Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/07/GHSA-8fqh-pm2q-8h5v/GHSA-8fqh-pm2q-8h5v.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8fqh-pm2q-8h5v",
-  "modified": "2025-07-08T18:31:43Z",
+  "modified": "2026-01-20T15:31:20Z",
   "published": "2025-07-08T18:31:43Z",
   "aliases": [
     "CVE-2025-43019"
   ],
   "details": "A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/07/GHSA-8xj4-3gr5-xw39/GHSA-8xj4-3gr5-xw39.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-347"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-cwh4-qcmj-2594/GHSA-cwh4-qcmj-2594.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cwh4-qcmj-2594",
-  "modified": "2025-07-02T21:32:00Z",
+  "modified": "2026-01-20T15:31:20Z",
   "published": "2025-07-02T21:32:00Z",
   "aliases": [
     "CVE-2025-43025"
   ],
   "details": "HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-24c6-4vcc-gq5v/GHSA-24c6-4vcc-gq5v.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-24c6-4vcc-gq5v",
-  "modified": "2025-11-03T18:31:41Z",
+  "modified": "2026-01-20T15:31:21Z",
   "published": "2025-09-22T21:30:17Z",
   "aliases": [
     "CVE-2025-39842"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: prevent release journal inode after journal shutdown\n\nBefore calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already\nbeen executed in ocfs2_dismount_volume(), so osb->journal must be NULL. \nTherefore, the following calltrace will inevitably fail when it reaches\njbd2_journal_release_jbd_inode().\n\nocfs2_dismount_volume()->\n  ocfs2_delete_osb()->\n    ocfs2_free_slot_info()->\n      __ocfs2_free_slot_info()->\n        evict()->\n          ocfs2_evict_inode()->\n            ocfs2_clear_inode()->\n\t      jbd2_journal_release_jbd_inode(osb->journal->j_journal,\n\nAdding osb->journal checks will prevent null-ptr-deref during the above\nexecution path.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:42Z"

advisories/unreviewed/2025/09/GHSA-2j47-jhvw-fgmm/GHSA-2j47-jhvw-fgmm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j47-jhvw-fgmm",
-  "modified": "2025-11-03T18:31:41Z",
+  "modified": "2026-01-20T15:31:21Z",
   "published": "2025-09-22T21:30:17Z",
   "aliases": [
     "CVE-2025-39839"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix OOB read/write in network-coding decode\n\nbatadv_nc_skb_decode_packet() trusts coded_len and checks only against\nskb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing\npayload headroom, and the source skb length is not verified, allowing an\nout-of-bounds read and a small out-of-bounds write.\n\nValidate that coded_len fits within the payload area of both destination\nand source sk_buffs before XORing.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:42Z"

advisories/unreviewed/2025/09/GHSA-3r4w-f43v-9fpg/GHSA-3r4w-f43v-9fpg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3r4w-f43v-9fpg",
-  "modified": "2025-11-03T18:31:42Z",
+  "modified": "2026-01-20T15:31:21Z",
   "published": "2025-09-22T21:30:17Z",
   "aliases": [
     "CVE-2025-39845"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()\n\nDefine ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure\npage tables are properly synchronized when calling p*d_populate_kernel().\n\nFor 5-level paging, synchronization is performed via\npgd_populate_kernel().  In 4-level paging, pgd_populate() is a no-op, so\nsynchronization is instead performed at the P4D level via\np4d_populate_kernel().\n\nThis fixes intermittent boot failures on systems using 4-level paging and\na large amount of persistent memory:\n\n  BUG: unable to handle page fault for address: ffffe70000000034\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  PGD 0 P4D 0\n  Oops: 0002 [#1] SMP NOPTI\n  RIP: 0010:__init_single_page+0x9/0x6d\n  Call Trace:\n   <TASK>\n   __init_zone_device_page+0x17/0x5d\n   memmap_init_zone_device+0x154/0x1bb\n   pagemap_range+0x2e0/0x40f\n   memremap_pages+0x10b/0x2f0\n   devm_memremap_pages+0x1e/0x60\n   dev_dax_probe+0xce/0x2ec [device_dax]\n   dax_bus_probe+0x6d/0xc9\n   [... snip ...]\n   </TASK>\n\nIt also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap\nbefore sync_global_pgds() [1]:\n\n  BUG: unable to handle page fault for address: ffffeb3ff1200000\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  PGD 0 P4D 0\n  Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI\n  Tainted: [W]=WARN\n  RIP: 0010:vmemmap_set_pmd+0xff/0x230\n   <TASK>\n   vmemmap_populate_hugepages+0x176/0x180\n   vmemmap_populate+0x34/0x80\n   __populate_section_memmap+0x41/0x90\n   sparse_add_section+0x121/0x3e0\n   __add_pages+0xba/0x150\n   add_pages+0x1d/0x70\n   memremap_pages+0x3dc/0x810\n   devm_memremap_pages+0x1c/0x60\n   xe_devm_add+0x8b/0x100 [xe]\n   xe_tile_init_noalloc+0x6a/0x70 [xe]\n   xe_device_probe+0x48c/0x740 [xe]\n   [... snip ...]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:43Z"

