Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2021/12/GHSA-22hj-9cx7-p2hw/GHSA-22hj-9cx7-p2hw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-22hj-9cx7-p2hw",
-  "modified": "2026-02-03T15:30:21Z",
+  "modified": "2026-02-03T18:30:29Z",
   "published": "2021-12-14T00:00:44Z",
   "aliases": [
     "CVE-2021-39935"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/346187"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39935"
     }
   ],
   "database_specific": {

advisories/unreviewed/2022/05/GHSA-85h5-chmw-697j/GHSA-85h5-chmw-697j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-85h5-chmw-697j",
-  "modified": "2026-02-03T15:30:19Z",
+  "modified": "2026-02-03T18:30:27Z",
   "published": "2022-05-24T17:01:42Z",
   "aliases": [
     "CVE-2019-19006"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19006"
+    },
     {
       "type": "WEB",
       "url": "https://www.freepbx.org/category/blog"

advisories/unreviewed/2025/10/GHSA-2h76-3pqm-pm8j/GHSA-2h76-3pqm-pm8j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2h76-3pqm-pm8j",
-  "modified": "2025-10-07T18:31:11Z",
+  "modified": "2026-02-03T18:30:30Z",
   "published": "2025-10-07T18:31:11Z",
   "aliases": [
     "CVE-2023-53687"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:53Z"

advisories/unreviewed/2025/10/GHSA-6qhx-j6v2-cx4m/GHSA-6qhx-j6v2-cx4m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6qhx-j6v2-cx4m",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T18:30:29Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53680"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL\n\nOPDESC() simply indexes into nfsd4_ops[] by the op's operation\nnumber, without range checking that value. It assumes callers are\ncareful to avoid calling it with an out-of-bounds opnum value.\n\nnfsd4_decode_compound() is not so careful, and can invoke OPDESC()\nwith opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end\nof nfsd4_ops[].",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:52Z"

advisories/unreviewed/2025/10/GHSA-7h48-rq2g-79x4/GHSA-7h48-rq2g-79x4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7h48-rq2g-79x4",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T18:30:30Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53681"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split->bch_btree_node_alloc->__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:52Z"

advisories/unreviewed/2025/10/GHSA-8c2j-63gq-x4jc/GHSA-8c2j-63gq-x4jc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8c2j-63gq-x4jc",
-  "modified": "2025-10-07T18:31:11Z",
+  "modified": "2026-02-03T18:30:30Z",
   "published": "2025-10-07T18:31:11Z",
   "aliases": [
     "CVE-2023-53686"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock->sk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:52Z"

advisories/unreviewed/2025/10/GHSA-hvv3-fjwq-p2f6/GHSA-hvv3-fjwq-p2f6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hvv3-fjwq-p2f6",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T18:30:30Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53682"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (xgene) Fix ioremap and memremap leak\n\nSmatch reports:\n\ndrivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn:\n'ctx->pcc_comm_addr' from ioremap() not released on line: 757.\n\nThis is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(),\nioremap and memremap is not released, which may cause a leak.\n\nTo fix this, ioremap and memremap is modified to devm_ioremap and\ndevm_memremap.\n\n[groeck: Fixed formatting and subject]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:52Z"

advisories/unreviewed/2025/10/GHSA-j4vp-rrf4-3xj8/GHSA-j4vp-rrf4-3xj8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j4vp-rrf4-3xj8",
-  "modified": "2025-10-07T18:31:11Z",
+  "modified": "2026-02-03T18:30:30Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53683"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()\n\nsyzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for\ncrafted filesystem image can contain bogus length. There conditions are\nnot kernel bugs that can justify kernel to panic.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-617"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:52Z"

advisories/unreviewed/2025/10/GHSA-pmq6-ggff-fwmg/GHSA-pmq6-ggff-fwmg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmq6-ggff-fwmg",
-  "modified": "2025-10-07T18:31:11Z",
+  "modified": "2026-02-03T18:30:30Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53684"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Zero padding when dumping algos and encap\n\nWhen copying data to user-space we should ensure that only valid\ndata is copied over.  Padding in structures may be filled with\nrandom (possibly sensitve) data and should never be given directly\nto user-space.\n\nThis patch fixes the copying of xfrm algorithms and the encap\ntemplate in xfrm_user so that padding is zeroed.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:52Z"

