Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-6rr8-q652-pwgf/GHSA-6rr8-q652-pwgf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6rr8-q652-pwgf",
-  "modified": "2026-02-14T18:30:15Z",
+  "modified": "2026-04-03T15:30:29Z",
   "published": "2026-02-14T18:30:15Z",
   "aliases": [
     "CVE-2026-23175"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cpsw: Execute ndo_set_rx_mode callback in a work queue\n\nCommit 1767bb2d47b7 (\"ipv6: mcast: Don't hold RTNL for\nIPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.\") removed the RTNL lock for\nIPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this\nchange triggered the following call trace on my BeagleBone Black board:\n  WARNING: net/8021q/vlan_core.c:236 at vlan_for_each+0x120/0x124, CPU#0: rpcbind/481\n  RTNL: assertion failed at net/8021q/vlan_core.c (236)\n  Modules linked in:\n  CPU: 0 UID: 997 PID: 481 Comm: rpcbind Not tainted 6.19.0-rc7-next-20260130-yocto-standard+ #35 PREEMPT\n  Hardware name: Generic AM33XX (Flattened Device Tree)\n  Call trace:\n   unwind_backtrace from show_stack+0x28/0x2c\n   show_stack from dump_stack_lvl+0x30/0x38\n   dump_stack_lvl from __warn+0xb8/0x11c\n   __warn from warn_slowpath_fmt+0x130/0x194\n   warn_slowpath_fmt from vlan_for_each+0x120/0x124\n   vlan_for_each from cpsw_add_mc_addr+0x54/0x98\n   cpsw_add_mc_addr from __hw_addr_ref_sync_dev+0xc4/0xec\n   __hw_addr_ref_sync_dev from __dev_mc_add+0x78/0x88\n   __dev_mc_add from igmp6_group_added+0x84/0xec\n   igmp6_group_added from __ipv6_dev_mc_inc+0x1fc/0x2f0\n   __ipv6_dev_mc_inc from __ipv6_sock_mc_join+0x124/0x1b4\n   __ipv6_sock_mc_join from do_ipv6_setsockopt+0x84c/0x1168\n   do_ipv6_setsockopt from ipv6_setsockopt+0x88/0xc8\n   ipv6_setsockopt from do_sock_setsockopt+0xe8/0x19c\n   do_sock_setsockopt from __sys_setsockopt+0x84/0xac\n   __sys_setsockopt from ret_fast_syscall+0x0/0x54\n\nThis trace occurs because vlan_for_each() is called within\ncpsw_ndo_set_rx_mode(), which expects the RTNL lock to be held.\nSince modifying vlan_for_each() to operate without the RTNL lock is not\nstraightforward, and because ndo_set_rx_mode() is invoked both with and\nwithout the RTNL lock across different code paths, simply adding\nrtnl_lock() in cpsw_ndo_set_rx_mode() is not a viable solution.\n\nTo resolve this issue, we opt to execute the actual processing within\na work queue, following the approach used by the icssg-prueth driver.\n\nPlease note: To reproduce this issue, I manually reverted the changes to\nam335x-bone-common.dtsi from commit c477358e66a3 (\"ARM: dts: am335x-bone:\nswitch to new cpsw switch drv\") in order to revert to the legacy cpsw\ndriver.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-14T17:15:55Z"

advisories/unreviewed/2026/02/GHSA-pmxm-x3p3-w327/GHSA-pmxm-x3p3-w327.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmxm-x3p3-w327",
-  "modified": "2026-02-14T18:30:16Z",
+  "modified": "2026-04-03T15:30:29Z",
   "published": "2026-02-14T18:30:16Z",
   "aliases": [
     "CVE-2026-23180"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: add bounds check for if_id in IRQ handler\n\nThe IRQ handler extracts if_id from the upper 16 bits of the hardware\nstatus register and uses it to index into ethsw->ports[] without\nvalidation. Since if_id can be any 16-bit value (0-65535) but the ports\narray is only allocated with sw_attr.num_ifs elements, this can lead to\nan out-of-bounds read potentially.\n\nAdd a bounds check before accessing the array, consistent with the\nexisting validation in dpaa2_switch_rx().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-14T17:15:55Z"

advisories/unreviewed/2026/02/GHSA-rhhh-mwpc-m2qj/GHSA-rhhh-mwpc-m2qj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rhhh-mwpc-m2qj",
-  "modified": "2026-02-14T18:30:16Z",
+  "modified": "2026-04-03T15:30:29Z",
   "published": "2026-02-14T18:30:16Z",
   "aliases": [
     "CVE-2026-23178"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()\n\n`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data\ninto `ihid->rawbuf`.\n\nThe former can come from the userspace in the hidraw driver and is only\nbounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set\n`max_buffer_size` field of `struct hid_ll_driver` which we do not).\n\nThe latter has size determined at runtime by the maximum size of\ndifferent report types you could receive on any particular device and\ncan be a much smaller value.\n\nFix this by truncating `recv_len` to `ihid->bufsize - sizeof(__le16)`.\n\nThe impact is low since access to hidraw devices requires root.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-14T17:15:55Z"

