA10638", + "http://marc.info/?l=bugtraq\u0026m=108302060014745\u0026w=2", + "http://marc.info/?l=bugtraq\u0026m=108506952116653\u0026w=2", + "http://secunia.com/advisories/11440", + "http://secunia.com/advisories/11458", + "http://secunia.com/advisories/22341", + "http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml", + "http://www.kb.cert.org/vuls/id/415294", + "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "http://www.osvdb.org/4030", + "http://www.securityfocus.com/archive/1/449179/100/0/threaded", + "http://www.securityfocus.com/bid/10183", + "http://www.uniras.gov.uk/vuls/2004/236929/index.htm", + "http://www.us-cert.gov/cas/techalerts/TA04-111A.html", + "http://www.vupen.com/english/advisories/2006/3983", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10053", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711" + ], + "PublishedDate": "2004-08-18T04:00:00Z", + "LastModifiedDate": "2025-05-02T16:40:41.53Z" + }, + { + "VulnerabilityID": "CVE-2005-3660", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-3660", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...", + "Description": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V2Score": 4.9 + } + }, + "References": [ + "http://secunia.com/advisories/18205", + "http://securityreason.com/securityalert/291", + "http://securitytracker.com/id?1015402", + "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=362", + "http://www.securityfocus.com/bid/16041", + "http://www.vupen.com/english/advisories/2005/3076", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/23835" + ], + "PublishedDate": "2005-12-22T23:03:00Z", + "LastModifiedDate": "2025-04-03T01:03:51.193Z" + }, + { + "VulnerabilityID": "CVE-2007-3719", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-3719", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: secretly Monopolizing the CPU Without Superuser Privileges", + "Description": "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\"", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V2Score": 2.1 + } + }, + "References": [ + "http://osvdb.org/37127", + "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf", + "https://access.redhat.com/security/cve/CVE-2007-3719", + "https://nvd.nist.gov/vuln/detail/CVE-2007-3719", + "https://www.cve.org/CVERecord?id=CVE-2007-3719" + ], + "PublishedDate": "2007-07-12T16:30:00Z", + "LastModifiedDate": "2024-11-21T00:33:54.23Z" + }, + { + "VulnerabilityID": "CVE-2008-2544", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2008-2544", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw", + "Description": "Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.", + "Severity": "LOW", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2008-2544", + "https://bugzilla.redhat.com/show_bug.cgi?id=213135", + "https://nvd.nist.gov/vuln/detail/CVE-2008-2544", + "https://www.cve.org/CVERecord?id=CVE-2008-2544" + ], + "PublishedDate": "2021-05-27T13:15:07.753Z", + "LastModifiedDate": "2024-11-21T00:47:07.257Z" + }, + { + "VulnerabilityID": "CVE-2008-4609", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2008-4609", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: TCP protocol vulnerabilities from Outpost24", + "Description": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.", + "Severity": "LOW", + "CweIDs": [ + "CWE-16" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V2Score": 7.1 + } + }, + "References": [ + "http://blog.robertlee.name/2008/10/conjecture-speculation.html", + "http://insecure.org/stf/tcp-dos-attack-explained.html", + "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html", + "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2", + "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked", + "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml", + "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html", + "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf", + "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", + "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "http://www.outpost24.com/news/news-2008-10-02.html", + "http://www.us-cert.gov/cas/techalerts/TA09-251A.html", + "https://access.redhat.com/security/cve/CVE-2008-4609", + "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048", + "https://nvd.nist.gov/vuln/detail/CVE-2008-4609", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340", + "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html", + "https://www.cve.org/CVERecord?id=CVE-2008-4609" + ], + "PublishedDate": "2008-10-20T17:59:26.163Z", + "LastModifiedDate": "2024-11-21T00:52:05.603Z" + }, + { + "VulnerabilityID": "CVE-2010-4563", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ipv6: sniffer detection", + "Description": "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + }, + "redhat": { + "V2Vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 2.9 + } + }, + "References": [ + "http://seclists.org/dailydave/2011/q2/25", + "http://seclists.org/fulldisclosure/2011/Apr/254", + "https://access.redhat.com/security/cve/CVE-2010-4563", + "https://nvd.nist.gov/vuln/detail/CVE-2010-4563", + "https://www.cve.org/CVERecord?id=CVE-2010-4563" + ], + "PublishedDate": "2012-02-02T17:55:00.847Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2010-5321", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-5321", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()", + "Description": "Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.", + "Severity": "LOW", + "CweIDs": [ + "CWE-772" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", + "V2Score": 3.8 + } + }, + "References": [ + "http://linuxtv.org/irc/v4l/index.php?date=2010-07-29", + "http://www.openwall.com/lists/oss-security/2015/02/08/4", + "https://access.redhat.com/security/cve/CVE-2010-5321", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340", + "https://bugzilla.kernel.org/show_bug.cgi?id=120571", + "https://bugzilla.redhat.com/show_bug.cgi?id=620629", + "https://nvd.nist.gov/vuln/detail/CVE-2010-5321", + "https://www.cve.org/CVERecord?id=CVE-2010-5321" + ], + "PublishedDate": "2017-04-24T06:59:00.21Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2011-4915", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4915", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...", + "Description": "fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + } + }, + "References": [ + "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201", + "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2ef990ab5a6705a356d146dd773a3b359787497", + "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4915.html", + "http://www.openwall.com/lists/oss-security/2011/11/07/9", + "https://lkml.org/lkml/2011/11/7/340", + "https://seclists.org/oss-sec/2011/q4/571", + "https://security-tracker.debian.org/tracker/CVE-2011-4915", + "https://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-about-keyboard-11131" + ], + "PublishedDate": "2020-02-20T18:15:11.137Z", + "LastModifiedDate": "2024-11-21T01:33:17.547Z" + }, + { + "VulnerabilityID": "CVE-2011-4916", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4916", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Linux kernel through 3.1 allows local users to obtain sensitive keystr ...", + "Description": "Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + } + }, + "References": [ + "https://lkml.org/lkml/2011/11/7/355", + "https://www.openwall.com/lists/oss-security/2011/12/28/3" + ], + "PublishedDate": "2022-07-12T21:15:09.147Z", + "LastModifiedDate": "2024-11-21T01:33:17.663Z" + }, + { + "VulnerabilityID": "CVE-2011-4917", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4917", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel through 3.1 there is an information disclosure iss ...", + "Description": "In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + } + }, + "References": [ + "https://lkml.org/lkml/2011/11/7/340", + "https://www.openwall.com/lists/oss-security/2011/12/28/4" + ], + "PublishedDate": "2022-04-18T17:15:11.937Z", + "LastModifiedDate": "2024-11-21T01:33:17.797Z" + }, + { + "VulnerabilityID": "CVE-2012-4542", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4542", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: block: default SCSI command filter does not accomodate commands overlap across device classes", + "Description": "block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 4.6 + }, + "redhat": { + "V2Vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "V2Score": 4.9 + } + }, + "References": [ + "http://marc.info/?l=linux-kernel\u0026m=135903967015813\u0026w=2", + "http://marc.info/?l=linux-kernel\u0026m=135904012416042\u0026w=2", + "http://rhn.redhat.com/errata/RHSA-2013-0496.html", + "http://rhn.redhat.com/errata/RHSA-2013-0579.html", + "http://rhn.redhat.com/errata/RHSA-2013-0882.html", + "http://rhn.redhat.com/errata/RHSA-2013-0928.html", + "https://access.redhat.com/security/cve/CVE-2012-4542", + "https://bugzilla.redhat.com/show_bug.cgi?id=875360", + "https://linux.oracle.com/cve/CVE-2012-4542.html", + "https://linux.oracle.com/errata/ELSA-2013-2534.html", + "https://nvd.nist.gov/vuln/detail/CVE-2012-4542", + "https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=76a274e17114abf1a77de6b651424648ce9e10c8", + "https://www.cve.org/CVERecord?id=CVE-2012-4542" + ], + "PublishedDate": "2013-02-28T19:55:01.107Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2014-9892", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9892", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "The snd_compr_tstamp function in sound/core/compress_offload.c in the ...", + "Description": "The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://source.android.com/security/bulletin/2016-08-01.html", + "http://www.securityfocus.com/bid/92222", + "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e" + ], + "PublishedDate": "2016-08-06T10:59:35.717Z", + "LastModifiedDate": "2025-04-12T10:46:40.837Z" + }, + { + "VulnerabilityID": "CVE-2014-9900", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9900", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Info leak in uninitialized structure ethtool_wolinfo in ethtool_get_wol()", + "Description": "The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://source.android.com/security/bulletin/2016-08-01.html", + "http://www.securityfocus.com/bid/92222", + "https://access.redhat.com/security/cve/CVE-2014-9900", + "https://nvd.nist.gov/vuln/detail/CVE-2014-9900", + "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071", + "https://ubuntu.com/security/notices/USN-3358-1", + "https://ubuntu.com/security/notices/USN-3359-1", + "https://ubuntu.com/security/notices/USN-3360-1", + "https://ubuntu.com/security/notices/USN-3360-2", + "https://ubuntu.com/security/notices/USN-3364-1", + "https://ubuntu.com/security/notices/USN-3364-2", + "https://ubuntu.com/security/notices/USN-3364-3", + "https://ubuntu.com/security/notices/USN-3371-1", + "https://www.cve.org/CVERecord?id=CVE-2014-9900" + ], + "PublishedDate": "2016-08-06T10:59:44.983Z", + "LastModifiedDate": "2025-04-12T10:46:40.837Z" + }, + { + "VulnerabilityID": "CVE-2015-2877", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2877", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Kernel: Cross-VM ASL INtrospection (CAIN)", + "Description": "Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states \"Basically if you care about this attack vector, disable deduplication.\" Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 2.1, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://www.antoniobarresi.com/files/cain_advisory.txt", + "http://www.kb.cert.org/vuls/id/935424", + "http://www.securityfocus.com/bid/76256", + "https://access.redhat.com/security/cve/CVE-2015-2877", + "https://bugzilla.redhat.com/show_bug.cgi?id=1252096", + "https://nvd.nist.gov/vuln/detail/CVE-2015-2877", + "https://www.cve.org/CVERecord?id=CVE-2015-2877", + "https://www.kb.cert.org/vuls/id/BGAR-A2CNKG", + "https://www.kb.cert.org/vuls/id/BLUU-9ZAHZH", + "https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf" + ], + "PublishedDate": "2017-03-03T11:59:00.147Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2016-10723", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10723", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in the Linux kernel through 4.17.2. Since the ...", + "Description": "An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \"the underlying problem is non-trivial to handle.", + "Severity": "LOW", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + } + }, + "References": [ + "https://lore.kernel.org/lkml/195a512f-aecc-f8cf-f409-6c42ee924a8c@i-love.sakura.ne.jp/", + "https://lore.kernel.org/lkml/cb2d635c-c14d-c2cc-868a-d4c447364f0d@i-love.sakura.ne.jp/", + "https://patchwork.kernel.org/patch/10395909/", + "https://patchwork.kernel.org/patch/9842889/", + "https://www.cve.org/CVERecord?id=CVE-2016-10723", + "https://www.spinics.net/lists/linux-mm/msg117896.html" + ], + "PublishedDate": "2018-06-21T13:29:00.21Z", + "LastModifiedDate": "2024-11-21T02:44:35.807Z" + }, + { + "VulnerabilityID": "CVE-2016-8660", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8660", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation", + "Description": "The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-19" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2016/10/13/8", + "http://www.securityfocus.com/bid/93558", + "https://access.redhat.com/security/cve/CVE-2016-8660", + "https://bugzilla.redhat.com/show_bug.cgi?id=1384851", + "https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/", + "https://marc.info/?l=linux-fsdevel\u0026m=147639177409294\u0026w=2", + "https://marc.info/?l=linux-xfs\u0026m=149498118228320\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2016-8660", + "https://www.cve.org/CVERecord?id=CVE-2016-8660" + ], + "PublishedDate": "2016-10-16T21:59:14.333Z", + "LastModifiedDate": "2025-04-12T10:46:40.837Z" + }, + { + "VulnerabilityID": "CVE-2017-0630", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0630", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Information disclosure vulnerability in kernel trace subsystem", + "Description": "An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 2.6, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.securityfocus.com/bid/98213", + "https://access.redhat.com/security/cve/CVE-2017-0630", + "https://nvd.nist.gov/vuln/detail/CVE-2017-0630", + "https://source.android.com/security/bulletin/2017-05-01", + "https://source.android.com/security/bulletin/2017-05-01#id-in-kernel-trace-subsystem", + "https://www.cve.org/CVERecord?id=CVE-2017-0630" + ], + "PublishedDate": "2017-05-12T15:29:02.657Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2017-13693", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13693", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ACPI operand cache leak in dsutils.c", + "Description": "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100502", + "https://access.redhat.com/security/cve/CVE-2017-13693", + "https://github.com/acpica/acpica/pull/295", + "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13693", + "https://patchwork.kernel.org/patch/9919053/", + "https://www.cve.org/CVERecord?id=CVE-2017-13693" + ], + "PublishedDate": "2017-08-25T08:29:00.273Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2017-13694", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13694", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ACPI node and node_ext cache leak", + "Description": "The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/100500", + "https://access.redhat.com/security/cve/CVE-2017-13694", + "https://github.com/acpica/acpica/pull/278", + "https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13694", + "https://patchwork.kernel.org/patch/9806085/", + "https://www.cve.org/CVERecord?id=CVE-2017-13694" + ], + "PublishedDate": "2017-08-25T08:29:00.32Z", + "LastModifiedDate": "2025-04-20T01:37:25.86Z" + }, + { + "VulnerabilityID": "CVE-2018-1121", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "procps: process hiding through race condition enumerating /proc", + "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", + "Severity": "LOW", + "CweIDs": [ + "CWE-367", + "CWE-362" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q2/122", + "http://www.securityfocus.com/bid/104214", + "https://access.redhat.com/security/cve/CVE-2018-1121", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", + "https://nvd.nist.gov/vuln/detail/CVE-2018-1121", + "https://www.cve.org/CVERecord?id=CVE-2018-1121", + "https://www.exploit-db.com/exploits/44806/", + "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + ], + "PublishedDate": "2018-06-13T20:29:00.337Z", + "LastModifiedDate": "2024-11-21T03:59:13.5Z" + }, + { + "VulnerabilityID": "CVE-2018-12928", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko", + "Description": "In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104593", + "https://access.redhat.com/security/cve/CVE-2018-12928", + "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384", + "https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ", + "https://linux.oracle.com/cve/CVE-2018-12928.html", + "https://linux.oracle.com/errata/ELSA-2025-20480.html", + "https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/", + "https://marc.info/?l=linux-fsdevel\u0026m=152407263325766\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2018-12928", + "https://www.cve.org/CVERecord?id=CVE-2018-12928" + ], + "PublishedDate": "2018-06-28T14:29:00.353Z", + "LastModifiedDate": "2024-11-21T03:46:07.97Z" + }, + { + "VulnerabilityID": "CVE-2018-17977", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17977", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service", + "Description": "The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "http://www.securityfocus.com/bid/105539", + "https://access.redhat.com/security/cve/CVE-2018-17977", + "https://bugzilla.suse.com/show_bug.cgi?id=1111609", + "https://nvd.nist.gov/vuln/detail/CVE-2018-17977", + "https://www.cve.org/CVERecord?id=CVE-2018-17977", + "https://www.openwall.com/lists/oss-security/2018/10/05/5" + ], + "PublishedDate": "2018-10-08T17:29:00.653Z", + "LastModifiedDate": "2024-11-21T03:55:19.193Z" + }, + { + "VulnerabilityID": "CVE-2019-11191", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11191", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: race condition in load_aout_binary() allows local users to bypass ASLR on setuid a.out programs", + "Description": "The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 1.9, + "V3Score": 2.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 2.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", + "http://www.openwall.com/lists/oss-security/2019/04/18/5", + "http://www.openwall.com/lists/oss-security/2019/05/22/7", + "http://www.securityfocus.com/bid/107887", + "https://access.redhat.com/security/cve/CVE-2019-11191", + "https://nvd.nist.gov/vuln/detail/CVE-2019-11191", + "https://ubuntu.com/security/notices/USN-4006-1", + "https://ubuntu.com/security/notices/USN-4006-2", + "https://ubuntu.com/security/notices/USN-4007-1", + "https://ubuntu.com/security/notices/USN-4007-2", + "https://ubuntu.com/security/notices/USN-4008-1", + "https://ubuntu.com/security/notices/USN-4008-3", + "https://usn.ubuntu.com/4006-1/", + "https://usn.ubuntu.com/4006-2/", + "https://usn.ubuntu.com/4007-1/", + "https://usn.ubuntu.com/4007-2/", + "https://usn.ubuntu.com/4008-1/", + "https://usn.ubuntu.com/4008-3/", + "https://www.cve.org/CVERecord?id=CVE-2019-11191", + "https://www.openwall.com/lists/oss-security/2019/04/03/4", + "https://www.openwall.com/lists/oss-security/2019/04/03/4/1" + ], + "PublishedDate": "2019-04-12T00:29:00.31Z", + "LastModifiedDate": "2024-11-21T04:20:42.093Z" + }, + { + "VulnerabilityID": "CVE-2019-12378", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12378", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: unchecked kmalloc of new_ra in ip6_ra_control leads to denial of service", + "Description": "An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.7 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108475", + "https://access.redhat.com/security/cve/CVE-2019-12378", + "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825", + "https://linux.oracle.com/cve/CVE-2019-12378.html", + "https://linux.oracle.com/errata/ELSA-2019-4746.