Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/07/GHSA-3pvj-q7qj-89fg/GHSA-3pvj-q7qj-89fg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pvj-q7qj-89fg",
-  "modified": "2026-01-30T15:31:13Z",
+  "modified": "2026-02-04T00:30:26Z",
   "published": "2025-07-07T15:30:39Z",
   "aliases": [
     "CVE-2025-5987"
@@ -51,6 +51,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0978"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0980"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0985"

advisories/unreviewed/2025/09/GHSA-rxmq-8fwh-qv2c/GHSA-rxmq-8fwh-qv2c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rxmq-8fwh-qv2c",
-  "modified": "2025-09-13T18:30:55Z",
+  "modified": "2026-02-04T00:30:26Z",
   "published": "2025-09-13T18:30:55Z",
   "aliases": [
     "CVE-2025-10370"
@@ -42,6 +42,10 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.643522"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/52470"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/09/GHSA-xvh8-f5vg-49g2/GHSA-xvh8-f5vg-49g2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xvh8-f5vg-49g2",
-  "modified": "2025-09-18T15:30:32Z",
+  "modified": "2026-02-04T00:30:26Z",
   "published": "2025-09-18T15:30:32Z",
   "aliases": [
     "CVE-2025-10666"
@@ -46,6 +46,10 @@
     {
       "type": "WEB",
       "url": "https://www.dlink.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/52469"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/10/GHSA-28x7-22j7-wrcc/GHSA-28x7-22j7-wrcc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28x7-22j7-wrcc",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-04T00:30:28Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53650"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf 'mipid_detect()' fails, we must free 'md' to avoid a memory leak.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:48Z"

advisories/unreviewed/2025/10/GHSA-2v3f-c84w-3jx7/GHSA-2v3f-c84w-3jx7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2v3f-c84w-3jx7",
-  "modified": "2025-10-07T18:31:09Z",
+  "modified": "2026-02-04T00:30:26Z",
   "published": "2025-10-07T18:31:09Z",
   "aliases": [
     "CVE-2023-53627"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list\n\nWhen freeing slots in function slot_complete_v3_hw(), it is possible that\nsas_dev.list is being traversed elsewhere, and it may trigger a NULL\npointer exception, such as follows:\n\n==>cq thread                    ==>scsi_eh_6\n\n                                ==>scsi_error_handler()\n\t\t\t\t  ==>sas_eh_handle_sas_errors()\n\t\t\t\t    ==>sas_scsi_find_task()\n\t\t\t\t      ==>lldd_abort_task()\n==>slot_complete_v3_hw()              ==>hisi_sas_abort_task()\n  ==>hisi_sas_slot_task_free()\t        ==>dereg_device_v3_hw()\n    ==>list_del_init()        \t\t  ==>list_for_each_entry_safe()\n\n[ 7165.434918] sas: Enter sas_scsi_recover_host busy: 32 failed: 32\n[ 7165.434926] sas: trying to find task 0x00000000769b5ba5\n[ 7165.434927] sas: sas_scsi_find_task: aborting task 0x00000000769b5ba5\n[ 7165.434940] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(00000000769b5ba5) aborted\n[ 7165.434964] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(00000000c9f7aa07) ignored\n[ 7165.434965] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(00000000e2a1cf01) ignored\n[ 7165.434968] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 7165.434972] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(0000000022d52d93) ignored\n[ 7165.434975] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(0000000066a7516c) ignored\n[ 7165.434976] Mem abort info:\n[ 7165.434982]   ESR = 0x96000004\n[ 7165.434991]   Exception class = DABT (current EL), IL = 32 bits\n[ 7165.434992]   SET = 0, FnV = 0\n[ 7165.434993]   EA = 0, S1PTW = 0\n[ 7165.434994] Data abort info:\n[ 7165.434994]   ISV = 0, ISS = 0x00000004\n[ 7165.434995]   CM = 0, WnR = 0\n[ 7165.434997] user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000f29543f2\n[ 7165.434998] [0000000000000000] pgd=0000000000000000\n[ 7165.435003] Internal error: Oops: 96000004 [#1] SMP\n[ 7165.439863] Process scsi_eh_6 (pid: 4109, stack limit = 0x00000000c43818d5)\n[ 7165.468862] pstate: 00c00009 (nzcv daif +PAN +UAO)\n[ 7165.473637] pc : dereg_device_v3_hw+0x68/0xa8 [hisi_sas_v3_hw]\n[ 7165.479443] lr : dereg_device_v3_hw+0x2c/0xa8 [hisi_sas_v3_hw]\n[ 7165.485247] sp : ffff00001d623bc0\n[ 7165.488546] x29: ffff00001d623bc0 x28: ffffa027d03b9508\n[ 7165.493835] x27: ffff80278ed50af0 x26: ffffa027dd31e0a8\n[ 7165.499123] x25: ffffa027d9b27f88 x24: ffffa027d9b209f8\n[ 7165.504411] x23: ffffa027c45b0d60 x22: ffff80278ec07c00\n[ 7165.509700] x21: 0000000000000008 x20: ffffa027d9b209f8\n[ 7165.514988] x19: ffffa027d9b27f88 x18: ffffffffffffffff\n[ 7165.520276] x17: 0000000000000000 x16: 0000000000000000\n[ 7165.525564] x15: ffff0000091d9708 x14: ffff0000093b7dc8\n[ 7165.530852] x13: ffff0000093b7a23 x12: 6e7265746e692067\n[ 7165.536140] x11: 0000000000000000 x10: 0000000000000bb0\n[ 7165.541429] x9 : ffff00001d6238f0 x8 : ffffa027d877af00\n[ 7165.546718] x7 : ffffa027d6329600 x6 : ffff7e809f58ca00\n[ 7165.552006] x5 : 0000000000001f8a x4 : 000000000000088e\n[ 7165.557295] x3 : ffffa027d9b27fa8 x2 : 0000000000000000\n[ 7165.562583] x1 : 0000000000000000 x0 : 000000003000188e\n[ 7165.567872] Call trace:\n[ 7165.570309]  dereg_device_v3_hw+0x68/0xa8 [hisi_sas_v3_hw]\n[ 7165.575775]  hisi_sas_abort_task+0x248/0x358 [hisi_sas_main]\n[ 7165.581415]  sas_eh_handle_sas_errors+0x258/0x8e0 [libsas]\n[ 7165.586876]  sas_scsi_recover_host+0x134/0x458 [libsas]\n[ 7165.592082]  scsi_error_handler+0xb4/0x488\n[ 7165.596163]  kthread+0x134/0x138\n[ 7165.599380]  ret_from_fork+0x10/0x18\n[ 7165.602940] Code: d5033e9f b9000040 aa0103e2 eb03003f (f9400021)\n[ 7165.609004] kernel fault(0x1) notification starting on CPU 75\n[ 7165.700728] ---[ end trace fc042cbbea224efc ]---\n[ 7165.705326] Kernel panic - not syncing: Fatal exception\n\nTo fix the issue, grab sas_dev lock when traversing the members of\nsas_dev.list in dereg_device_v3_hw() and hisi_sas_release_tasks() to avoid\nconcurrency of adding and deleting member. When \n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:45Z"