advisories/unreviewed/2025/10/GHSA-q99f-whjq-3rrx/GHSA-q99f-whjq-3rrx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q99f-whjq-3rrx",
-  "modified": "2025-10-07T18:31:11Z",
+  "modified": "2026-02-03T18:30:30Z",
   "published": "2025-10-07T18:31:11Z",
   "aliases": [
     "CVE-2023-53685"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: Fix memory leak for detached NAPI queue.\n\nsyzkaller reported [0] memory leaks of sk and skb related to the TUN\ndevice with no repro, but we can reproduce it easily with:\n\n  struct ifreq ifr = {}\n  int fd_tun, fd_tmp;\n  char buf[4] = {};\n\n  fd_tun = openat(AT_FDCWD, \"/dev/net/tun\", O_WRONLY, 0);\n  ifr.ifr_flags = IFF_TUN | IFF_NAPI | IFF_MULTI_QUEUE;\n  ioctl(fd_tun, TUNSETIFF, &ifr);\n\n  ifr.ifr_flags = IFF_DETACH_QUEUE;\n  ioctl(fd_tun, TUNSETQUEUE, &ifr);\n\n  fd_tmp = socket(AF_PACKET, SOCK_PACKET, 0);\n  ifr.ifr_flags = IFF_UP;\n  ioctl(fd_tmp, SIOCSIFFLAGS, &ifr);\n\n  write(fd_tun, buf, sizeof(buf));\n  close(fd_tun);\n\nIf we enable NAPI and multi-queue on a TUN device, we can put skb into\ntfile->sk.sk_write_queue after the queue is detached.  We should prevent\nit by checking tfile->detached before queuing skb.\n\nNote this must be done under tfile->sk.sk_write_queue.lock because write()\nand ioctl(IFF_DETACH_QUEUE) can run concurrently.  Otherwise, there would\nbe a small race window:\n\n  write()                             ioctl(IFF_DETACH_QUEUE)\n  `- tun_get_user                     `- __tun_detach\n     |- if (tfile->detached)             |- tun_disable_queue\n     |  `-> false                        |  `- tfile->detached = tun\n     |                                   `- tun_queue_purge\n     |- spin_lock_bh(&queue->lock)\n     `- __skb_queue_tail(queue, skb)\n\nAnother solution is to call tun_queue_purge() when closing and\nreattaching the detached queue, but it could paper over another\nproblems.  Also, we do the same kind of test for IFF_NAPI_FRAGS.\n\n[0]:\nunreferenced object 0xffff88801edbc800 (size 2048):\n  comm \"syz-executor.1\", pid 33269, jiffies 4295743834 (age 18.756s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\n  backtrace:\n    [<000000008c16ea3d>] __do_kmalloc_node mm/slab_common.c:965 [inline]\n    [<000000008c16ea3d>] __kmalloc+0x4a/0x130 mm/slab_common.c:979\n    [<000000003addde56>] kmalloc include/linux/slab.h:563 [inline]\n    [<000000003addde56>] sk_prot_alloc+0xef/0x1b0 net/core/sock.c:2035\n    [<000000003e20621f>] sk_alloc+0x36/0x2f0 net/core/sock.c:2088\n    [<0000000028e43843>] tun_chr_open+0x3d/0x190 drivers/net/tun.c:3438\n    [<000000001b0f1f28>] misc_open+0x1a6/0x1f0 drivers/char/misc.c:165\n    [<000000004376f706>] chrdev_open+0x111/0x300 fs/char_dev.c:414\n    [<00000000614d379f>] do_dentry_open+0x2f9/0x750 fs/open.c:920\n    [<000000008eb24774>] do_open fs/namei.c:3636 [inline]\n    [<000000008eb24774>] path_openat+0x143f/0x1a30 fs/namei.c:3791\n    [<00000000955077b5>] do_filp_open+0xce/0x1c0 fs/namei.c:3818\n    [<00000000b78973b0>] do_sys_openat2+0xf0/0x260 fs/open.c:1356\n    [<00000000057be699>] do_sys_open fs/open.c:1372 [inline]\n    [<00000000057be699>] __do_sys_openat fs/open.c:1388 [inline]\n    [<00000000057be699>] __se_sys_openat fs/open.c:1383 [inline]\n    [<00000000057be699>] __x64_sys_openat+0x83/0xf0 fs/open.c:1383\n    [<00000000a7d2182d>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    [<00000000a7d2182d>] do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80\n    [<000000004cc4e8c4>] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nunreferenced object 0xffff88802f671700 (size 240):\n  comm \"syz-executor.1\", pid 33269, jiffies 4295743854 (age 18.736s)\n  hex dump (first 32 bytes):\n    68 c9 db 1e 80 88 ff ff 68 c9 db 1e 80 88 ff ff  h.......h.......\n    00 c0 7b 2f 80 88 ff ff 00 c8 db 1e 80 88 ff ff  ..{/............\n  backtrace:\n    [<00000000e9d9fdb6>] __alloc_skb+0x223/0x250 net/core/skbuff.c:644\n    [<000000002c3e4e0b>] alloc_skb include/linux/skbuff.h:1288 [inline]\n    [<000000002c3e4e0b>] alloc_skb_with_frags+0x6f/0x350 net/core/skbuff.c:6378\n    [<00000000825f98d7>] sock_alloc_send_pskb+0x3ac/0x3e0 net/core/sock.c:2729\n    [<00000000e9eb3df3>] tun_alloc_skb drivers/net/tun.c:1529 [inline]\n    [<\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:52Z"