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", + "https://lkml.org/lkml/2019/5/25/229", + "https://nvd.nist.gov/vuln/detail/CVE-2019-12378", + "https://www.cve.org/CVERecord?id=CVE-2019-12378" + ], + "PublishedDate": "2019-05-28T03:29:00.247Z", + "LastModifiedDate": "2024-11-21T04:22:42.387Z" + }, + { + "VulnerabilityID": "CVE-2019-12379", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12379", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: memory leak in con_insert_unipair in drivers/tty/vt/consolemap.c", + "Description": "An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue", + "Severity": "LOW", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108478", + "https://access.redhat.com/security/cve/CVE-2019-12379", + "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-next\u0026id=84ecc2f6eb1cb12e6d44818f94fa49b50f06e6ac", + "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing\u0026id=15b3cd8ef46ad1b100e0d3c7e38774f330726820", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-12379", + "https://security.netapp.com/advisory/ntap-20190710-0002/", + "https://www.cve.org/CVERecord?id=CVE-2019-12379" + ], + "PublishedDate": "2019-05-28T03:29:00.293Z", + "LastModifiedDate": "2024-11-21T04:22:42.56Z" + }, + { + "VulnerabilityID": "CVE-2019-12380", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12380", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: memory allocation failure in the efi subsystem leads to denial of service", + "Description": "**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.", + "Severity": "LOW", + "CweIDs": [ + "CWE-388" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html", + "http://www.securityfocus.com/bid/108477", + "https://access.redhat.com/security/cve/CVE-2019-12380", + "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e", + "https://linux.oracle.com/cve/CVE-2019-12380.html", + "https://linux.oracle.com/errata/ELSA-2020-5913.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-12380", + "https://security.netapp.com/advisory/ntap-20190710-0002/", + "https://ubuntu.com/security/notices/USN-4414-1", + "https://ubuntu.com/security/notices/USN-4427-1", + "https://ubuntu.com/security/notices/USN-4439-1", + "https://usn.ubuntu.com/4414-1/", + "https://usn.ubuntu.com/4427-1/", + "https://usn.ubuntu.com/4439-1/", + "https://www.cve.org/CVERecord?id=CVE-2019-12380" + ], + "PublishedDate": "2019-05-28T03:29:00.357Z", + "LastModifiedDate": "2024-11-21T04:22:42.717Z" + }, + { + "VulnerabilityID": "CVE-2019-12381", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12381", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: unchecked kmalloc of new_ra in ip_ra_control leads to denial of service", + "Description": "An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/108473", + "https://access.redhat.com/security/cve/CVE-2019-12381", + "https://bugzilla.redhat.com/show_bug.cgi?id=1715501", + "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=425aa0e1d01513437668fa3d4a971168bbaa8515", + "https://linux.oracle.com/cve/CVE-2019-12381.html", + "https://linux.oracle.com/errata/ELSA-2019-4746.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", + "https://lkml.org/lkml/2019/5/25/230", + "https://nvd.nist.gov/vuln/detail/CVE-2019-12381", + "https://www.cve.org/CVERecord?id=CVE-2019-12381" + ], + "PublishedDate": "2019-05-28T03:29:00.403Z", + "LastModifiedDate": "2024-11-21T04:22:42.883Z" + }, + { + "VulnerabilityID": "CVE-2019-12382", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12382", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service", + "Description": "An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html", + "http://www.securityfocus.com/bid/108474", + "https://access.redhat.com/security/cve/CVE-2019-12382", + "https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f", + "https://linux.oracle.com/cve/CVE-2019-12382.html", + "https://linux.oracle.com/errata/ELSA-2020-1016.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", + "https://lkml.org/lkml/2019/5/24/843", + "https://lore.kernel.org/lkml/87o93u7d3s.fsf%40intel.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-12382", + "https://salsa.debian.org/kernel-team/kernel-sec/blob/master/retired/CVE-2019-12382", + "https://www.cve.org/CVERecord?id=CVE-2019-12382" + ], + "PublishedDate": "2019-05-28T03:29:00.467Z", + "LastModifiedDate": "2024-11-21T04:22:43.04Z" + }, + { + "VulnerabilityID": "CVE-2019-12455", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12455", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: null pointer dereference in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c causing denial of service", + "Description": "An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-12455", + "https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3\u0026id=fcdf445ff42f036d22178b49cf64e92d527c1330", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-12455", + "https://security.netapp.com/advisory/ntap-20190710-0002/", + "https://www.cve.org/CVERecord?id=CVE-2019-12455", + "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2010240.html" + ], + "PublishedDate": "2019-05-30T04:29:02.103Z", + "LastModifiedDate": "2024-11-21T04:22:53.21Z" + }, + { + "VulnerabilityID": "CVE-2019-12456", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: double fetch in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c", + "Description": "An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \"double fetch\" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "photon": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html", + "https://access.redhat.com/security/cve/CVE-2019-12456", + "https://bugzilla.redhat.com/show_bug.cgi?id=1717182", + "https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=5.3/scsi-queue\u0026id=86e5aca7fa2927060839f3e3b40c8bd65a7e8d1e", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/", + "https://lkml.org/lkml/2019/5/29/1164", + "https://nvd.nist.gov/vuln/detail/CVE-2019-12456", + "https://support.f5.com/csp/article/K84310302", + "https://support.f5.com/csp/article/K84310302?utm_source=f5support\u0026amp%3Butm_medium=RSS", + "https://www.cve.org/CVERecord?id=CVE-2019-12456" + ], + "PublishedDate": "2019-05-30T14:29:01.89Z", + "LastModifiedDate": "2024-11-21T04:22:53.367Z" + }, + { + "VulnerabilityID": "CVE-2019-16229", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16229", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: null pointer dereference in drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c", + "Description": "drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-16229", + "https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3", + "https://lkml.org/lkml/2019/9/9/487", + "https://nvd.nist.gov/vuln/detail/CVE-2019-16229", + "https://security.netapp.com/advisory/ntap-20191004-0001/", + "https://ubuntu.com/security/notices/USN-4284-1", + "https://ubuntu.com/security/notices/USN-4285-1", + "https://ubuntu.com/security/notices/USN-4287-1", + "https://ubuntu.com/security/notices/USN-4287-2", + "https://usn.ubuntu.com/4284-1/", + "https://usn.ubuntu.com/4285-1/", + "https://usn.ubuntu.com/4287-1/", + "https://usn.ubuntu.com/4287-2/", + "https://www.cve.org/CVERecord?id=CVE-2019-16229" + ], + "PublishedDate": "2019-09-11T16:15:10.957Z", + "LastModifiedDate": "2024-11-21T04:30:19.54Z" + }, + { + "VulnerabilityID": "CVE-2019-16230", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16230", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: null pointer dereference in drivers/gpu/drm/radeon/radeon_display.c", + "Description": "drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-16230", + "https://bugzilla.suse.com/show_bug.cgi?id=1150468", + "https://lkml.org/lkml/2019/9/9/487", + "https://nvd.nist.gov/vuln/detail/CVE-2019-16230", + "https://security.netapp.com/advisory/ntap-20191004-0001/", + "https://www.cve.org/CVERecord?id=CVE-2019-16230" + ], + "PublishedDate": "2019-09-11T16:15:11.13Z", + "LastModifiedDate": "2024-11-21T04:30:19.707Z" + }, + { + "VulnerabilityID": "CVE-2019-16231", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16231", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c", + "Description": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", + "https://access.redhat.com/security/cve/CVE-2019-16231", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=85ac30fa2e24f628e9f4f9344460f4015d33fd7d", + "https://linux.oracle.com/cve/CVE-2019-16231.html", + "https://linux.oracle.com/errata/ELSA-2020-5533.html", + "https://lkml.org/lkml/2019/9/9/487", + "https://lore.kernel.org/lkml/CADJ_3a8WFrs5NouXNqS5WYe7rebFP+_A5CheeqAyD_p7DFJJcg@mail.gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-16231", + "https://security.netapp.com/advisory/ntap-20191004-0001/", + "https://ubuntu.com/security/notices/USN-4225-1", + "https://ubuntu.com/security/notices/USN-4225-2", + "https://ubuntu.com/security/notices/USN-4226-1", + "https://ubuntu.com/security/notices/USN-4227-1", + "https://ubuntu.com/security/notices/USN-4227-2", + "https://ubuntu.com/security/notices/USN-4904-1", + "https://usn.ubuntu.com/4225-1/", + "https://usn.ubuntu.com/4225-2/", + "https://usn.ubuntu.com/4226-1/", + "https://usn.ubuntu.com/4227-1/", + "https://usn.ubuntu.com/4227-2/", + "https://www.cve.org/CVERecord?id=CVE-2019-16231" + ], + "PublishedDate": "2019-09-11T16:15:11.317Z", + "LastModifiedDate": "2024-11-21T04:30:19.863Z" + }, + { + "VulnerabilityID": "CVE-2019-16232", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16232", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: null-pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c", + "Description": "drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html", + "https://access.redhat.com/security/cve/CVE-2019-16232", + "https://linux.oracle.com/cve/CVE-2019-16232.html", + "https://linux.oracle.com/errata/ELSA-2020-5804.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/", + "https://lkml.org/lkml/2019/9/9/487", + "https://nvd.nist.gov/vuln/detail/CVE-2019-16232", + "https://security.netapp.com/advisory/ntap-20191004-0001/", + "https://ubuntu.com/security/notices/USN-4284-1", + "https://ubuntu.com/security/notices/USN-4285-1", + "https://ubuntu.com/security/notices/USN-4287-1", + "https://ubuntu.com/security/notices/USN-4287-2", + "https://ubuntu.com/security/notices/USN-4904-1", + "https://usn.ubuntu.com/4284-1/", + "https://usn.ubuntu.com/4285-1/", + "https://usn.ubuntu.com/4287-1/", + "https://usn.ubuntu.com/4287-2/", + "https://www.cve.org/CVERecord?id=CVE-2019-16232" + ], + "PublishedDate": "2019-09-11T16:15:11.457Z", + "LastModifiedDate": "2024-11-21T04:30:20.023Z" + }, + { + "VulnerabilityID": "CVE-2019-16233", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16233", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c", + "Description": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.1 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", + "https://access.redhat.com/security/cve/CVE-2019-16233", + "https://linux.oracle.com/cve/CVE-2019-16233.html", + "https://linux.oracle.com/errata/ELSA-2020-5508.html", + "https://lkml.org/lkml/2019/9/9/487", + "https://nvd.nist.gov/vuln/detail/CVE-2019-16233", + "https://security.netapp.com/advisory/ntap-20191004-0001/", + "https://ubuntu.com/security/notices/USN-4226-1", + "https://ubuntu.com/security/notices/USN-4227-1", + "https://ubuntu.com/security/notices/USN-4227-2", + "https://ubuntu.com/security/notices/USN-4346-1", + "https://usn.ubuntu.com/4226-1/", + "https://usn.ubuntu.com/4227-1/", + "https://usn.ubuntu.com/4227-2/", + "https://usn.ubuntu.com/4346-1/", + "https://www.cve.org/CVERecord?id=CVE-2019-16233" + ], + "PublishedDate": "2019-09-11T16:15:11.647Z", + "LastModifiedDate": "2024-11-21T04:30:20.19Z" + }, + { + "VulnerabilityID": "CVE-2019-16234", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16234", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c", + "Description": "drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.7, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html", + "https://access.redhat.com/security/cve/CVE-2019-16234", + "https://linux.oracle.com/cve/CVE-2019-16234.html", + "https://linux.oracle.com/errata/ELSA-2020-5804.html", + "https://lkml.org/lkml/2019/9/9/487", + "https://lore.kernel.org/lkml/CADJ_3a8WFrs5NouXNqS5WYe7rebFP+_A5CheeqAyD_p7DFJJcg@mail.gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-16234", + "https://security.netapp.com/advisory/ntap-20191004-0001/", + "https://ubuntu.com/security/notices/USN-4342-1", + "https://ubuntu.com/security/notices/USN-4344-1", + "https://ubuntu.com/security/notices/USN-4345-1", + "https://ubuntu.com/security/notices/USN-4346-1", + "https://usn.ubuntu.com/4342-1/", + "https://usn.ubuntu.com/4344-1/", + "https://usn.ubuntu.com/4345-1/", + "https://usn.ubuntu.com/4346-1/", + "https://www.cve.org/CVERecord?id=CVE-2019-16234" + ], + "PublishedDate": "2019-09-11T16:15:11.77Z", + "LastModifiedDate": "2024-11-21T04:30:20.35Z" + }, + { + "VulnerabilityID": "CVE-2019-19070", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19070", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c allows for a DoS", + "Description": "A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began", + "Severity": "LOW", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-19070", + "https://bugzilla.suse.com/show_bug.cgi?id=1157294", + "https://github.com/torvalds/linux/commit/d3b0ffa1d75d5305ebe34735598993afbb8a869d", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", + "https://nvd.nist.gov/vuln/detail/CVE-2019-19070", + "https://www.cve.org/CVERecord?id=CVE-2019-19070" + ], + "PublishedDate": "2019-11-18T06:15:12.983Z", + "LastModifiedDate": "2024-11-21T04:34:07.783Z" + }, + { + "VulnerabilityID": "CVE-2019-19378", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19378", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c", + "Description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-19378", + "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378", + "https://nvd.nist.gov/vuln/detail/CVE-2019-19378", + "https://security.netapp.com/advisory/ntap-20200103-0001/", + "https://www.cve.org/CVERecord?id=CVE-2019-19378" + ], + "PublishedDate": "2019-11-29T17:15:11.84Z", + "LastModifiedDate": "2024-11-21T04:34:40.707Z" + }, + { + "VulnerabilityID": "CVE-2020-11725", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-11725", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: improper handling of private_size*count multiplication due to count=info-\u003eowner typo", + "Description": "snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u003eowner line, which later affects a private_size*count multiplication for unspecified \"interesting side effects.\" NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u003eowner field to represent data unrelated to the \"owner\" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u003eowner field in a safe way", + "Severity": "LOW", + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-11725", + "https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474", + "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai%40suse.de/", + "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/", + "https://nvd.nist.gov/vuln/detail/CVE-2020-11725", + "https://twitter.com/yabbadabbadrew/status/1248632267028582400", + "https://www.cve.org/CVERecord?id=CVE-2020-11725" + ], + "PublishedDate": "2020-04-12T22:15:11.9Z", + "LastModifiedDate": "2024-11-21T04:58:29.453Z" + }, + { + "VulnerabilityID": "CVE-2020-35501", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35501", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability", + "Description": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem", + "Severity": "LOW", + "CweIDs": [ + "CWE-863" + ], + "VendorSeverity": { + "cbl-mariner": 1, + "debian": 1, + "nvd": 1, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 3.6, + "V3Score": 3.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 3.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-35501", + "https://bugzilla.redhat.com/show_bug.cgi?id=1908577", + "https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-35501", + "https://www.cve.org/CVERecord?id=CVE-2020-35501", + "https://www.openwall.com/lists/oss-security/2021/02/18/1" + ], + "PublishedDate": "2022-03-30T16:15:08.673Z", + "LastModifiedDate": "2024-11-21T05:27:26.22Z" + }, + { + "VulnerabilityID": "CVE-2021-26934", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-26934", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...", + "Description": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", + "Severity": "LOW", + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + } + }, + "References": [ + "http://xenbits.xen.org/xsa/advisory-363.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-26934", + "https://security.netapp.com/advisory/ntap-20210326-0001/", + "https://www.cve.org/CVERecord?id=CVE-2021-26934", + "https://www.openwall.com/lists/oss-security/2021/02/16/2", + "https://xenbits.xen.org/xsa/advisory-363.html" + ], + "PublishedDate": "2021-02-17T02:15:13.143Z", + "LastModifiedDate": "2024-11-21T05:57:04.8Z" + }, + { + "VulnerabilityID": "CVE-2021-3714", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3714", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Remote Page Deduplication Attacks", + "Description": "A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3714", + "https://arxiv.org/abs/2111.08553", + "https://arxiv.org/pdf/2111.08553.pdf", + "https://bugzilla.redhat.com/show_bug.cgi?id=1931327", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3714", + "https://www.cve.org/CVERecord?id=CVE-2021-3714" + ], + "PublishedDate": "2022-08-23T16:15:09.6Z", + "LastModifiedDate": "2024-11-21T06:22:13.803Z" + }, + { + "VulnerabilityID": "CVE-2022-0400", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0400", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Out of bounds read in the smc protocol stack", + "Description": "An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0400", + "https://bugzilla.redhat.com/show_bug.cgi?id=2040604", + "https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044575", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0400", + "https://www.cve.org/CVERecord?id=CVE-2022-0400" + ], + "PublishedDate": "2022-08-29T15:15:09.423Z", + "LastModifiedDate": "2024-11-21T06:38:32.81Z" + }, + { + "VulnerabilityID": "CVE-2022-1247", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1247", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: A race condition bug in rose_connect()", + "Description": "An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u003euse to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-1247", + "https://bugzilla.redhat.com/show_bug.cgi?id=2066799", + "https://lore.kernel.org/all/20220711013111.33183-1-duoming@zju.edu.cn/", + "https://lore.kernel.org/all/cover.1656031586.git.duoming@zju.edu.cn/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1247", + "https://www.cve.org/CVERecord?id=CVE-2022-1247" + ], + "PublishedDate": "2022-08-31T16:15:09.177Z", + "LastModifiedDate": "2024-11-21T06:40:20.19Z" + }, + { + "VulnerabilityID": "CVE-2022-25265", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25265", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Executable Space Protection Bypass", + "Description": "In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-913" + ], + "VendorSeverity": { + "alma": 3, + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.4, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2951", + "https://access.redhat.com/security/cve/CVE-2022-25265", + "https://bugzilla.redhat.com/2055499", + "https://bugzilla.redhat.com/2061703", + "https://bugzilla.redhat.com/2078466", + "https://bugzilla.redhat.com/2084125", + "https://bugzilla.redhat.com/2085300", + "https://bugzilla.redhat.com/2090723", + "https://bugzilla.redhat.com/2108691", + "https://bugzilla.redhat.com/2108696", + "https://bugzilla.redhat.com/2114937", + "https://bugzilla.redhat.com/2122228", + "https://bugzilla.redhat.com/2122960", + "https://bugzilla.redhat.com/2123056", + "https://bugzilla.redhat.com/2124788", + "https://bugzilla.redhat.com/2127985", + "https://bugzilla.redhat.com/2130141", + "https://bugzilla.redhat.com/2133483", + "https://bugzilla.redhat.com/2134377", + "https://bugzilla.redhat.com/2134451", + "https://bugzilla.redhat.com/2134506", + "https://bugzilla.redhat.com/2134517", + "https://bugzilla.redhat.com/2134528", + "https://bugzilla.redhat.com/2137979", + "https://bugzilla.redhat.com/2143893", + "https://bugzilla.redhat.com/2143943", + "https://bugzilla.redhat.com/2144720", + "https://bugzilla.redhat.com/2150947", + "https://bugzilla.redhat.com/2150960", + "https://bugzilla.redhat.com/2150979", + "https://bugzilla.redhat.com/2150999", + "https://bugzilla.redhat.com/2151270", + "https://bugzilla.redhat.com/2154171", + "https://bugzilla.redhat.com/2154235", + "https://bugzilla.redhat.com/2160023", + "https://bugzilla.redhat.com/2162120", + "https://bugzilla.redhat.com/2165721", + "https://bugzilla.redhat.com/2168246", + "https://bugzilla.redhat.com/2168297", + "https://bugzilla.redhat.com/2176192", + "https://bugzilla.redhat.com/2180936", + "https://errata.almalinux.org/8/ALSA-2023-2951.html", + "https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294", + "https://github.com/x0reaxeax/exec-prot-bypass", + "https://linux.oracle.com/cve/CVE-2022-25265.html", + "https://linux.oracle.com/errata/ELSA-2023-2951.