advisories/unreviewed/2025/09/GHSA-7fp7-xjmp-444h/GHSA-7fp7-xjmp-444h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7fp7-xjmp-444h",
-  "modified": "2025-11-03T18:31:42Z",
+  "modified": "2026-01-20T15:31:21Z",
   "published": "2025-09-22T21:30:18Z",
   "aliases": [
     "CVE-2025-39853"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix potential invalid access when MAC list is empty\n\nlist_first_entry() never returns NULL - if the list is empty, it still\nreturns a pointer to an invalid object, leading to potential invalid\nmemory access when dereferenced.\n\nFix this by using list_first_entry_or_null instead of list_first_entry.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:44Z"

advisories/unreviewed/2025/09/GHSA-7jhx-j65p-qc96/GHSA-7jhx-j65p-qc96.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7jhx-j65p-qc96",
-  "modified": "2025-11-03T18:31:42Z",
+  "modified": "2026-01-20T15:31:21Z",
   "published": "2025-09-22T21:30:17Z",
   "aliases": [
     "CVE-2025-39846"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()\n\nIn __iodyn_find_io_region(), pcmcia_make_resource() is assigned to\nres and used in pci_bus_alloc_resource(). There is a dereference of res\nin pci_bus_alloc_resource(), which could lead to a NULL pointer\ndereference on failure of pcmcia_make_resource().\n\nFix this bug by adding a check of res.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:43Z"

advisories/unreviewed/2025/09/GHSA-9f6g-j2jq-6w3f/GHSA-9f6g-j2jq-6w3f.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9f6g-j2jq-6w3f",
-  "modified": "2025-11-03T18:31:42Z",
+  "modified": "2026-01-20T15:31:21Z",
   "published": "2025-09-22T21:30:17Z",
   "aliases": [
     "CVE-2025-39847"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n    skb = pad_compress_skb(ppp, skb);\n    if (!skb)\n        goto drop;\n\ndrop:\n    kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed.  At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:43Z"

advisories/unreviewed/2025/09/GHSA-c6g6-j52p-pg8h/GHSA-c6g6-j52p-pg8h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c6g6-j52p-pg8h",
-  "modified": "2025-11-03T18:31:42Z",
+  "modified": "2026-01-20T15:31:21Z",
   "published": "2025-09-22T21:30:17Z",
   "aliases": [
     "CVE-2025-39848"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: properly unshare skbs in ax25_kiss_rcv()\n\nBernard Pidoux reported a regression apparently caused by commit\nc353e8983e0d (\"net: introduce per netns packet chains\").\n\nskb->dev becomes NULL and we crash in __netif_receive_skb_core().\n\nBefore above commit, different kind of bugs or corruptions could happen\nwithout a major crash.\n\nBut the root cause is that ax25_kiss_rcv() can queue/mangle input skb\nwithout checking if this skb is shared or not.\n\nMany thanks to Bernard Pidoux for his help, diagnosis and tests.\n\nWe had a similar issue years ago fixed with commit 7aaed57c5c28\n(\"phonet: properly unshare skbs in phonet_rcv()\").",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-19T16:15:43Z"