advisories/unreviewed/2026/03/GHSA-ch8g-69g3-3cc2/GHSA-ch8g-69g3-3cc2.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ch8g-69g3-3cc2",
-  "modified": "2026-03-31T18:31:31Z",
+  "modified": "2026-04-03T15:30:30Z",
   "published": "2026-03-31T18:31:31Z",
   "aliases": [
     "CVE-2025-62184"
   ],
   "details": "Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.  Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/04/GHSA-23qp-f5g5-j76h/GHSA-23qp-f5g5-j76h.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23qp-f5g5-j76h",
+  "modified": "2026-04-03T15:30:31Z",
+  "published": "2026-04-03T15:30:31Z",
+  "aliases": [
+    "CVE-2026-23425"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix ID register initialization for non-protected pKVM guests\n\nIn protected mode, the hypervisor maintains a separate instance of\nthe `kvm` structure for each VM. For non-protected VMs, this structure is\ninitialized from the host's `kvm` state.\n\nCurrently, `pkvm_init_features_from_host()` copies the\n`KVM_ARCH_FLAG_ID_REGS_INITIALIZED` flag from the host without the\nunderlying `id_regs` data being initialized. This results in the\nhypervisor seeing the flag as set while the ID registers remain zeroed.\n\nConsequently, `kvm_has_feat()` checks at EL2 fail (return 0) for\nnon-protected VMs. This breaks logic that relies on feature detection,\nsuch as `ctxt_has_tcrx()` for TCR2_EL1 support. As a result, certain\nsystem registers (e.g., TCR2_EL1, PIR_EL1, POR_EL1) are not\nsaved/restored during the world switch, which could lead to state\ncorruption.\n\nFix this by explicitly copying the ID registers from the host `kvm` to\nthe hypervisor `kvm` for non-protected VMs during initialization, since\nwe trust the host with its non-protected guests' features. Also ensure\n`KVM_ARCH_FLAG_ID_REGS_INITIALIZED` is cleared initially in\n`pkvm_init_features_from_host` so that `vm_copy_id_regs` can properly\ninitialize them and set the flag once done.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23425"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7e7c2cf0024d89443a7af52e09e47b1fe634ab17"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/858620655c1fbff05997e162fc7d83a3293d5142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bce3847f7c51b86332bf2e554c9e80ca3820f16c"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-03T14:16:28Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3435-g6fx-jc4p/GHSA-3435-g6fx-jc4p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3435-g6fx-jc4p",
-  "modified": "2026-04-02T21:32:54Z",
+  "modified": "2026-04-03T15:30:30Z",
   "published": "2026-04-02T21:32:53Z",
   "aliases": [
     "CVE-2026-35467"
   ],
   "details": "The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-522"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-02T21:16:40Z"

advisories/unreviewed/2026/04/GHSA-37mp-2f5m-44h4/GHSA-37mp-2f5m-44h4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-37mp-2f5m-44h4",
-  "modified": "2026-04-02T21:32:52Z",
+  "modified": "2026-04-03T15:30:30Z",
   "published": "2026-04-02T21:32:52Z",
   "aliases": [
     "CVE-2025-43202"
   ],
   "details": "This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-02T19:20:03Z"

advisories/unreviewed/2026/04/GHSA-5rf8-f7c5-4xmw/GHSA-5rf8-f7c5-4xmw.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5rf8-f7c5-4xmw",
+  "modified": "2026-04-03T15:30:31Z",
+  "published": "2026-04-03T15:30:31Z",
+  "aliases": [
+    "CVE-2026-23421"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/configfs: Free ctx_restore_mid_bb in release\n\nctx_restore_mid_bb memory is allocated in wa_bb_store(), but\nxe_config_device_release() only frees ctx_restore_post_bb.\n\nFree ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation\nwhen the configfs device is removed.\n\n(cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23421"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-03T14:16:28Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-5x28-243x-9mx6/GHSA-5x28-243x-9mx6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5x28-243x-9mx6",
-  "modified": "2026-04-02T21:32:53Z",
+  "modified": "2026-04-03T15:30:30Z",
   "published": "2026-04-02T21:32:53Z",
   "aliases": [
     "CVE-2026-30251"
   ],
   "details": "A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-02T21:16:40Z"

advisories/unreviewed/2026/04/GHSA-6rph-vpvq-7wvw/GHSA-6rph-vpvq-7wvw.json

@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6rph-vpvq-7wvw",
+  "modified": "2026-04-03T15:30:31Z",
+  "published": "2026-04-03T15:30:31Z",
+  "aliases": [
+    "CVE-2026-23422"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler\n\nCommit 31a7a0bbeb00 (\"dpaa2-switch: add bounds check for if_id in IRQ\nhandler\") introduces a range check for if_id to avoid an out-of-bounds\naccess. If an out-of-bounds if_id is detected, the interrupt status is\nnot cleared. This may result in an interrupt storm.\n\nClear the interrupt status after detecting an out-of-bounds if_id to avoid\nthe problem.\n\nFound by an experimental AI code review agent at Google.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23422"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/00f42ace446f1e4bf84988f2281131f52cd32796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/28fd8ac1d49389cb230d712116f54e27ebec11b8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/74badb9c20b1a9c02a95c735c6d3cd6121679c93"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b5bababe7703a7322bc59b803ab1587887a2a5e4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c7becfe3e604d138bd53b8ac3111b2b3e8ec6b0e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/fa4412cdc5178a48799bafcb8af28fd2fbf3d703"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-03T14:16:28Z"
+  }
+}