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-25265", + "https://security.netapp.com/advisory/ntap-20220318-0005/", + "https://www.cve.org/CVERecord?id=CVE-2022-25265" + ], + "PublishedDate": "2022-02-16T21:15:08.017Z", + "LastModifiedDate": "2024-11-21T06:51:54.567Z" + }, + { + "VulnerabilityID": "CVE-2022-2961", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2961", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: race condition in rose_bind()", + "Description": "A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.", + "Severity": "LOW", + "CweIDs": [ + "CWE-416", + "CWE-362" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-2961", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2961", + "https://security.netapp.com/advisory/ntap-20230214-0004/", + "https://www.cve.org/CVERecord?id=CVE-2022-2961" + ], + "PublishedDate": "2022-08-29T15:15:10.81Z", + "LastModifiedDate": "2024-11-21T07:01:59.55Z" + }, + { + "VulnerabilityID": "CVE-2022-3238", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously", + "Description": "A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.", + "Severity": "LOW", + "CweIDs": [ + "CWE-459", + "CWE-415" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-3238", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127927", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3238", + "https://www.cve.org/CVERecord?id=CVE-2022-3238" + ], + "PublishedDate": "2022-11-14T21:15:16.163Z", + "LastModifiedDate": "2025-05-01T14:15:27.813Z" + }, + { + "VulnerabilityID": "CVE-2022-41848", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41848", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: Race condition between mgslpc_ioctl and mgslpc_detach", + "Description": "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41848", + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c", + "https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270", + "https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41848", + "https://www.cve.org/CVERecord?id=CVE-2022-41848" + ], + "PublishedDate": "2022-09-30T06:15:11.58Z", + "LastModifiedDate": "2025-05-20T20:15:27.49Z" + }, + { + "VulnerabilityID": "CVE-2022-44032", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44032", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Kernel: Race between cmm_open() and cm4000_detach() result in UAF", + "Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-44032", + "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", + "https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/", + "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/", + "https://lore.kernel.org/lkml/20220919040701.GA302806%40ubuntu/", + "https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-44032", + "https://www.cve.org/CVERecord?id=CVE-2022-44032" + ], + "PublishedDate": "2022-10-30T01:15:08.823Z", + "LastModifiedDate": "2024-11-21T07:27:34.457Z" + }, + { + "VulnerabilityID": "CVE-2022-44033", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44033", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Kernel: A race condition between cm4040_open() and reader_detach() may result in UAF", + "Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-44033", + "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", + "https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/", + "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/", + "https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/", + "https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-44033", + "https://www.cve.org/CVERecord?id=CVE-2022-44033" + ], + "PublishedDate": "2022-10-30T01:15:08.88Z", + "LastModifiedDate": "2024-11-21T07:27:34.69Z" + }, + { + "VulnerabilityID": "CVE-2022-4543", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4543", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: KASLR Prefetch Bypass Breaks KPTI", + "Description": "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200", + "CWE-203" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-4543", + "https://github.com/KSPP/linux/issues/361", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4543", + "https://www.cve.org/CVERecord?id=CVE-2022-4543", + "https://www.openwall.com/lists/oss-security/2022/12/16/3", + "https://www.willsroot.io/2022/12/entrybleed.html" + ], + "PublishedDate": "2023-01-11T15:15:09.673Z", + "LastModifiedDate": "2024-11-21T07:35:27.5Z" + }, + { + "VulnerabilityID": "CVE-2022-45884", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45884", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: use-after-free due to race condition occurring in dvb_register_device()", + "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:7549", + "https://access.redhat.com/security/cve/CVE-2022-45884", + "https://bugzilla.redhat.com/2148510", + "https://bugzilla.redhat.com/2148517", + "https://bugzilla.redhat.com/2151956", + "https://bugzilla.redhat.com/2154178", + "https://bugzilla.redhat.com/2224048", + "https://bugzilla.redhat.com/2240249", + "https://bugzilla.redhat.com/2241924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2148510", + "https://bugzilla.redhat.com/show_bug.cgi?id=2148517", + "https://bugzilla.redhat.com/show_bug.cgi?id=2151956", + "https://bugzilla.redhat.com/show_bug.cgi?id=2154178", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224048", + "https://bugzilla.redhat.com/show_bug.cgi?id=2240249", + "https://bugzilla.redhat.com/show_bug.cgi?id=2241924", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178", + "https://errata.almalinux.org/8/ALSA-2023-7549.html", + "https://errata.rockylinux.org/RLSA-2023:7549", + "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3", + "https://linux.oracle.com/cve/CVE-2022-45884.html", + "https://linux.oracle.com/errata/ELSA-2023-7549.html", + "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45884", + "https://security.netapp.com/advisory/ntap-20230113-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-45884" + ], + "PublishedDate": "2022-11-25T04:15:09.18Z", + "LastModifiedDate": "2024-11-21T07:29:53.337Z" + }, + { + "VulnerabilityID": "CVE-2022-45885", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45885", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: use-after-free due to race condition occurring in dvb_frontend.c", + "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362", + "CWE-416" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-45885", + "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f", + "https://linux.oracle.com/cve/CVE-2022-45885.html", + "https://linux.oracle.com/errata/ELSA-2023-12207.html", + "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/", + "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/", + "https://lore.kernel.org/linux-media/20221117045925.14297-2-imv4bel@gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45885", + "https://security.netapp.com/advisory/ntap-20230113-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-45885" + ], + "PublishedDate": "2022-11-25T04:15:09.23Z", + "LastModifiedDate": "2025-04-29T14:15:28.103Z" + }, + { + "VulnerabilityID": "CVE-2023-23039", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-23039", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: tty: vcc: race condition leading to use-after-free in vcc_open()", + "Description": "An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-23039", + "https://lkml.org/lkml/2023/1/1/169", + "https://nvd.nist.gov/vuln/detail/CVE-2023-23039", + "https://www.cve.org/CVERecord?id=CVE-2023-23039" + ], + "PublishedDate": "2023-02-22T17:15:11.997Z", + "LastModifiedDate": "2025-03-20T21:15:17.85Z" + }, + { + "VulnerabilityID": "CVE-2023-26242", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26242", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...", + "Description": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1208518", + "https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-26242", + "https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com", + "https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/", + "https://security.netapp.com/advisory/ntap-20230406-0002/", + "https://www.cve.org/CVERecord?id=CVE-2023-26242" + ], + "PublishedDate": "2023-02-21T01:15:11.423Z", + "LastModifiedDate": "2025-05-05T16:15:31.123Z" + }, + { + "VulnerabilityID": "CVE-2023-31081", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31081", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_brid ...", + "Description": "An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb-\u003emux=NULL occurs, it executes vidtv_mux_stop_thread(dvb-\u003emux).", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1210782", + "https://lore.kernel.org/all/CA+UBctDXyiosaiR7YNKCs8k0aWu4gU+YutRcnC+TDJkXpHjQag%40mail.gmail.com/", + "https://security.netapp.com/advisory/ntap-20230929-0003/" + ], + "PublishedDate": "2023-04-24T06:15:07.447Z", + "LastModifiedDate": "2025-02-04T20:15:48.993Z" + }, + { + "VulnerabilityID": "CVE-2023-31085", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31085", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: divide-by-zero error in ctrl_cdev_ioctl when do_div happens and erasesize is 0", + "Description": "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd-\u003eerasesize), used indirectly by ctrl_cdev_ioctl, when mtd-\u003eerasesize is 0.", + "Severity": "LOW", + "CweIDs": [ + "CWE-369" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-31085", + "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=017c73a34a661a861712f7cc1393a123e5b2208c", + "https://lore.kernel.org/all/20230831111100.26862-1-jack@suse.cz/T/#u", + "https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra%40nod.at/", + "https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31085", + "https://patchwork.ozlabs.org/project/linux-mtd/patch/20230423111041.684297-1-chengzhihao1@huawei.com/", + "https://security.netapp.com/advisory/ntap-20230929-0003/", + "https://ubuntu.com/security/notices/USN-6461-1", + "https://ubuntu.com/security/notices/USN-6494-1", + "https://ubuntu.com/security/notices/USN-6494-2", + "https://ubuntu.com/security/notices/USN-6495-1", + "https://ubuntu.com/security/notices/USN-6495-2", + "https://ubuntu.com/security/notices/USN-6496-1", + "https://ubuntu.com/security/notices/USN-6496-2", + "https://ubuntu.com/security/notices/USN-6502-1", + "https://ubuntu.com/security/notices/USN-6502-2", + "https://ubuntu.com/security/notices/USN-6502-3", + "https://ubuntu.com/security/notices/USN-6502-4", + "https://ubuntu.com/security/notices/USN-6503-1", + "https://ubuntu.com/security/notices/USN-6516-1", + "https://ubuntu.com/security/notices/USN-6520-1", + "https://ubuntu.com/security/notices/USN-6532-1", + "https://ubuntu.com/security/notices/USN-6537-1", + "https://ubuntu.com/security/notices/USN-6572-1", + "https://www.cve.org/CVERecord?id=CVE-2023-31085" + ], + "PublishedDate": "2023-04-24T06:15:08.093Z", + "LastModifiedDate": "2024-11-21T08:01:23.17Z" + }, + { + "VulnerabilityID": "CVE-2023-3640", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3640", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space", + "Description": "A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6583", + "https://access.redhat.com/security/cve/CVE-2023-3640", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217523", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3640", + "https://www.cve.org/CVERecord?id=CVE-2023-3640" + ], + "PublishedDate": "2023-07-24T16:15:13.063Z", + "LastModifiedDate": "2025-04-15T12:15:17.84Z" + }, + { + "VulnerabilityID": "CVE-2024-0564", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0564", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication", + "Description": "A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is \"max page sharing=256\", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's \"max page share\". Through these operations, the attacker can leak the victim's page.", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-0564", + "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258514", + "https://link.springer.com/conference/wisa", + "https://nvd.nist.gov/vuln/detail/CVE-2024-0564", + "https://wisa.or.kr/accepted", + "https://www.cve.org/CVERecord?id=CVE-2024-0564" + ], + "PublishedDate": "2024-01-30T15:15:08.687Z", + "LastModifiedDate": "2024-11-25T09:15:05.7Z" + }, + { + "VulnerabilityID": "CVE-2025-37880", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37880", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: um: work around sched_yield not yielding in time-travel mode", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: work around sched_yield not yielding in time-travel mode\n\nsched_yield by a userspace may not actually cause scheduling in\ntime-travel mode as no time has passed. In the case seen it appears to\nbe a badly implemented userspace spinlock in ASAN. Unfortunately, with\ntime-travel it causes an extreme slowdown or even deadlock depending on\nthe kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS).\n\nWork around it by accounting time to the process whenever it executes a\nsched_yield syscall.", + "Severity": "LOW", + "VendorSeverity": { + "oracle-oval": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37880", + "https://git.kernel.org/linus/887c5c12e80c8424bd471122d2e8b6b462e12874 (6.15-rc1)", + "https://git.kernel.org/stable/c/887c5c12e80c8424bd471122d2e8b6b462e12874", + "https://git.kernel.org/stable/c/990ddc65173776f1e01e7135d8c1fd5f8fd4d5d2", + "https://git.kernel.org/stable/c/da780c4a075ba2deb05ae29f0af4a990578c7901", + "https://linux.oracle.com/cve/CVE-2025-37880.html", + "https://linux.oracle.com/errata/ELSA-2025-20480.html", + "https://lore.kernel.org/linux-cve-announce/2025050943-CVE-2025-37880-3f3c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37880", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-37880" + ], + "PublishedDate": "2025-05-09T07:16:09.257Z", + "LastModifiedDate": "2025-05-18T07:15:19.287Z" + }, + { + "VulnerabilityID": "CVE-2025-37984", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37984", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation's -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().", + "Severity": "LOW", + "VendorSeverity": { + "amazon": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-37984", + "https://git.kernel.org/linus/b16510a530d1e6ab9683f04f8fb34f2e0f538275 (6.15-rc1)", + "https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1", + "https://git.kernel.org/stable/c/b16510a530d1e6ab9683f04f8fb34f2e0f538275", + "https://git.kernel.org/stable/c/f02f0218be412cff1c844addf58e002071be298b", + "https://git.kernel.org/stable/c/f2133b849ff273abddb6da622daddd8f6f6fa448", + "https://lore.kernel.org/linux-cve-announce/2025052037-CVE-2025-37984-be4c@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-37984", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-37984" + ], + "PublishedDate": "2025-05-20T18:15:45.253Z", + "LastModifiedDate": "2025-07-25T14:15:31.667Z" + }, + { + "VulnerabilityID": "CVE-2025-40325", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40325", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: md/raid10: wait barrier before returning discard request with REQ_NOWAIT", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: wait barrier before returning discard request with REQ_NOWAIT\n\nraid10_handle_discard should wait barrier before returning a discard bio\nwhich has REQ_NOWAIT. And there is no need to print warning calltrace\nif a discard bio has REQ_NOWAIT flag. Quality engineer usually checks\ndmesg and reports error if dmesg has warning/error calltrace.", + "Severity": "LOW", + "VendorSeverity": { + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-40325", + "https://git.kernel.org/linus/3db4404435397a345431b45f57876a3df133f3b4 (6.15-rc1)", + "https://git.kernel.org/stable/c/31d3156efe909b53ba174861a3da880c688f5edc", + "https://git.kernel.org/stable/c/3db4404435397a345431b45f57876a3df133f3b4", + "https://lore.kernel.org/linux-cve-announce/2025041822-CVE-2025-40325-3cc4@gregkh/T", + "https://nvd.nist.gov/vuln/detail/CVE-2025-40325", + "https://ubuntu.com/security/notices/USN-7594-1", + "https://ubuntu.com/security/notices/USN-7594-2", + "https://ubuntu.com/security/notices/USN-7594-3", + "https://www.cve.org/CVERecord?id=CVE-2025-40325" + ], + "PublishedDate": "2025-04-18T07:15:44.87Z", + "LastModifiedDate": "2025-04-21T14:23:45.95Z" + }, + { + "VulnerabilityID": "TEMP-0000000-F7A20F", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0000000-F7A20F", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[Kernel: Unprivileged user can freeze journald]", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1 + } + }, + { + "VulnerabilityID": "CVE-2024-36331", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36331", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[x86/sev: Evict cache lines during SNP memory validation]", + "Severity": "UNKNOWN" + }, + { + "VulnerabilityID": "CVE-2025-27558", + "VendorIDs": [ + "DSA-5975-1" + ], + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "FixedVersion": "6.12.41-1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27558", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh n ...", + "Description": "IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.", + "Severity": "UNKNOWN", + "CweIDs": [ + "CWE-345" + ], + "References": [ + "https://github.com/vanhoefm/fragattacks-survey-public/blob/main/README.md" + ], + "PublishedDate": "2025-05-21T19:16:08.2Z", + "LastModifiedDate": "2025-05-22T19:15:43.79Z" + }, + { + "VulnerabilityID": "CVE-2025-38501", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38501", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: k ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: limit repeated connections from clients with the same IP\n\nRepeated connections from clients with the same IP address may exhaust\nthe max connections and prevent other normal client connections.\nThis patch limit repeated connections from clients with the same IP.