advisories/unreviewed/2025/10/GHSA-3f5v-f3mc-6rj8/GHSA-3f5v-f3mc-6rj8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3f5v-f3mc-6rj8",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-04T00:30:28Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53656"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don't migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn't updated yet and still includes the CPU going to\nteardown. In current driver's implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[  368.104662][  T932] task:cpuhp/0         state:D stack:    0 pid:   15 ppid:     2 flags:0x00000008\n[  368.113699][  T932] Call trace:\n[  368.116834][  T932]  __switch_to+0x7c/0xbc\n[  368.120924][  T932]  __schedule+0x338/0x6f0\n[  368.125098][  T932]  schedule+0x50/0xe0\n[  368.128926][  T932]  schedule_preempt_disabled+0x18/0x24\n[  368.134229][  T932]  __mutex_lock.constprop.0+0x1d4/0x5dc\n[  368.139617][  T932]  __mutex_lock_slowpath+0x1c/0x30\n[  368.144573][  T932]  mutex_lock+0x50/0x60\n[  368.148579][  T932]  perf_pmu_migrate_context+0x84/0x2b0\n[  368.153884][  T932]  hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[  368.160579][  T932]  cpuhp_invoke_callback+0x2a0/0x650\n[  368.165707][  T932]  cpuhp_thread_fun+0xe4/0x190\n[  368.170316][  T932]  smpboot_thread_fn+0x15c/0x1a0\n[  368.175099][  T932]  kthread+0x108/0x13c\n[  368.179012][  T932]  ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:49Z"

