Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/06/GHSA-89w5-xc64-fw9r/GHSA-89w5-xc64-fw9r.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89w5-xc64-fw9r",
-  "modified": "2024-07-03T18:45:28Z",
+  "modified": "2026-01-20T21:31:29Z",
   "published": "2024-06-14T21:30:54Z",
   "aliases": [
     "CVE-2024-36600"
@@ -19,6 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36600"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libcdio/libcdio/pull/32"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libcdio/libcdio/pull/46"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292833"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600"

advisories/unreviewed/2025/02/GHSA-gf66-v569-23vx/GHSA-gf66-v569-23vx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gf66-v569-23vx",
-  "modified": "2025-02-04T18:30:48Z",
+  "modified": "2026-01-20T21:31:29Z",
   "published": "2025-02-03T21:31:50Z",
   "aliases": [
     "CVE-2025-22978"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/elunez/eladmin/issues/863"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/elunez/eladmin/commit/d6a16e9afc0a3b96a56f1a24ed167e1beec6ce2f"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/03/GHSA-j48m-433v-3q7r/GHSA-j48m-433v-3q7r.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j48m-433v-3q7r",
-  "modified": "2025-03-21T21:31:38Z",
+  "modified": "2026-01-20T21:31:29Z",
   "published": "2025-03-20T18:30:30Z",
   "aliases": [
     "CVE-2024-57440"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57440"
     },
+    {
+      "type": "WEB",
+      "url": "https://blog.sparrrgh.me/fuzzing/embedded/2025/01/26/fuzzing-embedded-systems-2.html"
+    },
     {
       "type": "WEB",
       "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10418"

advisories/unreviewed/2025/07/GHSA-cw3g-mjrp-g48q/GHSA-cw3g-mjrp-g48q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cw3g-mjrp-g48q",
-  "modified": "2025-07-29T18:30:34Z",
+  "modified": "2026-01-20T21:31:30Z",
   "published": "2025-07-29T18:30:34Z",
   "aliases": [
     "CVE-2025-44137"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/maptiler/tileserver-php/issues/167"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/maptiler/tileserver-php/commit/4fe14e6164bbe2a3f9e3b3d7acf303e3ec210c8e"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/mheranco/CVE-2025-44137"

advisories/unreviewed/2025/07/GHSA-vqm9-87vr-9765/GHSA-vqm9-87vr-9765.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vqm9-87vr-9765",
-  "modified": "2025-07-24T21:30:39Z",
+  "modified": "2026-01-20T21:31:29Z",
   "published": "2025-07-24T21:30:39Z",
   "aliases": [
     "CVE-2025-45731"
@@ -22,6 +22,10 @@
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45731"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Bubka/2FAuth/commit/b82a7eb604ddfe994fadce7db3a9e4a201c54a83"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/09/GHSA-46f8-9r54-mw7h/GHSA-46f8-9r54-mw7h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-46f8-9r54-mw7h",
-  "modified": "2025-11-03T18:31:43Z",
+  "modified": "2026-01-20T21:31:30Z",
   "published": "2025-09-23T06:30:27Z",
   "aliases": [
     "CVE-2025-39877"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix use-after-free in state_show()\n\nstate_show() reads kdamond->damon_ctx without holding damon_sysfs_lock. \nThis allows a use-after-free race:\n\nCPU 0                         CPU 1\n-----                         -----\nstate_show()                  damon_sysfs_turn_damon_on()\nctx = kdamond->damon_ctx;     mutex_lock(&damon_sysfs_lock);\n                              damon_destroy_ctx(kdamond->damon_ctx);\n                              kdamond->damon_ctx = NULL;\n                              mutex_unlock(&damon_sysfs_lock);\ndamon_is_running(ctx);        /* ctx is freed */\nmutex_lock(&ctx->kdamond_lock); /* UAF */\n\n(The race can also occur with damon_sysfs_kdamonds_rm_dirs() and\ndamon_sysfs_kdamond_release(), which free or replace the context under\ndamon_sysfs_lock.)\n\nFix by taking damon_sysfs_lock before dereferencing the context, mirroring\nthe locking used in pid_show().\n\nThe bug has existed since state_show() first accessed kdamond->damon_ctx.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-23T06:15:47Z"

advisories/unreviewed/2025/09/GHSA-88fr-f63h-6pq4/GHSA-88fr-f63h-6pq4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-88fr-f63h-6pq4",
-  "modified": "2025-11-03T18:31:43Z",
+  "modified": "2026-01-20T21:31:30Z",
   "published": "2025-09-23T06:30:27Z",
   "aliases": [
     "CVE-2025-39876"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-23T06:15:47Z"