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/6073afe64510c302b7a0683a01e32c012eff715d", + "https://git.kernel.org/stable/c/7e5d91d3e6c62a9755b36f29c35288f06c3cd86b", + "https://git.kernel.org/stable/c/cb092fc3a62972a4aa47c9fe356c2c6a01cd840b", + "https://git.kernel.org/stable/c/e6bb9193974059ddbb0ce7763fa3882bd60d4dc3", + "https://git.kernel.org/stable/c/f1ce9258bcbce2491f9f71f7882b6eed0b33ec65", + "https://git.kernel.org/stable/c/fa1c47af4ff641cf9197ecdb1f8240cbb30389c1" + ], + "PublishedDate": "2025-08-16T06:15:27.923Z", + "LastModifiedDate": "2025-08-16T06:15:27.923Z" + }, + { + "VulnerabilityID": "CVE-2025-38502", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38502", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: b ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix oob access in cgroup local storage\n\nLonial reported that an out-of-bounds access in cgroup local storage\ncan be crafted via tail calls. Given two programs each utilizing a\ncgroup local storage with a different value size, and one program\ndoing a tail call into the other. The verifier will validate each of\nthe indivial programs just fine. However, in the runtime context\nthe bpf_cg_run_ctx holds an bpf_prog_array_item which contains the\nBPF program as well as any cgroup local storage flavor the program\nuses. Helpers such as bpf_get_local_storage() pick this up from the\nruntime context:\n\n ctx = container_of(current-\u003ebpf_ctx, struct bpf_cg_run_ctx, run_ctx);\n storage = ctx-\u003eprog_item-\u003ecgroup_storage[stype];\n\n if (stype == BPF_CGROUP_STORAGE_SHARED)\n ptr = \u0026READ_ONCE(storage-\u003ebuf)-\u003edata[0];\n else\n ptr = this_cpu_ptr(storage-\u003epercpu_buf);\n\nFor the second program which was called from the originally attached\none, this means bpf_get_local_storage() will pick up the former\nprogram's map, not its own. With mismatching sizes, this can result\nin an unintended out-of-bounds access.\n\nTo fix this issue, we need to extend bpf_map_owner with an array of\nstorage_cookie[] to match on i) the exact maps from the original\nprogram if the second program was using bpf_get_local_storage(), or\nii) allow the tail call combination if the second program was not\nusing any of the cgroup local storage maps.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/19341d5c59e8c7e8528e40f8663e99d67810473c", + "https://git.kernel.org/stable/c/abad3d0bad72a52137e0c350c59542d75ae4f513" + ], + "PublishedDate": "2025-08-16T10:15:25.653Z", + "LastModifiedDate": "2025-08-16T10:15:25.653Z" + }, + { + "VulnerabilityID": "CVE-2025-38503", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38503", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: b ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion when building free space tree\n\nWhen building the free space tree with the block group tree feature\nenabled, we can hit an assertion failure like this:\n\n BTRFS info (device loop0 state M): rebuilding free space tree\n assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1102!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Modules linked in:\n CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n sp : ffff8000a4ce7600\n x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8\n x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001\n x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160\n x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff\n x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0\n x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff\n x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00\n x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001\n x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0\n x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e\n Call trace:\n populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P)\n btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337\n btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074\n btrfs_remount_rw fs/btrfs/super.c:1319 [inline]\n btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543\n reconfigure_super+0x1d4/0x6f0 fs/super.c:1083\n do_remount fs/namespace.c:3365 [inline]\n path_mount+0xb34/0xde0 fs/namespace.c:4200\n do_mount fs/namespace.c:4221 [inline]\n __do_sys_mount fs/namespace.c:4432 [inline]\n __se_sys_mount fs/namespace.c:4409 [inline]\n __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n Code: f0047182 91178042 528089c3 9771d47b (d4210000)\n ---[ end trace 0000000000000000 ]---\n\nThis happens because we are processing an empty block group, which has\nno extents allocated from it, there are no items for this block group,\nincluding the block group item since block group items are stored in a\ndedicated tree when using the block group tree feature. It also means\nthis is the block group with the highest start offset, so there are no\nhigher keys in the extent root, hence btrfs_search_slot_for_read()\nreturns 1 (no higher key found).\n\nFix this by asserting 'ret' is 0 only if the block group tree feature\nis not enabled, in which case we should find a block group item for\nthe block group since it's stored in the extent root and block group\nitem keys are greater than extent item keys (the value for\nBTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and\nBTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively).\nIn case 'ret' is 1, we just need to add a record to the free space\ntree which spans the whole block group, and we can achieve this by\nmaking 'ret == 0' as the while loop's condition.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/0bcc14f36c7ad37121cf5c0ae18cdde5bfad9c4e", + "https://git.kernel.org/stable/c/1961d20f6fa8903266ed9bd77c691924c22c8f02", + "https://git.kernel.org/stable/c/6bbe6530b1db7b4365ce9e86144c18c5d73b2c5b", + "https://git.kernel.org/stable/c/7c77df23324f60bcff0ea44392e2c82e9486640c", + "https://git.kernel.org/stable/c/f4428b2d4c68732653e93f748f538bdee639ff80" + ], + "PublishedDate": "2025-08-16T11:15:42.373Z", + "LastModifiedDate": "2025-08-16T11:15:42.373Z" + }, + { + "VulnerabilityID": "CVE-2025-38505", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38505", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: w ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: discard erroneous disassoc frames on STA interface\n\nWhen operating in concurrent STA/AP mode with host MLME enabled,\nthe firmware incorrectly sends disassociation frames to the STA\ninterface when clients disconnect from the AP interface.\nThis causes kernel warnings as the STA interface processes\ndisconnect events that don't apply to it:\n\n[ 1303.240540] WARNING: CPU: 0 PID: 513 at net/wireless/mlme.c:141 cfg80211_process_disassoc+0x78/0xec [cfg80211]\n[ 1303.250861] Modules linked in: 8021q garp stp mrp llc rfcomm bnep btnxpuart nls_iso8859_1 nls_cp437 onboard_us\n[ 1303.327651] CPU: 0 UID: 0 PID: 513 Comm: kworker/u9:2 Not tainted 6.16.0-rc1+ #3 PREEMPT\n[ 1303.335937] Hardware name: Toradex Verdin AM62 WB on Verdin Development Board (DT)\n[ 1303.343588] Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex]\n[ 1303.350856] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1303.357904] pc : cfg80211_process_disassoc+0x78/0xec [cfg80211]\n[ 1303.364065] lr : cfg80211_process_disassoc+0x70/0xec [cfg80211]\n[ 1303.370221] sp : ffff800083053be0\n[ 1303.373590] x29: ffff800083053be0 x28: 0000000000000000 x27: 0000000000000000\n[ 1303.380855] x26: 0000000000000000 x25: 00000000ffffffff x24: ffff000002c5b8ae\n[ 1303.388120] x23: ffff000002c5b884 x22: 0000000000000001 x21: 0000000000000008\n[ 1303.395382] x20: ffff000002c5b8ae x19: ffff0000064dd408 x18: 0000000000000006\n[ 1303.402646] x17: 3a36333a61623a30 x16: 32206d6f72662063 x15: ffff800080bfe048\n[ 1303.409910] x14: ffff000003625300 x13: 0000000000000001 x12: 0000000000000000\n[ 1303.417173] x11: 0000000000000002 x10: ffff000003958600 x9 : ffff000003625300\n[ 1303.424434] x8 : ffff00003fd9ef40 x7 : ffff0000039fc280 x6 : 0000000000000002\n[ 1303.431695] x5 : ffff0000038976d4 x4 : 0000000000000000 x3 : 0000000000003186\n[ 1303.438956] x2 : 000000004836ba20 x1 : 0000000000006986 x0 : 00000000d00479de\n[ 1303.446221] Call trace:\n[ 1303.448722] cfg80211_process_disassoc+0x78/0xec [cfg80211] (P)\n[ 1303.454894] cfg80211_rx_mlme_mgmt+0x64/0xf8 [cfg80211]\n[ 1303.460362] mwifiex_process_mgmt_packet+0x1ec/0x460 [mwifiex]\n[ 1303.466380] mwifiex_process_sta_rx_packet+0x1bc/0x2a0 [mwifiex]\n[ 1303.472573] mwifiex_handle_rx_packet+0xb4/0x13c [mwifiex]\n[ 1303.478243] mwifiex_rx_work_queue+0x158/0x198 [mwifiex]\n[ 1303.483734] process_one_work+0x14c/0x28c\n[ 1303.487845] worker_thread+0x2cc/0x3d4\n[ 1303.491680] kthread+0x12c/0x208\n[ 1303.495014] ret_from_fork+0x10/0x20\n\nAdd validation in the STA receive path to verify that disassoc/deauth\nframes originate from the connected AP. Frames that fail this check\nare discarded early, preventing them from reaching the MLME layer and\ntriggering WARN_ON().\n\nThis filtering logic is similar with that used in the\nieee80211_rx_mgmt_disassoc() function in mac80211, which drops\ndisassoc frames that don't match the current BSSID\n(!ether_addr_equal(mgmt-\u003ebssid, sdata-\u003evif.cfg.ap_addr)), ensuring\nonly relevant frames are processed.\n\nTested on:\n- 8997 with FW 16.68.1.p197", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/3b602ddc0df723992721b0d286c90c9bdd755b34", + "https://git.kernel.org/stable/c/52654cebaac23dae31a9c97ae0da5be649f1ab4d", + "https://git.kernel.org/stable/c/a963819a121f5dd61e0b39934d8b5dec529da96a" + ], + "PublishedDate": "2025-08-16T11:15:43.407Z", + "LastModifiedDate": "2025-08-16T11:15:43.407Z" + }, + { + "VulnerabilityID": "CVE-2025-38506", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38506", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: K ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Allow CPU to reschedule while setting per-page memory attributes\n\nWhen running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),\nthe host can experience CPU soft lockups when running an operation in\nkvm_vm_set_mem_attributes() to set memory attributes on the whole\nrange of guest memory.\n\nwatchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]\nCPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)\nHardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024\nRIP: 0010:xas_create+0x78/0x1f0\nCode: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 \u003c74\u003e 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87\nRSP: 0018:ffffad890a34b940 EFLAGS: 00000286\nRAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000\nRDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868\nR13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868\nFS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n xas_store+0x58/0x630\n __xa_store+0xa5/0x130\n xa_store+0x2c/0x50\n kvm_vm_set_mem_attributes+0x343/0x710 [kvm]\n kvm_vm_ioctl+0x796/0xab0 [kvm]\n __x64_sys_ioctl+0xa3/0xd0\n do_syscall_64+0x8c/0x7a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f5578d031bb\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb\nRDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b\nRBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000\nR10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120\nR13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0\n\nWhile looping through the range of memory setting the attributes,\ncall cond_resched() to give the scheduler a chance to run a higher\npriority task on the runqueue if necessary and avoid staying in\nkernel mode long enough to trigger the lockup.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/1ef45ae7a3938f0844032ba670b4f89180a5bffc", + "https://git.kernel.org/stable/c/47bb584237cc285e3a860b70c01f7bda9dcfb05b", + "https://git.kernel.org/stable/c/d9bd1163c8d8f716f45e54d034ee28757cc85549" + ], + "PublishedDate": "2025-08-16T11:15:43.527Z", + "LastModifiedDate": "2025-08-16T11:15:43.527Z" + }, + { + "VulnerabilityID": "CVE-2025-38507", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38507", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: H ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: avoid bluetooth suspend/resume stalls\n\nEnsure we don't stall or panic the kernel when using bluetooth-connected\ncontrollers. This was reported as an issue on android devices using\nkernel 6.6 due to the resume hook which had been added for usb joycons.\n\nFirst, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a\nnewly-added nintendo_hid_suspend. This makes sure we will not stall out\nthe kernel waiting for input reports during led classdev suspend. The\nstalls could happen if connectivity is unreliable or lost to the\ncontroller prior to suspend.\n\nSecond, since we lose connectivity during suspend, do not try\njoycon_init() for bluetooth controllers in the nintendo_hid_resume path.\n\nTested via multiple suspend/resume flows when using the controller both\nin USB and bluetooth modes.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/4a0381080397e77792a5168069f174d3e56175ff", + "https://git.kernel.org/stable/c/72cb7eef06a5cde42b324dea85fa11fd5bb6a08a", + "https://git.kernel.org/stable/c/7b4a026313529a487821ef6ab494a61f12c1db08" + ], + "PublishedDate": "2025-08-16T11:15:43.653Z", + "LastModifiedDate": "2025-08-16T11:15:43.653Z" + }, + { + "VulnerabilityID": "CVE-2025-38510", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38510", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: k ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: remove kasan_find_vm_area() to prevent possible deadlock\n\nfind_vm_area() couldn't be called in atomic_context. If find_vm_area() is\ncalled to reports vm area information, kasan can trigger deadlock like:\n\nCPU0 CPU1\nvmalloc();\n alloc_vmap_area();\n spin_lock(\u0026vn-\u003ebusy.lock)\n spin_lock_bh(\u0026some_lock);\n \u003cinterrupt occurs\u003e\n \u003cin softirq\u003e\n spin_lock(\u0026some_lock);\n \u003caccess invalid address\u003e\n kasan_report();\n print_report();\n print_address_description();\n kasan_find_vm_area();\n find_vm_area();\n spin_lock(\u0026vn-\u003ebusy.lock) // deadlock!\n\nTo prevent possible deadlock while kasan reports, remove kasan_find_vm_area().", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/0c3566d831def922cd56322c772a7b20d8b0e0c0", + "https://git.kernel.org/stable/c/2d89dab1ea6086e6cbe6fe92531b496fb6808cb9", + "https://git.kernel.org/stable/c/595f78d99b9051600233c0a5c4c47e1097e6ed01", + "https://git.kernel.org/stable/c/6ee9b3d84775944fb8c8a447961cd01274ac671c", + "https://git.kernel.org/stable/c/8377d7744bdce5c4b3f1b58924eebd3fdc078dfc" + ], + "PublishedDate": "2025-08-16T11:15:44.01Z", + "LastModifiedDate": "2025-08-16T11:15:44.01Z" + }, + { + "VulnerabilityID": "CVE-2025-38511", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38511", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: d ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/pf: Clear all LMTT pages on alloc\n\nOur LMEM buffer objects are not cleared by default on alloc\nand during VF provisioning we only setup LMTT PTEs for the\nactually provisioned LMEM range. But beyond that valid range\nwe might leave some stale data that could either point to some\nother VFs allocations or even to the PF pages.\n\nExplicitly clear all new LMTT page to avoid the risk that a\nmalicious VF would try to exploit that gap.\n\nWhile around add asserts to catch any undesired PTE overwrites\nand low-level debug traces to track LMTT PT life-cycle.\n\n(cherry picked from commit 3fae6918a3e27cce20ded2551f863fb05d4bef8d)", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/5d21892c2e15b6a27f8bc907693eca7c6b7cc269", + "https://git.kernel.org/stable/c/705a412a367f383430fa34bada387af2e52eb043", + "https://git.kernel.org/stable/c/ff4b8c9ade1b82979fdd01e6f45b60f92eed26d8" + ], + "PublishedDate": "2025-08-16T11:15:44.14Z", + "LastModifiedDate": "2025-08-16T11:15:44.14Z" + }, + { + "VulnerabilityID": "CVE-2025-38512", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38512", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: w ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: prevent A-MSDU attacks in mesh networks\n\nThis patch is a mitigation to prevent the A-MSDU spoofing vulnerability\nfor mesh networks. The initial update to the IEEE 802.11 standard, in\nresponse to the FragAttacks, missed this case (CVE-2025-27558). It can\nbe considered a variant of CVE-2020-24588 but for mesh networks.\n\nThis patch tries to detect if a standard MSDU was turned into an A-MSDU\nby an adversary. This is done by parsing a received A-MSDU as a standard\nMSDU, calculating the length of the Mesh Control header, and seeing if\nthe 6 bytes after this header equal the start of an rfc1042 header. If\nequal, this is a strong indication of an ongoing attack attempt.\n\nThis defense was tested with mac80211_hwsim against a mesh network that\nuses an empty Mesh Address Extension field, i.e., when four addresses\nare used, and when using a 12-byte Mesh Address Extension field, i.e.,\nwhen six addresses are used. Functionality of normal MSDUs and A-MSDUs\nwas also tested, and confirmed working, when using both an empty and\n12-byte Mesh Address Extension field.\n\nIt was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh\nnetworks keep being detected and prevented.\n\nNote that the vulnerability being patched, and the defense being\nimplemented, was also discussed in the following paper and in the\nfollowing IEEE 802.11 presentation:\n\nhttps://papers.mathyvanhoef.com/wisec2025.pdf\nhttps://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/6e3b09402cc6c3e3474fa548e8adf6897dda05de", + "https://git.kernel.org/stable/c/737bb912ebbe4571195c56eba557c4d7315b26fb", + "https://git.kernel.org/stable/c/e01851f6e9a665a6011b14714b271d3e6b0b8d32", + "https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80", + "https://git.kernel.org/stable/c/ec6392061de6681148b63ee6c8744da833498cdd" + ], + "PublishedDate": "2025-08-16T11:15:44.263Z", + "LastModifiedDate": "2025-08-16T11:15:44.263Z" + }, + { + "VulnerabilityID": "CVE-2025-38513", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38513", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: w ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()\n\nThere is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For\nexample, the following is possible:\n\n \tT0\t\t\t \t\tT1\nzd_mac_tx_to_dev()\n /* len == skb_queue_len(q) */\n while (len \u003e ZD_MAC_MAX_ACK_WAITERS) {\n\n\t\t\t\t\t filter_ack()\n\t\t\t\t\t spin_lock_irqsave(\u0026q-\u003elock, flags);\n\t\t\t\t\t /* position == skb_queue_len(q) */\n\t\t\t\t\t for (i=1; i\u003cposition; i++)\n\t\t\t\t \t skb = __skb_dequeue(q)\n\n\t\t\t\t\t if (mac-\u003etype == NL80211_IFTYPE_AP)\n\t\t\t\t\t skb = __skb_dequeue(q);\n\t\t\t\t\t spin_unlock_irqrestore(\u0026q-\u003elock, flags);\n\n skb_dequeue() -\u003e NULL\n\nSince there is a small gap between checking skb queue length and skb being\nunconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL.\nThen the pointer is passed to zd_mac_tx_status() where it is dereferenced.\n\nIn order to avoid potential NULL pointer dereference due to situations like\nabove, check if skb is not NULL before passing it to zd_mac_tx_status().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/014c34dc132015c4f918ada4982e952947ac1047", + "https://git.kernel.org/stable/c/5420de65efbeb6503bcf1d43451c9df67ad60298", + "https://git.kernel.org/stable/c/602b4eb2f25668de15de69860ec99caf65b3684d", + "https://git.kernel.org/stable/c/74b1ec9f5d627d2bdd5e5b6f3f81c23317657023", + "https://git.kernel.org/stable/c/adf08c96b963c7cd7ec1ee1c0c556228d9bedaae", + "https://git.kernel.org/stable/c/b24f65c184540dfb967479320ecf7e8c2e9220dc", + "https://git.kernel.org/stable/c/c1958270de947604cc6de05fc96dbba256b49cf0", + "https://git.kernel.org/stable/c/fcd9c923b58e86501450b9b442ccc7ce4a8d0fda" + ], + "PublishedDate": "2025-08-16T11:15:44.383Z", + "LastModifiedDate": "2025-08-16T11:15:44.383Z" + }, + { + "VulnerabilityID": "CVE-2025-38514", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38514", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: r ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix oops due to non-existence of prealloc backlog struct\n\nIf an AF_RXRPC service socket is opened and bound, but calls are\npreallocated, then rxrpc_alloc_incoming_call() will oops because the\nrxrpc_backlog struct doesn't get allocated until the first preallocation is\nmade.