advisories/unreviewed/2025/10/GHSA-4mh8-7crp-48x9/GHSA-4mh8-7crp-48x9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4mh8-7crp-48x9",
-  "modified": "2025-10-07T18:31:09Z",
+  "modified": "2026-02-04T00:30:26Z",
   "published": "2025-10-07T18:31:09Z",
   "aliases": [
     "CVE-2023-53628"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs\n\nThe gfx.cp_ecc_error_irq is retired in gfx11. In gfx_v11_0_hw_fini still\nuse amdgpu_irq_put to disable this interrupt, which caused the call trace\nin this function.\n\n[  102.873958] Call Trace:\n[  102.873959]  <TASK>\n[  102.873961]  gfx_v11_0_hw_fini+0x23/0x1e0 [amdgpu]\n[  102.874019]  gfx_v11_0_suspend+0xe/0x20 [amdgpu]\n[  102.874072]  amdgpu_device_ip_suspend_phase2+0x240/0x460 [amdgpu]\n[  102.874122]  amdgpu_device_ip_suspend+0x3d/0x80 [amdgpu]\n[  102.874172]  amdgpu_device_pre_asic_reset+0xd9/0x490 [amdgpu]\n[  102.874223]  amdgpu_device_gpu_recover.cold+0x548/0xce6 [amdgpu]\n[  102.874321]  amdgpu_debugfs_reset_work+0x4c/0x70 [amdgpu]\n[  102.874375]  process_one_work+0x21f/0x3f0\n[  102.874377]  worker_thread+0x200/0x3e0\n[  102.874378]  ? process_one_work+0x3f0/0x3f0\n[  102.874379]  kthread+0xfd/0x130\n[  102.874380]  ? kthread_complete_and_exit+0x20/0x20\n[  102.874381]  ret_from_fork+0x22/0x30\n\nv2:\n- Handle umc and gfx ras cases in separated patch\n- Retired the gfx_v11_0_cp_ecc_error_irq_funcs in gfx11\n\nv3:\n- Improve the subject and code comments\n- Add judgment on gfx11 in the function of amdgpu_gfx_ras_late_init\n\nv4:\n- Drop the define of CP_ME1_PIPE_INST_ADDR_INTERVAL and\nSET_ECC_ME_PIPE_STATE which using in gfx_v11_0_set_cp_ecc_error_state\n- Check cp_ecc_error_irq.funcs rather than ip version for a more\nsustainable life\n\nv5:\n- Simplify judgment conditions",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:45Z"

advisories/unreviewed/2025/10/GHSA-523c-3cg7-7hhv/GHSA-523c-3cg7-7hhv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-523c-3cg7-7hhv",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-04T00:30:27Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53648"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed 'rac97' could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:48Z"

advisories/unreviewed/2025/10/GHSA-826h-69x5-63pc/GHSA-826h-69x5-63pc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-826h-69x5-63pc",
-  "modified": "2025-10-07T18:31:09Z",
+  "modified": "2026-02-04T00:30:26Z",
   "published": "2025-10-07T18:31:09Z",
   "aliases": [
     "CVE-2023-53634"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fixed a BTI error on returning to patched function\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, BPF trampoline uses BLR to jump\nback to the instruction next to call site to call the patched function.\nFor BTI-enabled kernel, the instruction next to call site is usually\nPACIASP, in this case, it's safe to jump back with BLR. But when\nthe call site is not followed by a PACIASP or bti, a BTI exception\nis triggered.\n\nHere is a fault log:\n\n Unhandled 64-bit el1h sync exception on CPU0, ESR 0x0000000034000002 -- BTI\n CPU: 0 PID: 263 Comm: test_progs Tainted: GF\n Hardware name: linux,dummy-virt (DT)\n pstate: 40400805 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=-c)\n pc : bpf_fentry_test1+0xc/0x30\n lr : bpf_trampoline_6442573892_0+0x48/0x1000\n sp : ffff80000c0c3a50\n x29: ffff80000c0c3a90 x28: ffff0000c2e6c080 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000050\n x23: 0000000000000000 x22: 0000ffffcfd2a7f0 x21: 000000000000000a\n x20: 0000ffffcfd2a7f0 x19: 0000000000000000 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffcfd2a7f0\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: ffff80000914f5e4 x9 : ffff8000082a1528\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0101010101010101\n x5 : 0000000000000000 x4 : 00000000fffffff2 x3 : 0000000000000001\n x2 : ffff8001f4b82000 x1 : 0000000000000000 x0 : 0000000000000001\n Kernel panic - not syncing: Unhandled exception\n CPU: 0 PID: 263 Comm: test_progs Tainted: GF\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n  dump_backtrace+0xec/0x144\n  show_stack+0x24/0x7c\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x1cc/0x3ec\n  __el0_error_handler_common+0x0/0x130\n  el1h_64_sync_handler+0x60/0xd0\n  el1h_64_sync+0x78/0x7c\n  bpf_fentry_test1+0xc/0x30\n  bpf_fentry_test1+0xc/0x30\n  bpf_prog_test_run_tracing+0xdc/0x2a0\n  __sys_bpf+0x438/0x22a0\n  __arm64_sys_bpf+0x30/0x54\n  invoke_syscall+0x78/0x110\n  el0_svc_common.constprop.0+0x6c/0x1d0\n  do_el0_svc+0x38/0xe0\n  el0_svc+0x30/0xd0\n  el0t_64_sync_handler+0x1ac/0x1b0\n  el0t_64_sync+0x1a0/0x1a4\n Kernel Offset: disabled\n CPU features: 0x0000,00034c24,f994fdab\n Memory Limit: none\n\nAnd the instruction next to call site of bpf_fentry_test1 is ADD,\nnot PACIASP:\n\n<bpf_fentry_test1>:\n\tbti     c\n\tnop\n\tnop\n\tadd     w0, w0, #0x1\n\tpaciasp\n\nFor BPF prog, JIT always puts a PACIASP after call site for BTI-enabled\nkernel, so there is no problem. To fix it, replace BLR with RET to bypass\nthe branch target check.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:46Z"