advisories/unreviewed/2025/09/GHSA-9mp7-jx47-xv3h/GHSA-9mp7-jx47-xv3h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9mp7-jx47-xv3h",
-  "modified": "2025-11-03T18:31:43Z",
+  "modified": "2026-01-20T21:31:30Z",
   "published": "2025-09-23T06:30:27Z",
   "aliases": [
     "CVE-2025-39873"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB\n\ncan_put_echo_skb() takes ownership of the SKB and it may be freed\nduring or after the call.\n\nHowever, xilinx_can xcan_write_frame() keeps using SKB after the call.\n\nFix that by only calling can_put_echo_skb() after the code is done\ntouching the SKB.\n\nThe tx_lock is held for the entire xcan_write_frame() execution and\nalso on the can_get_echo_skb() side so the order of operations does not\nmatter.\n\nAn earlier fix commit 3d3c817c3a40 (\"can: xilinx_can: Fix usage of skb\nmemory\") did not move the can_put_echo_skb() call far enough.\n\n[mkl: add \"commit\" in front of sha1 in patch description]\n[mkl: fix indention]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-23T06:15:46Z"

advisories/unreviewed/2025/09/GHSA-9xqw-2922-vh7m/GHSA-9xqw-2922-vh7m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9xqw-2922-vh7m",
-  "modified": "2025-11-03T18:31:42Z",
+  "modified": "2026-01-20T21:31:30Z",
   "published": "2025-09-22T21:30:18Z",
   "aliases": [
     "CVE-2025-39865"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: fix NULL pointer dereference in tee_shm_put\n\ntee_shm_put have NULL pointer dereference:\n\n__optee_disable_shm_cache -->\n\tshm = reg_pair_to_ptr(...);//shm maybe return NULL\n        tee_shm_free(shm); -->\n\t\ttee_shm_put(shm);//crash\n\nAdd check in tee_shm_put to fix it.\n\npanic log:\nUnable to handle kernel paging request at virtual address 0000000000100cca\nMem abort info:\nESR = 0x0000000096000004\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x04: level 0 translation fault\nData abort info:\nISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000002049d07000\n[0000000000100cca] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nCPU: 2 PID: 14442 Comm: systemd-sleep Tainted: P OE ------- ----\n6.6.0-39-generic #38\nSource Version: 938b255f6cb8817c95b0dd5c8c2944acfce94b07\nHardware name: greatwall GW-001Y1A-FTH, BIOS Great Wall BIOS V3.0\n10/26/2022\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tee_shm_put+0x24/0x188\nlr : tee_shm_free+0x14/0x28\nsp : ffff001f98f9faf0\nx29: ffff001f98f9faf0 x28: ffff0020df543cc0 x27: 0000000000000000\nx26: ffff001f811344a0 x25: ffff8000818dac00 x24: ffff800082d8d048\nx23: ffff001f850fcd18 x22: 0000000000000001 x21: ffff001f98f9fb88\nx20: ffff001f83e76218 x19: ffff001f83e761e0 x18: 000000000000ffff\nx17: 303a30303a303030 x16: 0000000000000000 x15: 0000000000000003\nx14: 0000000000000001 x13: 0000000000000000 x12: 0101010101010101\nx11: 0000000000000001 x10: 0000000000000001 x9 : ffff800080e08d0c\nx8 : ffff001f98f9fb88 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff001f83e761e0 x1 : 00000000ffff001f x0 : 0000000000100cca\nCall trace:\ntee_shm_put+0x24/0x188\ntee_shm_free+0x14/0x28\n__optee_disable_shm_cache+0xa8/0x108\noptee_shutdown+0x28/0x38\nplatform_shutdown+0x28/0x40\ndevice_shutdown+0x144/0x2b0\nkernel_power_off+0x3c/0x80\nhibernate+0x35c/0x388\nstate_store+0x64/0x80\nkobj_attr_store+0x14/0x28\nsysfs_kf_write+0x48/0x60\nkernfs_fop_write_iter+0x128/0x1c0\nvfs_write+0x270/0x370\nksys_write+0x6c/0x100\n__arm64_sys_write+0x20/0x30\ninvoke_syscall+0x4c/0x120\nel0_svc_common.constprop.0+0x44/0xf0\ndo_el0_svc+0x24/0x38\nel0_svc+0x24/0x88\nel0t_64_sync_handler+0x134/0x150\nel0t_64_sync+0x14c/0x15",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:45Z"

advisories/unreviewed/2025/09/GHSA-c3f5-89cx-rxg5/GHSA-c3f5-89cx-rxg5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c3f5-89cx-rxg5",
-  "modified": "2025-11-03T18:31:42Z",
+  "modified": "2026-01-20T21:31:30Z",
   "published": "2025-09-23T06:30:27Z",
   "aliases": [
     "CVE-2025-39870"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix double free in idxd_setup_wqs()\n\nThe clean up in idxd_setup_wqs() has had a couple bugs because the error\nhandling is a bit subtle.  It's simpler to just re-write it in a cleaner\nway.  The issues here are:\n\n1) If \"idxd->max_wqs\" is <= 0 then we call put_device(conf_dev) when\n   \"conf_dev\" hasn't been initialized.\n2) If kzalloc_node() fails then again \"conf_dev\" is invalid.  It's\n   either uninitialized or it points to the \"conf_dev\" from the\n   previous iteration so it leads to a double free.\n\nIt's better to free partial loop iterations within the loop and then\nthe unwinding at the end can handle whole loop iterations.  I also\nrenamed the labels to describe what the goto does and not where the goto\nwas located.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-415"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-23T06:15:46Z"