\n\nFix this by returning NULL from rxrpc_alloc_incoming_call() if there is no\nbacklog struct. This will cause the incoming call to be aborted.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/0eef29385d715d4c7fd707b18d4a9b76c76dd5e6", + "https://git.kernel.org/stable/c/2c2e9ebeb036f9b1b09325ec5cfdfe0e78f357c3", + "https://git.kernel.org/stable/c/880a88f318cf1d2a0f4c0a7ff7b07e2062b434a4", + "https://git.kernel.org/stable/c/bf0ca6a1bc4fb904b598137c6718785a107e3adf", + "https://git.kernel.org/stable/c/d1ff5f9d2c5405681457262e23c720b08977c11f", + "https://git.kernel.org/stable/c/efc1b2b7c1a308b60df8f36bc2d7ce16d3999364", + "https://git.kernel.org/stable/c/f5e72b7824d08c206ce106d30cb37c4642900ccc", + "https://git.kernel.org/stable/c/f7afb3ff01c42c49e8a143cdce400b95844bb506" + ], + "PublishedDate": "2025-08-16T11:15:44.51Z", + "LastModifiedDate": "2025-08-16T11:15:44.51Z" + }, + { + "VulnerabilityID": "CVE-2025-38515", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38515", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: d ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Increment job count before swapping tail spsc queue\n\nA small race exists between spsc_queue_push and the run-job worker, in\nwhich spsc_queue_push may return not-first while the run-job worker has\nalready idled due to the job count being zero. If this race occurs, job\nscheduling stops, leading to hangs while waiting on the job’s DMA\nfences.\n\nSeal this race by incrementing the job count before appending to the\nSPSC queue.\n\nThis race was observed on a drm-tip 6.16-rc1 build with the Xe driver in\nan SVM test case.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/549a9c78c3ea6807d0dc4162a4f5ba59f217d5a0", + "https://git.kernel.org/stable/c/8af39ec5cf2be522c8eb43a3d8005ed59e4daaee", + "https://git.kernel.org/stable/c/c64f5310530baf75328292f9b9f3f2961d185183", + "https://git.kernel.org/stable/c/e2d6547dc8b9b332f9bc00875197287a6a4db65a", + "https://git.kernel.org/stable/c/e62f51d0ec8a9baf324caf9a564f8e318d36a551", + "https://git.kernel.org/stable/c/ef58a95457466849fa7b31fd3953801a5af0f58b", + "https://git.kernel.org/stable/c/ef841f8e4e1ff67817ca899bedc5ebb00847c0a7", + "https://git.kernel.org/stable/c/f9a4f28a4fc4ee453a92a9abbe36e26224d17749" + ], + "PublishedDate": "2025-08-16T11:15:44.637Z", + "LastModifiedDate": "2025-08-16T11:15:44.637Z" + }, + { + "VulnerabilityID": "CVE-2025-38516", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38516", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: p ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: msm: mark certain pins as invalid for interrupts\n\nOn some platforms, the UFS-reset pin has no interrupt logic in TLMM but\nis nevertheless registered as a GPIO in the kernel. This enables the\nuser-space to trigger a BUG() in the pinctrl-msm driver by running, for\nexample: `gpiomon -c 0 113` on RB2.\n\nThe exact culprit is requesting pins whose intr_detection_width setting\nis not 1 or 2 for interrupts. This hits a BUG() in\nmsm_gpio_irq_set_type(). Potentially crashing the kernel due to an\ninvalid request from user-space is not optimal, so let's go through the\npins and mark those that would fail the check as invalid for the irq chip\nas we should not even register them as available irqs.\n\nThis function can be extended if we determine that there are more\ncorner-cases like this.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/1d57f7132662e96aace3b8a000616efde289aae1", + "https://git.kernel.org/stable/c/275605a8b48002fe98675a5c06f3e39c09067ff2", + "https://git.kernel.org/stable/c/3f8fc02c2582c1dfad1785e9c7bc8b4e1521af0a", + "https://git.kernel.org/stable/c/6a89563ccf9cd0d745e2291302878a061508573f", + "https://git.kernel.org/stable/c/93712205ce2f1fb047739494c0399a26ea4f0890", + "https://git.kernel.org/stable/c/97c9c7daeeb00c6e1d5e84084041f79c2d2dce22", + "https://git.kernel.org/stable/c/cb4b08a095b1fa4b3fca782757517e4e9a917d8e", + "https://git.kernel.org/stable/c/cc145e02d6b8494c48f91958d52fa76b7e577f7b" + ], + "PublishedDate": "2025-08-16T11:15:44.763Z", + "LastModifiedDate": "2025-08-16T11:15:44.763Z" + }, + { + "VulnerabilityID": "CVE-2025-38517", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38517", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: l ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()\n\nalloc_tag_top_users() attempts to lock alloc_tag_cttype-\u003emod_lock even\nwhen the alloc_tag_cttype is not allocated because:\n\n 1) alloc tagging is disabled because mem profiling is disabled\n (!alloc_tag_cttype)\n 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype)\n 3) alloc tagging is enabled, but failed initialization\n (!alloc_tag_cttype or IS_ERR(alloc_tag_cttype))\n\nIn all cases, alloc_tag_cttype is not allocated, and therefore\nalloc_tag_top_users() should not attempt to acquire the semaphore.\n\nThis leads to a crash on memory allocation failure by attempting to\nacquire a non-existent semaphore:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#3] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df]\n CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G D 6.16.0-rc2 #1 VOLUNTARY\n Tainted: [D]=DIE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:down_read_trylock+0xaa/0x3b0\n Code: d0 7c 08 84 d2 0f 85 a0 02 00 00 8b 0d df 31 dd 04 85 c9 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 68 48 89 ea 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 88 02 00 00 48 3b 5b 68 0f 85 53 01 00 00 65 ff\n RSP: 0000:ffff8881002ce9b8 EFLAGS: 00010016\n RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000000\n RDX: 000000000000001b RSI: 000000000000000a RDI: 0000000000000070\n RBP: 00000000000000d8 R08: 0000000000000001 R09: ffffed107dde49d1\n R10: ffff8883eef24e8b R11: ffff8881002cec20 R12: 1ffff11020059d37\n R13: 00000000003fff7b R14: ffff8881002cec20 R15: dffffc0000000000\n FS: 00007f963f21d940(0000) GS:ffff888458ca6000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f963f5edf71 CR3: 000000010672c000 CR4: 0000000000350ef0\n Call Trace:\n \u003cTASK\u003e\n codetag_trylock_module_list+0xd/0x20\n alloc_tag_top_users+0x369/0x4b0\n __show_mem+0x1cd/0x6e0\n warn_alloc+0x2b1/0x390\n __alloc_frozen_pages_noprof+0x12b9/0x21a0\n alloc_pages_mpol+0x135/0x3e0\n alloc_slab_page+0x82/0xe0\n new_slab+0x212/0x240\n ___slab_alloc+0x82a/0xe00\n \u003c/TASK\u003e\n\nAs David Wang points out, this issue became easier to trigger after commit\n780138b12381 (\"alloc_tag: check mem_profiling_support in alloc_tag_init\").\n\nBefore the commit, the issue occurred only when it failed to allocate and\ninitialize alloc_tag_cttype or if a memory allocation fails before\nalloc_tag_init() is called. After the commit, it can be easily triggered\nwhen memory profiling is compiled but disabled at boot.\n\nTo properly determine whether alloc_tag_init() has been called and its\ndata structures initialized, verify that alloc_tag_cttype is a valid\npointer before acquiring the semaphore. If the variable is NULL or an\nerror value, it has not been properly initialized. In such a case, just\nskip and do not attempt to acquire the semaphore.\n\n[harry.yoo@oracle.com: v3]", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/22bf79c0c2301b6e15a688220284b147774d277e", + "https://git.kernel.org/stable/c/99af22cd34688cc0d535a1919e0bea4cbc6c1ea1", + "https://git.kernel.org/stable/c/febc0b5dbabda414565bdfaaaa59d26f787d5fe7" + ], + "PublishedDate": "2025-08-16T11:15:44.897Z", + "LastModifiedDate": "2025-08-16T11:15:44.897Z" + }, + { + "VulnerabilityID": "CVE-2025-38520", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38520", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: d ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Don't call mmput from MMU notifier callback\n\nIf the process is exiting, the mmput inside mmu notifier callback from\ncompactd or fork or numa balancing could release the last reference\nof mm struct to call exit_mmap and free_pgtable, this triggers deadlock\nwith below backtrace.\n\nThe deadlock will leak kfd process as mmu notifier release is not called\nand cause VRAM leaking.\n\nThe fix is to take mm reference mmget_non_zero when adding prange to the\ndeferred list to pair with mmput in deferred list work.\n\nIf prange split and add into pchild list, the pchild work_item.mm is not\nused, so remove the mm parameter from svm_range_unmap_split and\nsvm_range_add_child.\n\nThe backtrace of hung task:\n\n INFO: task python:348105 blocked for more than 64512 seconds.\n Call Trace:\n __schedule+0x1c3/0x550\n schedule+0x46/0xb0\n rwsem_down_write_slowpath+0x24b/0x4c0\n unlink_anon_vmas+0xb1/0x1c0\n free_pgtables+0xa9/0x130\n exit_mmap+0xbc/0x1a0\n mmput+0x5a/0x140\n svm_range_cpu_invalidate_pagetables+0x2b/0x40 [amdgpu]\n mn_itree_invalidate+0x72/0xc0\n __mmu_notifier_invalidate_range_start+0x48/0x60\n try_to_unmap_one+0x10fa/0x1400\n rmap_walk_anon+0x196/0x460\n try_to_unmap+0xbb/0x210\n migrate_page_unmap+0x54d/0x7e0\n migrate_pages_batch+0x1c3/0xae0\n migrate_pages_sync+0x98/0x240\n migrate_pages+0x25c/0x520\n compact_zone+0x29d/0x590\n compact_zone_order+0xb6/0xf0\n try_to_compact_pages+0xbe/0x220\n __alloc_pages_direct_compact+0x96/0x1a0\n __alloc_pages_slowpath+0x410/0x930\n __alloc_pages_nodemask+0x3a9/0x3e0\n do_huge_pmd_anonymous_page+0xd7/0x3e0\n __handle_mm_fault+0x5e3/0x5f0\n handle_mm_fault+0xf7/0x2e0\n hmm_vma_fault.isra.0+0x4d/0xa0\n walk_pmd_range.isra.0+0xa8/0x310\n walk_pud_range+0x167/0x240\n walk_pgd_range+0x55/0x100\n __walk_page_range+0x87/0x90\n walk_page_range+0xf6/0x160\n hmm_range_fault+0x4f/0x90\n amdgpu_hmm_range_get_pages+0x123/0x230 [amdgpu]\n amdgpu_ttm_tt_get_user_pages+0xb1/0x150 [amdgpu]\n init_user_pages+0xb1/0x2a0 [amdgpu]\n amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x543/0x7d0 [amdgpu]\n kfd_ioctl_alloc_memory_of_gpu+0x24c/0x4e0 [amdgpu]\n kfd_ioctl+0x29d/0x500 [amdgpu]\n\n(cherry picked from commit a29e067bd38946f752b0ef855f3dfff87e77bec7)", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/145a56bd68f4bff098d59fbc7c263d20dfef4fc4", + "https://git.kernel.org/stable/c/a7eb0a25010a674c8fdfbece38353ef7be8c5834", + "https://git.kernel.org/stable/c/c1bde9d48e09933c361521720f77a8072083c83a", + "https://git.kernel.org/stable/c/cf234231fcbc7d391e2135b9518613218cc5347f", + "https://git.kernel.org/stable/c/e90ee15ce28c61f6d83a0511c3e02e2662478350" + ], + "PublishedDate": "2025-08-16T11:15:45.283Z", + "LastModifiedDate": "2025-08-16T11:15:45.283Z" + }, + { + "VulnerabilityID": "CVE-2025-38521", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38521", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: d ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix kernel crash when hard resetting the GPU\n\nThe GPU hard reset sequence calls pm_runtime_force_suspend() and\npm_runtime_force_resume(), which according to their documentation should\nonly be used during system-wide PM transitions to sleep states.\n\nThe main issue though is that depending on some internal runtime PM\nstate as seen by pm_runtime_force_suspend() (whether the usage count is\n\u003c= 1), pm_runtime_force_resume() might not resume the device unless\nneeded. If that happens, the runtime PM resume callback\npvr_power_device_resume() is not called, the GPU clocks are not\nre-enabled, and the kernel crashes on the next attempt to access GPU\nregisters as part of the power-on sequence.\n\nReplace calls to pm_runtime_force_suspend() and\npm_runtime_force_resume() with direct calls to the driver's runtime PM\ncallbacks, pvr_power_device_suspend() and pvr_power_device_resume(),\nto ensure clocks are re-enabled and avoid the kernel crash.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/9f852d301f642223c4798f3c13ba15e91165d078", + "https://git.kernel.org/stable/c/d38376b3ee48d073c64e75e150510d7e6b4b04f7", + "https://git.kernel.org/stable/c/e066cc6e0f094ca2120f1928d126d56f686cd73e" + ], + "PublishedDate": "2025-08-16T11:15:45.413Z", + "LastModifiedDate": "2025-08-16T11:15:45.413Z" + }, + { + "VulnerabilityID": "CVE-2025-38524", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38524", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: r ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix recv-recv race of completed call\n\nIf a call receives an event (such as incoming data), the call gets placed\non the socket's queue and a thread in recvmsg can be awakened to go and\nprocess it. Once the thread has picked up the call off of the queue,\nfurther events will cause it to be requeued, and once the socket lock is\ndropped (recvmsg uses call-\u003euser_mutex to allow the socket to be used in\nparallel), a second thread can come in and its recvmsg can pop the call off\nthe socket queue again.\n\nIn such a case, the first thread will be receiving stuff from the call and\nthe second thread will be blocked on call-\u003euser_mutex. The first thread\ncan, at this point, process both the event that it picked call for and the\nevent that the second thread picked the call for and may see the call\nterminate - in which case the call will be \"released\", decoupling the call\nfrom the user call ID assigned to it (RXRPC_USER_CALL_ID in the control\nmessage).\n\nThe first thread will return okay, but then the second thread will wake up\nholding the user_mutex and, if it sees that the call has been released by\nthe first thread, it will BUG thusly:\n\n\tkernel BUG at net/rxrpc/recvmsg.c:474!\n\nFix this by just dequeuing the call and ignoring it if it is seen to be\nalready released. We can't tell userspace about it anyway as the user call\nID has become stale.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/6c75a97a32a5fa2060c3dd30207e63b6914b606d", + "https://git.kernel.org/stable/c/7692bde890061797f3dece0148d7859e85c55778", + "https://git.kernel.org/stable/c/839fe96c15209dc2255c064bb44b636efe04f032", + "https://git.kernel.org/stable/c/962fb1f651c2cf2083e0c3ef53ba69e3b96d3fbc" + ], + "PublishedDate": "2025-08-16T12:15:27.8Z", + "LastModifiedDate": "2025-08-16T12:15:27.8Z" + }, + { + "VulnerabilityID": "CVE-2025-38526", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38526", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: i ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: add NULL check in eswitch lag check\n\nThe function ice_lag_is_switchdev_running() is being called from outside of\nthe LAG event handler code. This results in the lag-\u003eupper_netdev being\nNULL sometimes. To avoid a NULL-pointer dereference, there needs to be a\ncheck before it is dereferenced.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/245917d3c5ed7c6ae720302b64eac5c6f0c85177", + "https://git.kernel.org/stable/c/27591d926191e42b2332e4bad3bcd3a49def393b", + "https://git.kernel.org/stable/c/3ce58b01ada408b372f15b7c992ed0519840e3cf", + "https://git.kernel.org/stable/c/5a5d64f0eec82076b2c09fee2195d640cfbe3379" + ], + "PublishedDate": "2025-08-16T12:15:28.06Z", + "LastModifiedDate": "2025-08-16T12:15:28.06Z" + }, + { + "VulnerabilityID": "CVE-2025-38527", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38527", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: s ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in cifs_oplock_break\n\nA race condition can occur in cifs_oplock_break() leading to a\nuse-after-free of the cinode structure when unmounting:\n\n cifs_oplock_break()\n _cifsFileInfo_put(cfile)\n cifsFileInfo_put_final()\n cifs_sb_deactive()\n [last ref, start releasing sb]\n kill_sb()\n kill_anon_super()\n generic_shutdown_super()\n evict_inodes()\n dispose_list()\n evict()\n destroy_inode()\n call_rcu(\u0026inode-\u003ei_rcu, i_callback)\n spin_lock(\u0026cinode-\u003eopen_file_lock) \u003c- OK\n [later] i_callback()\n cifs_free_inode()\n kmem_cache_free(cinode)\n spin_unlock(\u0026cinode-\u003eopen_file_lock) \u003c- UAF\n cifs_done_oplock_break(cinode) \u003c- UAF\n\nThe issue occurs when umount has already released its reference to the\nsuperblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this\nreleases the last reference, triggering the immediate cleanup of all\ninodes under RCU. However, cifs_oplock_break() continues to access the\ncinode after this point, resulting in use-after-free.\n\nFix this by holding an extra reference to the superblock during the\nentire oplock break operation. This ensures that the superblock and\nits inodes remain valid until the oplock break completes.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/09bce2138a30ef10d8821c8c3f73a4ab7a5726bc", + "https://git.kernel.org/stable/c/0a4eec84d4d2c4085d4ed8630fd74e4b39033c1b", + "https://git.kernel.org/stable/c/2baaf5bbab2ac474c4f92c10fcb3310f824db995", + "https://git.kernel.org/stable/c/705c79101ccf9edea5a00d761491a03ced314210", + "https://git.kernel.org/stable/c/da11bd4b697b393a207f19a2ed7d382a811a3ddc" + ], + "PublishedDate": "2025-08-16T12:15:28.183Z", + "LastModifiedDate": "2025-08-16T12:15:28.183Z" + }, + { + "VulnerabilityID": "CVE-2025-38528", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38528", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: b ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject %p% format string in bprintf-like helpers\n\nstatic const char fmt[] = \"%p%\";\n bpf_trace_printk(fmt, sizeof(fmt));\n\nThe above BPF program isn't rejected and causes a kernel warning at\nruntime:\n\n Please remove unsupported %\\x00 in format string\n WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0\n\nThis happens because bpf_bprintf_prepare skips over the second %,\ndetected as punctuation, while processing %p. This patch fixes it by\nnot skipping over punctuation. %\\x00 is then processed in the next\niteration and rejected.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/1c5f5fd47bbda17cb885fe6f03730702cd53d3f8", + "https://git.kernel.org/stable/c/61d5fa45ed13e42af14c7e959baba9908b8ee6d4", + "https://git.kernel.org/stable/c/6952aeace93f8c9ea01849efecac24dd3152c9c9", + "https://git.kernel.org/stable/c/e7be679124bae8cf4fa6e40d7e1661baddfb3289", + "https://git.kernel.org/stable/c/f8242745871f81a3ac37f9f51853d12854fd0b58" + ], + "PublishedDate": "2025-08-16T12:15:28.313Z", + "LastModifiedDate": "2025-08-16T12:15:28.313Z" + }, + { + "VulnerabilityID": "CVE-2025-38529", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38529", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: c ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: aio_iiro_16: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/43ddd82e6a91913cea1c078e782afd8de60c3a53", + "https://git.kernel.org/stable/c/66acb1586737a22dd7b78abc63213b1bcaa100e4", + "https://git.kernel.org/stable/c/955e8835855fed8e87f7d8c8075564a1746c1b4c", + "https://git.kernel.org/stable/c/e0f3c0867d7d231c70984f05c97752caacd0daba", + "https://git.kernel.org/stable/c/ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7" + ], + "PublishedDate": "2025-08-16T12:15:28.443Z", + "LastModifiedDate": "2025-08-16T12:15:28.443Z" + }, + { + "VulnerabilityID": "CVE-2025-38530", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38530", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: c ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl812: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 board-\u003eirq_bits) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/16c173abee315953fd17a279352fec4a1faee862", + "https://git.kernel.org/stable/c/5bfa301e1e59a9b1a7b62a800b54852337c97416", + "https://git.kernel.org/stable/c/7e470d8efd10725b189ca8951973a8425932398a", + "https://git.kernel.org/stable/c/a27e27eee313fe1c450b6af1e80e64412546cab4", + "https://git.kernel.org/stable/c/b14b076ce593f72585412fc7fd3747e03a5e3632" + ], + "PublishedDate": "2025-08-16T12:15:28.57Z", + "LastModifiedDate": "2025-08-16T12:15:28.57Z" + }, + { + "VulnerabilityID": "CVE-2025-38531", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38531", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: i ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions \u0026indio_dev-\u003edev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don't seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1]", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/3297a9016a45144883ec990bd4bd5b1d79cafb46", + "https://git.kernel.org/stable/c/610615c9668037e3eca11132063b93b2d945af13", + "https://git.kernel.org/stable/c/9f92e93e257b33e73622640a9205f8642ec16ddd" + ], + "PublishedDate": "2025-08-16T12:15:28.693Z", + "LastModifiedDate": "2025-08-16T12:15:28.693Z" + }, + { + "VulnerabilityID": "CVE-2025-38532", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38532", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: n ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: properly reset Rx ring descriptor\n\nWhen device reset is triggered by feature changes such as toggling Rx\nVLAN offload, wx-\u003edo_reset() is called to reinitialize Rx rings. The\nhardware descriptor ring may retain stale values from previous sessions.\nAnd only set the length to 0 in rx_desc[0] would result in building\nmalformed SKBs. Fix it to ensure a clean slate after device reset.\n\n[ 549.186435] [ C16] ------------[ cut here ]------------\n[ 549.186457] [ C16] kernel BUG at net/core/skbuff.c:2814!\n[ 549.186468] [ C16] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 549.186472] [ C16] CPU: 16 UID: 0 PID: 0 Comm: swapper/16 Kdump: loaded Not tainted 6.16.0-rc4+ #23 PREEMPT(voluntary)\n[ 549.186476] [ C16] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n[ 549.186478] [ C16] RIP: 0010:__pskb_pull_tail+0x3ff/0x510\n[ 549.186484] [ C16] Code: 06 f0 ff 4f 34 74 7b 4d 8b 8c 24 c8 00 00 00 45 8b 84 24 c0 00 00 00 e9 c8 fd ff ff 48 c7 44 24 08 00 00 00 00 e9 5e fe ff ff \u003c0f\u003e 0b 31 c0 e9 23 90 5b ff 41 f7 c6 ff 0f 00 00 75 bf 49 8b 06 a8\n[ 549.186487] [ C16] RSP: 0018:ffffb391c0640d70 EFLAGS: 00010282\n[ 549.186490] [ C16] RAX: 00000000fffffff2 RBX: ffff8fe7e4d40200 RCX: 00000000fffffff2\n[ 549.186492] [ C16] RDX: ffff8fe7c3a4bf8e RSI: 0000000000000180 RDI: ffff8fe7c3a4bf40\n[ 549.186494] [ C16] RBP: ffffb391c0640da8 R08: ffff8fe7c3a4c0c0 R09: 000000000000000e\n[ 549.186496] [ C16] R10: ffffb391c0640d88 R11: 000000000000000e R12: ffff8fe7e4d40200\n[ 549.186497] [ C16] R13: 00000000fffffff2 R14: ffff8fe7fa01a000 R15: 00000000fffffff2\n[ 549.186499] [ C16] FS: 0000000000000000(0000) GS:ffff8fef5ae40000(0000) knlGS:0000000000000000\n[ 549.186502] [ C16] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.186503] [ C16] CR2: 00007f77d81d6000 CR3: 000000051a032000 CR4: 0000000000750ef0\n[ 549.186505] [ C16] PKRU: 55555554\n[ 549.186507] [ C16] Call Trace:\n[ 549.186510] [ C16] \u003cIRQ\u003e\n[ 549.186513] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.186517] [ C16] __skb_pad+0xc7/0xf0\n[ 549.186523] [ C16] wx_clean_rx_irq+0x355/0x3b0 [libwx]\n[ 549.186533] [ C16] wx_poll+0x92/0x120 [libwx]\n[ 549.186540] [ C16] __napi_poll+0x28/0x190\n[ 549.186544] [ C16] net_rx_action+0x301/0x3f0\n[ 549.186548] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.186551] [ C16] ? __raw_spin_lock_irqsave+0x1e/0x50\n[ 549.186554] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.186557] [ C16] ? wake_up_nohz_cpu+0x35/0x160\n[ 549.186559] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.186563] [ C16] handle_softirqs+0xf9/0x2c0\n[ 549.186568] [ C16] __irq_exit_rcu+0xc7/0x130\n[ 549.186572] [ C16] common_interrupt+0xb8/0xd0\n[ 549.186576] [ C16] \u003c/IRQ\u003e\n[ 549.186577] [ C16] \u003cTASK\u003e\n[ 549.186579] [ C16] asm_common_interrupt+0x22/0x40\n[ 549.186582] [ C16] RIP: 0010:cpuidle_enter_state+0xc2/0x420\n[ 549.186585] [ C16] Code: 00 00 e8 11 0e 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 0d ed 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 \u003c45\u003e 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d\n[ 549.186587] [ C16] RSP: 0018:ffffb391c0277e78 EFLAGS: 00000246\n[ 549.186590] [ C16] RAX: ffff8fef5ae40000 RBX: 0000000000000003 RCX: 0000000000000000\n[ 549.186591] [ C16] RDX: 0000007fde0faac5 RSI: ffffffff826e53f6 RDI: ffffffff826fa9b3\n[ 549.186593] [ C16] RBP: ffff8fe7c3a20800 R08: 0000000000000002 R09: 0000000000000000\n[ 549.186595] [ C16] R10: 0000000000000000 R11: 000000000000ffff R12: ffffffff82ed7a40\n[ 549.186596] [ C16] R13: 0000007fde0faac5 R14: 0000000000000003 R15: 0000000000000000\n[ 549.186601] [ C16] ? cpuidle_enter_state+0xb3/0x420\n[ 549.186605] [ C16] cpuidle_en\n---truncated---", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/10e27b2a6ebeda49e9c2897a699d3ce1ded565ee", + "https://git.kernel.org/stable/c/d510116c80b37efb100ce8d5ee326214b0157293", + "https://git.kernel.org/stable/c/d992ed7e1b687ad7df0763d3e015a5358646210b", + "https://git.kernel.org/stable/c/ee527d3fba4dae1d619d2d0438624002c8e99e24" + ], + "PublishedDate": "2025-08-16T12:15:28.823Z", + "LastModifiedDate": "2025-08-16T12:15:28.823Z" + }, + { + "VulnerabilityID": "CVE-2025-38533", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38533", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: n ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: fix the using of Rx buffer DMA\n\nThe wx_rx_buffer structure contained two DMA address fields: 'dma' and\n'page_dma'. However, only 'page_dma' was actually initialized and used\nto program the Rx descriptor. But 'dma' was uninitialized and used in\nsome paths.\n\nThis could lead to undefined behavior, including DMA errors or\nuse-after-free, if the uninitialized 'dma' was used. Althrough such\nerror has not yet occurred, it is worth fixing in the code.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/027701180a7bcb64c42eab291133ef0c87b5b6c5", + "https://git.kernel.org/stable/c/05c37b574997892a40a0e9b9b88a481566b2367d", + "https://git.kernel.org/stable/c/5fd77cc6bd9b368431a815a780e407b7781bcca0", + "https://git.kernel.org/stable/c/ba7c793f96c1c2b944bb6f423d7243f3afc30fe9" + ], + "PublishedDate": "2025-08-16T12:15:28.957Z", + "LastModifiedDate": "2025-08-16T12:15:28.957Z" + }, + { + "VulnerabilityID": "CVE-2025-38535", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38535", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: p ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode\n\nWhen transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code\nassumed that the regulator should be disabled. However, if the regulator\nis marked as always-on, regulator_is_enabled() continues to return true,\nleading to an incorrect attempt to disable a regulator which is not\nenabled.\n\nThis can result in warnings such as:\n\n[ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004\n_regulator_disable+0xe4/0x1a0\n[ 250.155652] unbalanced disables for VIN_SYS_5V0\n\nTo fix this, we move the regulator control logic into\ntegra186_xusb_padctl_id_override() function since it's directly related\nto the ID override state. The regulator is now only disabled when the role\ntransitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID\nregister. This ensures that regulator enable/disable operations are\nproperly balanced and only occur when actually transitioning to/from host\nmode.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/1bb85b5c2bd43b687c3d54eb6328917f90dd38fc", + "https://git.kernel.org/stable/c/5367cdeb75cb6c687ca468450bceb2602ab239d8", + "https://git.kernel.org/stable/c/cefc1caee9dd06c69e2d807edc5949b329f52b22", + "https://git.kernel.org/stable/c/eaa420339658615d26c1cc95cd6cf720b9aebfca", + "https://git.kernel.org/stable/c/ec7f98ff05f0649af0adeb4808c7ba23d6111ef9" + ], + "PublishedDate": "2025-08-16T12:15:29.217Z", + "LastModifiedDate": "2025-08-16T12:15:29.217Z" + }, + { + "VulnerabilityID": "CVE-2025-38537", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38537", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: n ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Don't register LEDs for genphy\n\nIf a PHY has no driver, the genphy driver is probed/removed directly in\nphy_attach/detach. If the PHY's ofnode has an \"leds\" subnode, then the\nLEDs will be (un)registered when probing/removing the genphy driver.\nThis could occur if the leds are for a non-generic driver that isn't\nloaded for whatever reason. Synchronously removing the PHY device in\nphy_detach leads to the following deadlock:\n\nrtnl_lock()\nndo_close()\n ...\n phy_detach()\n phy_remove()\n phy_leds_unregister()\n led_classdev_unregister()\n led_trigger_set()\n netdev_trigger_deactivate()\n unregister_netdevice_notifier()\n rtnl_lock()\n\nThere is a corresponding deadlock on the open/register side of things\n(and that one is reported by lockdep), but it requires a race while this\none is deterministic.\n\nGeneric PHYs do not support LEDs anyway, so don't bother registering\nthem.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/75e1b2079ef0653a2f7aa69be515d86b7faf1908", + "https://git.kernel.org/stable/c/ec158d05eaa91b2809cab65f8068290e3c05ebdd", + "https://git.kernel.org/stable/c/f0f2b992d8185a0366be951685e08643aae17d6d", + "https://git.kernel.org/stable/c/fd6493533af9e5d73d0d42ff2a8ded978a701dc6" + ], + "PublishedDate": "2025-08-16T12:15:29.467Z", + "LastModifiedDate": "2025-08-16T12:15:29.467Z" + }, + { + "VulnerabilityID": "CVE-2025-38538", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38538", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: d ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: nbpfaxi: Fix memory corruption in probe()\n\nThe nbpf-\u003echan[] array is allocated earlier in the nbpf_probe() function\nand it has \"num_channels\" elements. These three loops iterate one\nelement farther than they should and corrupt memory.\n\nThe changes to the second loop are more involved. In this case, we're\ncopying data from the irqbuf[] array into the nbpf-\u003echan[] array. If\nthe data in irqbuf[i] is the error IRQ then we skip it, so the iterators\nare not in sync. I added a check to ensure that we don't go beyond the\nend of the irqbuf[] array. I'm pretty sure this can't happen, but it\nseemed harmless to add a check.\n\nOn the other hand, after the loop has ended there is a check to ensure\nthat the \"chan\" iterator is where we expect it to be. In the original\ncode we went one element beyond the end of the array so the iterator\nwasn't in the correct place and it would always return -EINVAL. However,\nnow it will always be in the correct place. I deleted the check since\nwe know the result.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/122160289adf8ebf15060f1cbf6265b55a914948", + "https://git.kernel.org/stable/c/188c6ba1dd925849c5d94885c8bbdeb0b3dcf510", + "https://git.kernel.org/stable/c/4bb016438335ec02b01f96bf1367378c2bfe03e5", + "https://git.kernel.org/stable/c/d6bbd67ab5de37a74ac85c83c5a26664b62034dd", + "https://git.kernel.org/stable/c/f366b36c5e3ce29c9a3c8eed3d1631908e4fc8bb" + ], + "PublishedDate": "2025-08-16T12:15:29.593Z", + "LastModifiedDate": "2025-08-16T12:15:29.593Z" + }, + { + "VulnerabilityID": "CVE-2025-38539", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38539", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: t ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/33e20747b47ddc03569b6bc27a2d6894c1428182", + "https://git.kernel.org/stable/c/6bc94f20a4c304997288f9a45278c9d0c06987d3", + "https://git.kernel.org/stable/c/70fecd519caad0c1741c3379d5348c9000a5b29d", + "https://git.kernel.org/stable/c/7803b28c9aa8d8bd4e19ebcf5f0db9612b0f333b", + "https://git.kernel.org/stable/c/b5e8acc14dcb314a9b61ff19dcd9fdd0d88f70df" + ], + "PublishedDate": "2025-08-16T12:15:29.717Z", + "LastModifiedDate": "2025-08-16T12:15:29.717Z" + }, + { + "VulnerabilityID": "CVE-2025-38540", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38540", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: H ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras\n\nThe Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 \u0026 04F2:B82C)\nreport a HID sensor interface that is not actually implemented.\nAttempting to access this non-functional sensor via iio_info causes\nsystem hangs as runtime PM tries to wake up an unresponsive sensor.\n\nAdd these 2 devices to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/1b297ab6f38ca60a4ca7298b297944ec6043b2f4", + "https://git.kernel.org/stable/c/2b0931eee48208c25bb77486946dea8e96aa6a36", + "https://git.kernel.org/stable/c/35f1a5360ac68d9629abbb3930a0a07901cba296", + "https://git.kernel.org/stable/c/3ce1d87d1f5d80322757aa917182deb7370963b9", + "https://git.kernel.org/stable/c/54bae4c17c11688339eb73a04fd24203bb6e7494", + "https://git.kernel.org/stable/c/7ac00f019698f614a49cce34c198d0568ab0e1c2", + "https://git.kernel.org/stable/c/a2a91abd19c574b598b1c69ad76ad9c7eedaf062", + "https://git.kernel.org/stable/c/c72536350e82b53a1be0f3bfdf1511bba2827102" + ], + "PublishedDate": "2025-08-16T12:15:29.83Z", + "LastModifiedDate": "2025-08-16T12:15:29.83Z" + }, + { + "VulnerabilityID": "CVE-2025-38541", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38541", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: w ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()\n\ndevm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/03ee8f73801a8f46d83dfc2bf73fb9ffa5a21602", + "https://git.kernel.org/stable/c/1bbdf4213711bb6dc365e7628430a63dd3280794", + "https://git.kernel.org/stable/c/2e99e9b34ece0b6d3e82cb757e9f60fa414da999" + ], + "PublishedDate": "2025-08-16T12:15:29.957Z", + "LastModifiedDate": "2025-08-16T12:15:29.957Z" + }, + { + "VulnerabilityID": "CVE-2025-38542", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38542", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: n ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: appletalk: Fix device refcount leak in atrtr_create()\n\nWhen updating an existing route entry in atrtr_create(), the old device\nreference was not being released before assigning the new device,\nleading to a device refcount leak. Fix this by calling dev_put() to\nrelease the old device reference before holding the new one.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/473f3eadfc73b0fb6d8dee5829d19a5772e387f7", + "https://git.kernel.org/stable/c/4a17370da6e476d3d275534e9e9cd2d02c57ca46", + "https://git.kernel.org/stable/c/64124cf0aab0dd1e18c0fb5ae66e45741e727f8b", + "https://git.kernel.org/stable/c/711c80f7d8b163d3ecd463cd96f07230f488e750", + "https://git.kernel.org/stable/c/a7852b01793669248dce0348d14df89e77a32afd", + "https://git.kernel.org/stable/c/b2f5dfa87367fdce9f8b995bc6c38f64f9ea2c90", + "https://git.kernel.org/stable/c/b92bedf71f25303e203a4e657489d76691a58119", + "https://git.kernel.org/stable/c/d2e9f50f0bdad73b64a871f25186b899624518c4" + ], + "PublishedDate": "2025-08-16T12:15:30.083Z", + "LastModifiedDate": "2025-08-16T12:15:30.083Z" + }, + { + "VulnerabilityID": "CVE-2025-38543", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38543", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: d ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: nvdec: Fix dma_alloc_coherent error check\n\nCheck for NULL return value with dma_alloc_coherent, in line with\nRobin's fix for vic.c in 'drm/tegra: vic: Fix DMA API misuse'.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/2e0812eedccd0629d73c9d0b1184a5db055df1da", + "https://git.kernel.org/stable/c/44306a684cd1699b8562a54945ddc43e2abc9eab", + "https://git.kernel.org/stable/c/61b8d20962d00b7df117011c52f97cbb9c76a669", + "https://git.kernel.org/stable/c/a560de522374af931fa994d161db3667b0bb2545", + "https://git.kernel.org/stable/c/d1240029f97ac8c06db4dd4407bbbf83e8d08570" + ], + "PublishedDate": "2025-08-16T12:15:30.237Z", + "LastModifiedDate": "2025-08-16T12:15:30.237Z" + }, + { + "VulnerabilityID": "CVE-2025-38544", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38544", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: r ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix bug due to prealloc collision\n\nWhen userspace is using AF_RXRPC to provide a server, it has to preallocate\nincoming calls and assign to them call IDs that will be used to thread\nrelated recvmsg() and sendmsg() together. The preallocated call IDs will\nautomatically be attached to calls as they come in until the pool is empty.\n\nTo the kernel, the call IDs are just arbitrary numbers, but userspace can\nuse the call ID to hold a pointer to prepared structs. In any case, the\nuser isn't permitted to create two calls with the same call ID (call IDs\nbecome available again when the call ends) and EBADSLT should result from\nsendmsg() if an attempt is made to preallocate a call with an in-use call\nID.\n\nHowever, the cleanup in the error handling will trigger both assertions in\nrxrpc_cleanup_call() because the call isn't marked complete and isn't\nmarked as having been released.\n\nFix this by setting the call state in rxrpc_service_prealloc_one() and then\nmarking it as being released before calling the cleanup function.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/432c5363cd6fe5a928bbc94524d28b05515684dd", + "https://git.kernel.org/stable/c/5385ad53793de2ab11e396bdcdaa65bb04b4dad6", + "https://git.kernel.org/stable/c/69e4186773c6445b258fb45b6e1df18df831ec45", + "https://git.kernel.org/stable/c/d8ffb47a443919277cb093c3db1ec6c0a06880b1" + ], + "PublishedDate": "2025-08-16T12:15:30.373Z", + "LastModifiedDate": "2025-08-16T12:15:30.373Z" + }, + { + "VulnerabilityID": "CVE-2025-38545", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38545", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: n ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info\n\nWhile transitioning from netdev_alloc_ip_align() to build_skb(), memory\nfor the \"skb_shared_info\" member of an \"skb\" was not allocated. Fix this\nby allocating \"PAGE_SIZE\" as the skb length, accounting for the packet\nlength, headroom and tailroom, thereby including the required memory space\nfor skb_shared_info.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/02c4d6c26f1f662da8885b299c224ca6628ad232", + "https://git.kernel.org/stable/c/7d6ca0c8c0caf9a13cae2de763bb1f2a9ea7eabb", + "https://git.kernel.org/stable/c/fc2fffa2facac15ce711e95f98f954426e025bc5" + ], + "PublishedDate": "2025-08-16T12:15:30.5Z", + "LastModifiedDate": "2025-08-16T12:15:30.5Z" + }, + { + "VulnerabilityID": "CVE-2025-38546", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38546", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: a ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix memory leak of struct clip_vcc.\n\nioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to\nvcc-\u003euser_back.\n\nThe code assumes that vcc_destroy_socket() passes NULL skb\nto vcc-\u003epush() when the socket is close()d, and then clip_push()\nfrees clip_vcc.\n\nHowever, ioctl(ATMARPD_CTRL) sets NULL to vcc-\u003epush() in\natm_init_atmarp(), resulting in memory leak.\n\nLet's serialise two ioctl() by lock_sock() and check vcc-\u003epush()\nin atm_init_atmarp() to prevent memleak.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90", + "https://git.kernel.org/stable/c/1c075e88d5859a2c6b43b27e0e46fb281cef8039", + "https://git.kernel.org/stable/c/1fb9fb5a4b5cec2d56e26525ef8c519de858fa60", + "https://git.kernel.org/stable/c/2fb37ab3226606cbfc9b2b6f9e301b0b735734c5", + "https://git.kernel.org/stable/c/62dba28275a9a3104d4e33595c7b3328d4032d8d", + "https://git.kernel.org/stable/c/9e4dbeee56f614e3f1e166e5d0655a999ea185ef", + "https://git.kernel.org/stable/c/9f771816f14da6d6157a8c30069091abf6b566fb", + "https://git.kernel.org/stable/c/cb2e4a2f8f268d8fba6662f663a2e57846f14a8d" + ], + "PublishedDate": "2025-08-16T12:15:30.62Z", + "LastModifiedDate": "2025-08-16T12:15:30.62Z" + }, + { + "VulnerabilityID": "CVE-2025-38547", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38547", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: i ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps\n\nThe AXP717 ADC channel maps is missing a sentinel entry at the end. This\ncauses a KASAN warning.\n\nAdd the missing sentinel entry.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/086a76474121bf2351438e311376ec67b410b2ea", + "https://git.kernel.org/stable/c/0c0c01c88bb69951539539d2001e67f0c613001f", + "https://git.kernel.org/stable/c/3281ddcea6429f7bc1fdb39d407752dd1371aba9" + ], + "PublishedDate": "2025-08-16T12:15:30.757Z", + "LastModifiedDate": "2025-08-16T12:15:30.757Z" + }, + { + "VulnerabilityID": "CVE-2025-38548", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38548", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: h ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (corsair-cpro) Validate the size of the received input buffer\n\nAdd buffer_recv_size to store the size of the received bytes.\nValidate buffer_recv_size in send_usb_cmd().", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/0db770e2922389753ddbd6663a5516a32b97b743", + "https://git.kernel.org/stable/c/2771d2ee3d95700f34e1e4df6a445c90565cd4e9", + "https://git.kernel.org/stable/c/3c4bdc8a852e446080adc8ceb90ddd67a56e1bb8", + "https://git.kernel.org/stable/c/495a4f0dce9c8c4478c242209748f1ee9e4d5820", + "https://git.kernel.org/stable/c/eda5e38cc4dd2dcb422840540374910ef2818494" + ], + "PublishedDate": "2025-08-16T12:15:30.88Z", + "LastModifiedDate": "2025-08-16T12:15:30.88Z" + }, + { + "VulnerabilityID": "CVE-2025-38549", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38549", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: e ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths\n\nWhen processing mount options, efivarfs allocates efivarfs_fs_info (sfi)\nearly in fs_context initialization. However, sfi is associated with the\nsuperblock and typically freed when the superblock is destroyed. If the\nfs_context is released (final put) before fill_super is called—such as\non error paths or during reconfiguration—the sfi structure would leak,\nas ownership never transfers to the superblock.\n\nImplement the .free callback in efivarfs_context_ops to ensure any\nallocated sfi is properly freed if the fs_context is torn down before\nfill_super, preventing this memory leak.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/64e135f1eaba0bbb0cdee859af3328c68d5b9789", + "https://git.kernel.org/stable/c/816d36973467d1c9c08a48bdffe4675e219a2e84", + "https://git.kernel.org/stable/c/e9fabe7036bb8be6071f39dc38605508f5f57b20" + ], + "PublishedDate": "2025-08-16T12:15:31.003Z", + "LastModifiedDate": "2025-08-16T12:15:31.003Z" + }, + { + "VulnerabilityID": "CVE-2025-38550", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38550", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: i ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec()\n\npmc-\u003eidev is still used in ip6_mc_clear_src(), so as mld_clear_delrec()\ndoes, the reference should be put after ip6_mc_clear_src() return.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/5f18e0130194550dff734e155029ae734378b5ea", + "https://git.kernel.org/stable/c/728db00a14cacb37f36e9382ab5fad55caf890cc", + "https://git.kernel.org/stable/c/7929d27c747eafe8fca3eecd74a334503ee4c839", + "https://git.kernel.org/stable/c/ae3264a25a4635531264728859dbe9c659fad554", + "https://git.kernel.org/stable/c/dcbc346f50a009d8b7f4e330f9f2e22d6442fa26" + ], + "PublishedDate": "2025-08-16T12:15:31.137Z", + "LastModifiedDate": "2025-08-16T12:15:31.137Z" + }, + { + "VulnerabilityID": "CVE-2025-38551", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38551", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: v ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: fix recursived rtnl_lock() during probe()\n\nThe deadlock appears in a stack trace like:\n\n virtnet_probe()\n rtnl_lock()\n virtio_config_changed_work()\n netdev_notify_peers()\n rtnl_lock()\n\nIt happens if the VMM sends a VIRTIO_NET_S_ANNOUNCE request while the\nvirtio-net driver is still probing.\n\nThe config_work in probe() will get scheduled until virtnet_open() enables\nthe config change notification via virtio_config_driver_enable().", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/3859f137b3c1fa1f0031d54263234566bdcdd7aa", + "https://git.kernel.org/stable/c/4e7c46362550b229354aeb52038f414e231b0037", + "https://git.kernel.org/stable/c/be5dcaed694e4255dc02dd0acfe036708c535def" + ], + "PublishedDate": "2025-08-16T12:15:31.267Z", + "LastModifiedDate": "2025-08-16T12:15:31.267Z" + }, + { + "VulnerabilityID": "CVE-2025-38552", + "PkgID": "linux-libc-dev@6.12.38-1", + "PkgName": "linux-libc-dev", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/linux-libc-dev@6.12.38-1?arch=all\u0026distro=debian-13.0", + "UID": "215d40a017aa4894" + }, + "InstalledVersion": "6.12.38-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38552", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "In the Linux kernel, the following vulnerability has been resolved: m ...", + "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n'socket state prevent any additional subflow creation' protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field 'allow_infinite_fallback' is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.", + "Severity": "UNKNOWN", + "References": [ + "https://git.kernel.org/stable/c/659da22dee5ff316ba63bdaeeac7b58b5442f6c2", + "https://git.kernel.org/stable/c/7c96d519ee15a130842a6513530b4d20acd2bfcd", + "https://git.kernel.org/stable/c/def5b7b2643ebba696fc60ddf675dca13f073486", + "https://git.kernel.org/stable/c/f81b6fbe13c7fc413b5158cdffc6a59391a2a8db" + ], + "PublishedDate": "2025-08-16T12:15:31.4Z", + "LastModifiedDate": "2025-08-16T12:15:31.4Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "9a6da06303db8b93" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2007-5686", + "PkgID": "login.defs@1:4.17.4-2", + "PkgName": "login.defs", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "b2ebc9108569350a" + }, + "InstalledVersion": "1:4.17.4-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", + "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V2Score": 4.9 + } + }, + "References": [ + "http://secunia.com/advisories/27215", + "http://www.securityfocus.com/archive/1/482129/100/100/threaded", + "http://www.securityfocus.com/archive/1/482857/100/0/threaded", + "http://www.securityfocus.com/bid/26048", + "http://www.vupen.com/english/advisories/2007/3474", + "https://issues.rpath.com/browse/RPL-1825" + ], + "PublishedDate": "2007-10-28T17:08:00Z", + "LastModifiedDate": "2024-11-21T00:38:27.587Z" + }, + { + "VulnerabilityID": "CVE-2024-56433", + "PkgID": "login.defs@1:4.17.4-2", + "PkgName": "login.defs", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "b2ebc9108569350a" + }, + "InstalledVersion": "1:4.17.4-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "Description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1188" + ], + "VendorSeverity": { + "azure": 1, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 3.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-56433", + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4", + "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "https://www.cve.org/CVERecord?id=CVE-2024-56433" + ], + "PublishedDate": "2024-12-26T09:15:07.267Z", + "LastModifiedDate": "2024-12-26T09:15:07.267Z" + }, + { + "VulnerabilityID": "TEMP-0628843-DBAD28", + "PkgID": "login.defs@1:4.17.4-2", + "PkgName": "login.defs", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.0\u0026epoch=1", + "UID": "b2ebc9108569350a" + }, + "InstalledVersion": "1:4.17.4-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[more related to CVE-2005-4890]", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1 + } + }, + { + "VulnerabilityID": "CVE-2008-1687", + "PkgID": "m4@1.4.19-8", + "PkgName": "m4", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/m4@1.4.19-8?arch=amd64\u0026distro=debian-13.0", + "UID": "3596c6e658e1426c" + }, + "InstalledVersion": "1.4.19-8", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2008-1687", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "m4: unquoted output of maketemp and mkstemp", + "Description": "The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + } + }, + "References": [ + "http://secunia.com/advisories/29671", + "http://secunia.com/advisories/29729", + "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.510612", + "http://www.openwall.com/lists/oss-security/2008/04/07/1", + "http://www.openwall.com/lists/oss-security/2008/04/07/12", + "http://www.openwall.com/lists/oss-security/2008/04/07/3", + "http://www.openwall.com/lists/oss-security/2008/04/07/4", + "http://www.securityfocus.com/bid/28688", + "http://www.vupen.com/english/advisories/2008/1151/references", + "https://access.redhat.com/security/cve/CVE-2008-1687", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/41706", + "https://nvd.nist.gov/vuln/detail/CVE-2008-1687", + "https://www.cve.org/CVERecord?id=CVE-2008-1687" + ], + "PublishedDate": "2008-04-09T19:05:00Z", + "LastModifiedDate": "2024-11-21T00:45:06.03Z" + }, + { + "VulnerabilityID": "CVE-2008-1688", + "PkgID": "m4@1.4.19-8", + "PkgName": "m4", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/m4@1.4.19-8?arch=amd64\u0026distro=debian-13.0", + "UID": "3596c6e658e1426c" + }, + "InstalledVersion": "1.4.19-8", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2008-1688", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "m4: code execution via -F argument", + "Description": "Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V2Score": 7.5 + } + }, + "References": [ + "http://osvdb.org/44272", + "http://secunia.com/advisories/29671", + "http://secunia.com/advisories/29729", + "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.510612", + "http://www.openwall.com/lists/oss-security/2008/04/07/1", + "http://www.openwall.com/lists/oss-security/2008/04/07/3", + "http://www.securityfocus.com/bid/28688", + "http://www.vupen.com/english/advisories/2008/1151/references", + "https://access.redhat.com/security/cve/CVE-2008-1688", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/41704", + "https://nvd.nist.gov/vuln/detail/CVE-2008-1688", + "https://www.cve.org/CVERecord?id=CVE-2008-1688" + ], + "PublishedDate": "2008-04-09T19:05:00Z", + "LastModifiedDate": "2024-11-21T00:45:06.213Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.0", + "UID": "c6fdc5cf989db569" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + }, + { + "VulnerabilityID": "CVE-2025-6141", + "PkgID": "ncurses-base@6.5+20250216-2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.0", + "UID": "76a1fb5936f344dc" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "gnu-ncurses: ncurses Stack Buffer Overflow", + "Description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-121" + ], + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-6141", + "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-6141", + "https://vuldb.com/?ctiid.312610", + "https://vuldb.com/?id.312610", + "https://vuldb.com/?submit.593000", + "https://www.cve.org/CVERecord?id=CVE-2025-6141", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-06-16T22:16:41.527Z", + "LastModifiedDate": "2025-06-17T20:50:23.507Z" + }, + { + "VulnerabilityID": "CVE-2025-6141", + "PkgID": "ncurses-bin@6.5+20250216-2", + "PkgName": "ncurses-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.0", + "UID": "d03e89ad6a7a5243" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "gnu-ncurses: ncurses Stack Buffer Overflow", + "Description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119", + "CWE-121" + ], + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-6141", + "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-6141", + "https://vuldb.com/?ctiid.312610", + "https://vuldb.com/?id.312610", + "https://vuldb.com/?submit.593000", + "https://www.cve.org/CVERecord?id=CVE-2025-6141", + "https://www.gnu.org/" + ], + "PublishedDate": "2025-06-16T22:16:41.527Z", + "LastModifiedDate": "2025-06-17T20:50:23.507Z" + }, + { + "VulnerabilityID": "CVE-2007-2243", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-2243", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...", + "Description": "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.", + "Severity": "LOW", + "CweIDs": [ + "CWE-287" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V2Score": 5 + } + }, + "References": [ + "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html", + "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html", + "http://securityreason.com/securityalert/2631", + "http://www.osvdb.org/34600", + "http://www.securityfocus.com/bid/23601", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794", + "https://security.netapp.com/advisory/ntap-20191107-0003/" + ], + "PublishedDate": "2007-04-25T16:19:00Z", + "LastModifiedDate": "2024-11-21T00:30:17.013Z" + }, + { + "VulnerabilityID": "CVE-2007-2768", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-2768", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...", + "Description": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V2Score": 4.3 + } + }, + "References": [ + "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html", + "http://www.osvdb.org/34601", + "https://nvd.nist.gov/vuln/detail/CVE-2007-2768", + "https://security.netapp.com/advisory/ntap-20191107-0002/" + ], + "PublishedDate": "2007-05-21T20:30:00Z", + "LastModifiedDate": "2024-11-21T00:31:36.827Z" + }, + { + "VulnerabilityID": "CVE-2008-3234", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2008-3234", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...", + "Description": "sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "V2Score": 6.5 + } + }, + "References": [ + "http://www.securityfocus.com/bid/30276", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/44037", + "https://www.exploit-db.com/exploits/6094" + ], + "PublishedDate": "2008-07-18T16:41:00Z", + "LastModifiedDate": "2024-11-21T00:48:46.157Z" + }, + { + "VulnerabilityID": "CVE-2016-20012", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-20012", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssh: Public key information leak", + "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", + "Severity": "LOW", + "VendorSeverity": { + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2016-20012", + "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265", + "https://github.com/openssh/openssh-portable/pull/270", + "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097", + "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185", + "https://nvd.nist.gov/vuln/detail/CVE-2016-20012", + "https://rushter.com/blog/public-ssh-keys/", + "https://security.netapp.com/advisory/ntap-20211014-0005/", + "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak", + "https://www.cve.org/CVERecord?id=CVE-2016-20012", + "https://www.openwall.com/lists/oss-security/2018/08/24/1" + ], + "PublishedDate": "2021-09-15T20:15:07.31Z", + "LastModifiedDate": "2024-11-21T02:47:33.24Z" + }, + { + "VulnerabilityID": "CVE-2018-15919", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15919", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssh: User enumeration via malformed packets in authentication requests", + "Description": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'", + "Severity": "LOW", + "CweIDs": [ + "CWE-200" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/oss-sec/2018/q3/180", + "http://www.securityfocus.com/bid/105163", + "https://access.redhat.com/security/cve/CVE-2018-15919", + "https://nvd.nist.gov/vuln/detail/CVE-2018-15919", + "https://security.netapp.com/advisory/ntap-20181221-0001/", + "https://www.cve.org/CVERecord?id=CVE-2018-15919" + ], + "PublishedDate": "2018-08-28T08:29:00.207Z", + "LastModifiedDate": "2024-11-21T03:51:43.11Z" + }, + { + "VulnerabilityID": "CVE-2019-6110", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6110", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client output", + "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", + "Severity": "LOW", + "CweIDs": [ + "CWE-838" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V2Score": 4, + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2019-6110", + "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", + "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", + "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", + "https://nvd.nist.gov/vuln/detail/CVE-2019-6110", + "https://security.gentoo.org/glsa/201903-16", + "https://security.netapp.com/advisory/ntap-20190213-0001/", + "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", + "https://www.cve.org/CVERecord?id=CVE-2019-6110", + "https://www.exploit-db.com/exploits/46193/" + ], + "PublishedDate": "2019-01-31T18:29:00.807Z", + "LastModifiedDate": "2024-11-21T04:45:57.737Z" + }, + { + "VulnerabilityID": "CVE-2020-14145", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14145", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssh: Observable discrepancy leading to an information leak in the algorithm negotiation", + "Description": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2020/12/02/1", + "https://access.redhat.com/security/cve/CVE-2020-14145", + "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", + "https://docs.ssh-mitm.at/CVE-2020-14145.html", + "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", + "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", + "https://linux.oracle.com/cve/CVE-2020-14145.html", + "https://linux.oracle.com/errata/ELSA-2021-4368.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-14145", + "https://security.gentoo.org/glsa/202105-35", + "https://security.netapp.com/advisory/ntap-20200709-0004/", + "https://www.cve.org/CVERecord?id=CVE-2020-14145", + "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/" + ], + "PublishedDate": "2020-06-29T18:15:11.94Z", + "LastModifiedDate": "2024-11-21T05:02:44.08Z" + }, + { + "VulnerabilityID": "CVE-2020-15778", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15778", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssh: scp allows command injection when using backtick characters in the destination argument", + "Description": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"", + "Severity": "LOW", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.1 + } + }, + "References": [ + "https://access.redhat.com/articles/5284081", + "https://access.redhat.com/errata/RHSA-2024:3166", + "https://access.redhat.com/security/cve/CVE-2020-15778", + "https://bugzilla.redhat.com/1860487", + "https://bugzilla.redhat.com/show_bug.cgi?id=1860487", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778", + "https://errata.almalinux.org/8/ALSA-2024-3166.html", + "https://errata.rockylinux.org/RLSA-2024:3166", + "https://github.com/cpandya2909/CVE-2020-15778", + "https://github.com/cpandya2909/CVE-2020-15778/", + "https://linux.oracle.com/cve/CVE-2020-15778.html", + "https://linux.oracle.com/errata/ELSA-2024-3166.html", + "https://news.ycombinator.com/item?id=25005567", + "https://nvd.nist.gov/vuln/detail/CVE-2020-15778", + "https://security.gentoo.org/glsa/202212-06", + "https://security.netapp.com/advisory/ntap-20200731-0007/", + "https://www.cve.org/CVERecord?id=CVE-2020-15778", + "https://www.openssh.com/security.html" + ], + "PublishedDate": "2020-07-24T14:15:12.45Z", + "LastModifiedDate": "2025-07-28T18:12:45.213Z" + }, + { + "VulnerabilityID": "CVE-2023-51767", + "PkgID": "openssh-client@1:10.0p1-7", + "PkgName": "openssh-client", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/openssh-client@10.0p1-7?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "1e344ec6e2a87912" + }, + "InstalledVersion": "1:10.0p1-7", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-51767", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "openssh: authentication bypass via row hammer attack", + "Description": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-51767", + "https://arxiv.org/abs/2309.02545", + "https://bugzilla.redhat.com/show_bug.cgi?id=2255850", + "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77", + "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878", + "https://nvd.nist.gov/vuln/detail/CVE-2023-51767", + "https://security.netapp.com/advisory/ntap-20240125-0006/", + "https://ubuntu.com/security/CVE-2023-51767", + "https://www.cve.org/CVERecord?id=CVE-2023-51767" + ], + "PublishedDate": "2023-12-24T07:15:07.41Z", + "LastModifiedDate": "2024-11-21T08:38:45.39Z" + }, + { + "VulnerabilityID": "CVE-2007-5686", + "PkgID": "passwd@1:4.17.4-2", + "PkgName": "passwd", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "5e15080d1eeaf8e8" + }, + "InstalledVersion": "1:4.17.4-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", + "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-264" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", + "V2Score": 4.9 + } + }, + "References": [ + "http://secunia.com/advisories/27215", + "http://www.securityfocus.com/archive/1/482129/100/100/threaded", + "http://www.securityfocus.com/archive/1/482857/100/0/threaded", + "http://www.securityfocus.com/bid/26048", + "http://www.vupen.com/english/advisories/2007/3474", + "https://issues.rpath.com/browse/RPL-1825" + ], + "PublishedDate": "2007-10-28T17:08:00Z", + "LastModifiedDate": "2024-11-21T00:38:27.587Z" + }, + { + "VulnerabilityID": "CVE-2024-56433", + "PkgID": "passwd@1:4.17.4-2", + "PkgName": "passwd", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "5e15080d1eeaf8e8" + }, + "InstalledVersion": "1:4.17.4-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "Description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1188" + ], + "VendorSeverity": { + "azure": 1, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 3.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-56433", + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4", + "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "https://www.cve.org/CVERecord?id=CVE-2024-56433" + ], + "PublishedDate": "2024-12-26T09:15:07.267Z", + "LastModifiedDate": "2024-12-26T09:15:07.267Z" + }, + { + "VulnerabilityID": "TEMP-0628843-DBAD28", + "PkgID": "passwd@1:4.17.4-2", + "PkgName": "passwd", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.0\u0026epoch=1", + "UID": "5e15080d1eeaf8e8" + }, + "InstalledVersion": "1:4.17.4-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[more related to CVE-2005-4890]", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1 + } + }, + { + "VulnerabilityID": "CVE-2010-4651", + "PkgID": "patch@2.8-2", + "PkgName": "patch", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/patch@2.8-2?arch=amd64\u0026distro=debian-13.0", + "UID": "92b79b8794d95d" + }, + "InstalledVersion": "2.8-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4651", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "patch: directory traversal flaw allows for arbitrary file creation", + "Description": "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.", + "Severity": "LOW", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", + "V2Score": 5.8 + }, + "redhat": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "V2Score": 2.1 + } + }, + "References": [ + "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1", + "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html", + "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html", + "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html", + "http://openwall.com/lists/oss-security/2011/01/05/10", + "http://openwall.com/lists/oss-security/2011/01/06/19", + "http://openwall.com/lists/oss-security/2011/01/06/20", + "http://openwall.com/lists/oss-security/2011/01/06/21", + "http://secunia.com/advisories/43663", + "http://secunia.com/advisories/43677", + "http://support.apple.com/kb/HT4723", + "http://www.securityfocus.com/bid/46768", + "http://www.vupen.com/english/advisories/2011/0600", + "https://access.redhat.com/security/cve/CVE-2010-4651", + "https://bugzilla.redhat.com/show_bug.cgi?id=667529", + "https://nvd.nist.gov/vuln/detail/CVE-2010-4651", + "https://ubuntu.com/security/notices/USN-2651-1", + "https://www.cve.org/CVERecord?id=CVE-2010-4651" + ], + "PublishedDate": "2011-03-11T22:55:02.09Z", + "LastModifiedDate": "2025-04-11T00:51:21.963Z" + }, + { + "VulnerabilityID": "CVE-2018-6951", + "PkgID": "patch@2.8-2", + "PkgName": "patch", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/patch@2.8-2?arch=amd64\u0026distro=debian-13.0", + "UID": "92b79b8794d95d" + }, + "InstalledVersion": "2.8-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6951", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "patch: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash", + "Description": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "azure": 3, + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103044", + "https://access.redhat.com/security/cve/CVE-2018-6951", + "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a", + "https://nvd.nist.gov/vuln/detail/CVE-2018-6951", + "https://savannah.gnu.org/bugs/index.php?53132", + "https://security.gentoo.org/glsa/201904-17", + "https://ubuntu.com/security/notices/USN-3624-1", + "https://usn.ubuntu.com/3624-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-6951" + ], + "PublishedDate": "2018-02-13T19:29:00.51Z", + "LastModifiedDate": "2024-11-21T04:11:28.273Z" + }, + { + "VulnerabilityID": "CVE-2018-6952", + "PkgID": "patch@2.8-2", + "PkgName": "patch", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/patch@2.8-2?arch=amd64\u0026distro=debian-13.0", + "UID": "92b79b8794d95d" + }, + "InstalledVersion": "2.8-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "patch: Double free of memory in pch.c:another_hunk() causes a crash", + "Description": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.", + "Severity": "LOW", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "oracle-oval": 1, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/103047", + "https://access.redhat.com/errata/RHSA-2019:2033", + "https://access.redhat.com/security/cve/CVE-2018-6952", + "https://linux.oracle.com/cve/CVE-2018-6952.html", + "https://linux.oracle.com/errata/ELSA-2019-2033.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-6952", + "https://savannah.gnu.org/bugs/index.php?53133", + "https://security.gentoo.org/glsa/201904-17", + "https://www.cve.org/CVERecord?id=CVE-2018-6952" + ], + "PublishedDate": "2018-02-13T19:29:00.573Z", + "LastModifiedDate": "2024-11-21T04:11:28.42Z" + }, + { + "VulnerabilityID": "CVE-2021-45261", + "PkgID": "patch@2.8-2", + "PkgName": "patch", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/patch@2.8-2?arch=amd64\u0026distro=debian-13.0", + "UID": "92b79b8794d95d" + }, + "InstalledVersion": "2.8-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "patch: Invalid Pointer via another_hunk function", + "Description": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.", + "Severity": "LOW", + "CweIDs": [ + "CWE-763" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-45261", + "https://nvd.nist.gov/vuln/detail/CVE-2021-45261", + "https://savannah.gnu.org/bugs/?61685", + "https://www.cve.org/CVERecord?id=CVE-2021-45261" + ], + "PublishedDate": "2021-12-22T18:15:08.1Z", + "LastModifiedDate": "2024-11-21T06:32:02.633Z" + }, + { + "VulnerabilityID": "CVE-2011-4116", + "PkgID": "perl@5.40.1-6", + "PkgName": "perl", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/perl@5.40.1-6?arch=amd64\u0026distro=debian-13.0", + "UID": "8dace0e06553a406" + }, + "InstalledVersion": "5.40.1-6", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "perl: File:: Temp insecure temporary file handling", + "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 1.5, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2011/11/04/2", + "http://www.openwall.com/lists/oss-security/2011/11/04/4", + "https://access.redhat.com/security/cve/CVE-2011-4116", + "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", + "https://nvd.nist.gov/vuln/detail/CVE-2011-4116", + "https://rt.cpan.org/Public/Bug/Display.html?id=69106", + "https://seclists.org/oss-sec/2011/q4/238", + "https://www.cve.org/CVERecord?id=CVE-2011-4116" + ], + "PublishedDate": "2020-01-31T18:15:11.343Z", + "LastModifiedDate": "2025-08-04T19:04:38.29Z" + }, + { + "VulnerabilityID": "CVE-2011-4116", + "PkgID": "perl-base@5.40.1-6", + "PkgName": "perl-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.0", + "UID": "17f06da2c02a11c6" + }, + "InstalledVersion": "5.40.1-6", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "perl: File:: Temp insecure temporary file handling", + "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 1.5, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2011/11/04/2", + "http://www.openwall.com/lists/oss-security/2011/11/04/4", + "https://access.redhat.com/security/cve/CVE-2011-4116", + "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", + "https://nvd.nist.gov/vuln/detail/CVE-2011-4116", + "https://rt.cpan.org/Public/Bug/Display.html?id=69106", + "https://seclists.org/oss-sec/2011/q4/238", + "https://www.cve.org/CVERecord?id=CVE-2011-4116" + ], + "PublishedDate": "2020-01-31T18:15:11.343Z", + "LastModifiedDate": "2025-08-04T19:04:38.29Z" + }, + { + "VulnerabilityID": "CVE-2011-4116", + "PkgID": "perl-modules-5.40@5.40.1-6", + "PkgName": "perl-modules-5.40", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/perl-modules-5.40@5.40.1-6?arch=all\u0026distro=debian-13.0", + "UID": "99273aa6c35f7b1f" + }, + "InstalledVersion": "5.40.1-6", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "perl: File:: Temp insecure temporary file handling", + "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", + "Severity": "LOW", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1, + "redhat": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:S/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 1.5, + "V3Score": 3.3 + }, + "redhat": { + "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", + "V2Score": 1.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2011/11/04/2", + "http://www.openwall.com/lists/oss-security/2011/11/04/4", + "https://access.redhat.com/security/cve/CVE-2011-4116", + "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", + "https://nvd.nist.gov/vuln/detail/CVE-2011-4116", + "https://rt.cpan.org/Public/Bug/Display.html?id=69106", + "https://seclists.org/oss-sec/2011/q4/238", + "https://www.cve.org/CVERecord?id=CVE-2011-4116" + ], + "PublishedDate": "2020-01-31T18:15:11.343Z", + "LastModifiedDate": "2025-08-04T19:04:38.29Z" + }, + { + "VulnerabilityID": "CVE-2025-8714", + "PkgID": "postgresql-client-17@17.5-1", + "PkgName": "postgresql-client-17", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/postgresql-client-17@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "f52d8e03fbfbb93d" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8714", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL code execution in restore operation", + "Description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8714", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "https://www.cve.org/CVERecord?id=CVE-2025-8714", + "https://www.postgresql.org/support/security/CVE-2025-8714/" + ], + "PublishedDate": "2025-08-14T13:15:37.717Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2025-8715", + "PkgID": "postgresql-client-17@17.5-1", + "PkgName": "postgresql-client-17", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/postgresql-client-17@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "f52d8e03fbfbb93d" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8715", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL executes arbitrary code in restore operation", + "Description": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-93" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 8.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8715", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8715", + "https://www.cve.org/CVERecord?id=CVE-2025-8715", + "https://www.postgresql.org/support/security/CVE-2025-8715/" + ], + "PublishedDate": "2025-08-14T13:15:37.88Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2025-8713", + "PkgID": "postgresql-client-17@17.5-1", + "PkgName": "postgresql-client-17", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/postgresql-client-17@17.5-1?arch=amd64\u0026distro=debian-13.0", + "UID": "f52d8e03fbfbb93d" + }, + "InstalledVersion": "17.5-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8713", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table", + "Description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1230" + ], + "VendorSeverity": { + "redhat": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8713", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "https://www.cve.org/CVERecord?id=CVE-2025-8713", + "https://www.postgresql.org/support/security/CVE-2025-8713/" + ], + "PublishedDate": "2025-08-14T13:15:37.543Z", + "LastModifiedDate": "2025-08-15T13:13:07.817Z" + }, + { + "VulnerabilityID": "CVE-2018-21232", + "PkgID": "re2c@4.1-1", + "PkgName": "re2c", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/re2c@4.1-1?arch=amd64\u0026distro=debian-13.0", + "UID": "c309183c13b1c7fe" + }, + "InstalledVersion": "4.1-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:ca475d4b690e6dea04714e9bc385b0d86fab2dbdec277827b07ece2a556d6e87", + "DiffID": "sha256:0cb3869030fee8c941ca91a61806b3a05efaa2027364913cd589f6e76ccc819e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-21232", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "re2c: uncontrolled recursion that causes stack consumption in find_fixed_tags", + "Description": "re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.", + "Severity": "LOW", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2020/05/14/4", + "https://access.redhat.com/security/cve/CVE-2018-21232", + "https://github.com/skvadrik/re2c/issues/219", + "https://nvd.nist.gov/vuln/detail/CVE-2018-21232", + "https://www.cve.org/CVERecord?id=CVE-2018-21232", + "https://www.openwall.com/lists/oss-security/2020/04/27/2" + ], + "PublishedDate": "2020-04-29T14:15:14.417Z", + "LastModifiedDate": "2024-11-21T04:03:14.603Z" + }, + { + "VulnerabilityID": "TEMP-0517018-A83CE6", + "PkgID": "sysvinit-utils@3.14-4", + "PkgName": "sysvinit-utils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.0", + "UID": "c7e8999242a896a1" + }, + "InstalledVersion": "3.14-4", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1 + } + }, + { + "VulnerabilityID": "CVE-2025-45582", + "PkgID": "tar@1.35+dfsg-3.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.0", + "UID": "50aee76d081ea925" + }, + "InstalledVersion": "1.35+dfsg-3.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "tar: Tar path traversal", + "Description": "GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of \"Member name contains '..'\" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain \"x -\u003e ../../../../../home/victim/.ssh\" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which \"tar xf\" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-24" + ], + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-45582", + "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md", + "https://nvd.nist.gov/vuln/detail/CVE-2025-45582", + "https://www.cve.org/CVERecord?id=CVE-2025-45582", + "https://www.gnu.org/software/tar/", + "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity" + ], + "PublishedDate": "2025-07-11T17:15:37.183Z", + "LastModifiedDate": "2025-07-17T13:09:39.997Z" + }, + { + "VulnerabilityID": "CVE-2005-2541", + "PkgID": "tar@1.35+dfsg-3.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.0", + "UID": "50aee76d081ea925" + }, + "InstalledVersion": "1.35+dfsg-3.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "tar: does not properly warn the user when extracting setuid or setgid files", + "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V2Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://marc.info/?l=bugtraq\u0026m=112327628230258\u0026w=2", + "https://access.redhat.com/security/cve/CVE-2005-2541", + "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2005-2541", + "https://www.cve.org/CVERecord?id=CVE-2005-2541" + ], + "PublishedDate": "2005-08-10T04:00:00Z", + "LastModifiedDate": "2025-04-03T01:03:51.193Z" + }, + { + "VulnerabilityID": "TEMP-0290435-0B57B5", + "PkgID": "tar@1.35+dfsg-3.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.0", + "UID": "50aee76d081ea925" + }, + "InstalledVersion": "1.35+dfsg-3.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[tar's rmt command may have undesired side effects]", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1 + } + }, + { + "VulnerabilityID": "CVE-2021-4217", + "PkgID": "unzip@6.0-29", + "PkgName": "unzip", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/unzip@6.0-29?arch=amd64\u0026distro=debian-13.0", + "UID": "46c2f6af70012a53" + }, + "InstalledVersion": "6.0-29", + "Status": "affected", + "Layer": { + "Digest": "sha256:a390b45b895de2e977e0543fdfb6fc8936108dcd5ce45fdccd50480ca03f6751", + "DiffID": "sha256:ca79fd2c0e371eeb80b9f4b15563a9d8b3720ac84b0216cfea4e14ff8e83137e" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4217", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "unzip: Null pointer dereference in Unicode strings code", + "Description": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "debian": 1, + "nvd": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-4217", + "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044583", + "https://nvd.nist.gov/vuln/detail/CVE-2021-4217", + "https://ubuntu.com/security/notices/USN-5673-1", + "https://ubuntu.com/security/notices/USN-7054-1", + "https://www.cve.org/CVERecord?id=CVE-2021-4217" + ], + "PublishedDate": "2022-08-24T16:15:10.09Z", + "LastModifiedDate": "2024-11-21T06:37:10.35Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.0", + "UID": "38be4846f19b7fa" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:396b1da7636e2dcd10565cb4f2f952cbb4a8a38b58d3b86a2cacb172fb70117c", + "DiffID": "sha256:e6a3842ebc7f5e41d8a38f19a0aa5ea56c255475695ac6682882420800cf5465" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "VendorSeverity": { + "amazon": 2, + "cbl-mariner": 2, + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.gentoo.org/glsa/202401-08", + "https://security.netapp.com/advisory/ntap-20220331-0002/", + "https://www.cve.org/CVERecord?id=CVE-2022-0563" + ], + "PublishedDate": "2022-02-21T19:15:08.393Z", + "LastModifiedDate": "2025-06-09T16:15:33.237Z" + } + ] + }, + { + "Target": "var/www/vendor/composer/installed.json", + "Class": "lang-pkgs", + "Type": "composer-vendor", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-54068", + "PkgID": "livewire/livewire@v3.6.3", + "PkgName": "livewire/livewire", + "PkgIdentifier": { + "PURL": "pkg:composer/livewire/livewire@v3.6.3", + "UID": "1a6bc4e7734a4e27" + }, + "InstalledVersion": "v3.6.3", + "FixedVersion": "3.6.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:252a0cf4c03147cf34a3e9015e28e7dc1c5a77686219c2e5da96b6735e2af495", + "DiffID": "sha256:76f2061ac544b49fe20384d63c8228fb0fb50770cece82674737fbe1e2860da7" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-54068", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Composer", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Acomposer" + }, + "Title": "Livewire is vulnerable to remote command execution during component property update hydration", + "Description": "Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "ghsa": 4 + }, + "References": [ + "https://github.com/livewire/livewire", + "https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc", + "https://github.com/livewire/livewire/releases/tag/v3.6.4", + "https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3", + "https://nvd.nist.gov/vuln/detail/CVE-2025-54068" + ], + "PublishedDate": "2025-07-17T19:15:25.47Z", + "LastModifiedDate": "2025-07-17T21:15:50.197Z" + } + ] + } + ] +}