Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/01/GHSA-266h-p8pw-28f4/GHSA-266h-p8pw-28f4.json

@@ -0,0 +1,53 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-266h-p8pw-28f4",
+  "modified": "2026-01-31T12:30:11Z",
+  "published": "2026-01-31T12:30:11Z",
+  "aliases": [
+    "CVE-2025-71182"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: make j1939_session_activate() fail if device is no longer registered\n\nsyzbot is still reporting\n\n  unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\neven after commit 93a27b5891b8 (\"can: j1939: add missing calls in\nNETDEV_UNREGISTER notification handler\") was added. A debug printk() patch\nfound that j1939_session_activate() can succeed even after\nj1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER)\nhas completed.\n\nSince j1939_cancel_active_session() is processed with the session list lock\nheld, checking ndev->reg_state in j1939_session_activate() with the session\nlist lock held can reliably close the race window.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71182"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/46ca9dc978923c5e1247a9e9519240ba7ace413c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5d5602236f5db19e8b337a2cd87a90ace5ea776d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/78d87b72cebe2a993fd5b017e9f14fb6278f2eae"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/79dd3f1d9dd310c2af89b09c71f34d93973b200f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c3a4316e3c746af415c0fd6c6d489ad13f53714d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ebb0dfd718dd31c8d3600612ca4b7207ec3d923a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:03Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2vjx-859r-qm27/GHSA-2vjx-859r-qm27.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vjx-859r-qm27",
+  "modified": "2026-01-31T12:30:12Z",
+  "published": "2026-01-31T12:30:12Z",
+  "aliases": [
+    "CVE-2026-23028"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_ipi_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23028"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5defcc2f9c22e6e09b5be68234ad10f4ba0292b7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:06Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-35c8-wvgc-32mg/GHSA-35c8-wvgc-32mg.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-35c8-wvgc-32mg",
+  "modified": "2026-01-31T12:30:12Z",
+  "published": "2026-01-31T12:30:12Z",
+  "aliases": [
+    "CVE-2026-23037"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: allow partial RX URB allocation to succeed\n\nWhen es58x_alloc_rx_urbs() fails to allocate the requested number of\nURBs but succeeds in allocating some, it returns an error code.\nThis causes es58x_open() to return early, skipping the cleanup label\n'free_urbs', which leads to the anchored URBs being leaked.\n\nAs pointed out by maintainer Vincent Mailhol, the driver is designed\nto handle partial URB allocation gracefully. Therefore, partial\nallocation should not be treated as a fatal error.\n\nModify es58x_alloc_rx_urbs() to return 0 if at least one URB has been\nallocated, restoring the intended behavior and preventing the leak\nin es58x_open().",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23037"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/611e839d2d552416b498ed5593e10670f61fcd4d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6c5124a60989051799037834f0a1a4b428718157"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b1979778e98569c1e78c2c7f16bb24d76541ab00"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ba45e3d6b02c97dbb4578fbae7027fd66f3caa10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3qhg-rc86-rh99/GHSA-3qhg-rc86-rh99.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3qhg-rc86-rh99",
+  "modified": "2026-01-31T12:30:11Z",
+  "published": "2026-01-31T12:30:11Z",
+  "aliases": [
+    "CVE-2025-71181"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrust_binder: remove spin_lock() in rust_shrink_free_page()\n\nWhen forward-porting Rust Binder to 6.18, I neglected to take commit\nfb56fdf8b9a2 (\"mm/list_lru: split the lock to per-cgroup scope\") into\naccount, and apparently I did not end up running the shrinker callback\nwhen I sanity tested the driver before submission. This leads to crashes\nlike the following:\n\n\t============================================\n\tWARNING: possible recursive locking detected\n\t6.18.0-mainline-maybe-dirty #1 Tainted: G          IO\n\t--------------------------------------------\n\tkswapd0/68 is trying to acquire lock:\n\tffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0x128/0x230\n\n\tbut task is already holding lock:\n\tffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20\n\n\tother info that might help us debug this:\n\t Possible unsafe locking scenario:\n\n\t       CPU0\n\t       ----\n\t  lock(&l->lock);\n\t  lock(&l->lock);\n\n\t *** DEADLOCK ***\n\n\t May be due to missing lock nesting notation\n\n\t3 locks held by kswapd0/68:\n\t #0: ffffffff90d2e260 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x597/0x1160\n\t #1: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20\n\t #2: ffffffff90cf3680 (rcu_read_lock){....}-{1:2}, at: lock_list_lru_of_memcg+0x2d/0x230\n\nTo fix this, remove the spin_lock() call from rust_shrink_free_page().",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71181"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/30a98c97f7874031f2e1de19c777ce011143cba4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/361e0ff456a8daf9753c18030533256e4133ce7a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:03Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-4c95-wpmq-cc75/GHSA-4c95-wpmq-cc75.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4c95-wpmq-cc75",
+  "modified": "2026-01-31T12:30:11Z",
+  "published": "2026-01-31T12:30:11Z",
+  "aliases": [
+    "CVE-2025-71191"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: at_hdmac: fix device leak on of_dma_xlate()\n\nMake sure to drop the reference taken when looking up the DMA platform\ndevice during of_dma_xlate() when releasing channel resources.\n\nNote that commit 3832b78b3ec2 (\"dmaengine: at_hdmac: add missing\nput_device() call in at_dma_xlate()\") fixed the leak in a couple of\nerror paths but the reference is still leaking on successful allocation.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71191"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6a86cf2c09e149d5718a5b7090545f7566da9334"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/987c71671367f42460689b78244d7b894c50999a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b9074b2d7a230b6e28caa23165e9d8bc0677d333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f3c23b7e941349505c3d40de2cc0acd93d9ac057"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:04Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-553m-xcvq-64wh/GHSA-553m-xcvq-64wh.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-553m-xcvq-64wh",
+  "modified": "2026-01-31T12:30:11Z",
+  "published": "2026-01-31T12:30:11Z",
+  "aliases": [
+    "CVE-2025-71188"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: lpc18xx-dmamux: fix device leak on route allocation\n\nMake sure to drop the reference taken when looking up the DMA mux\nplatform device during route allocation.\n\nNote that holding a reference to a device does not prevent its driver\ndata from going away so there is no point in keeping the reference.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71188"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1e47d80f6720f0224efd19bcf081d39637569c10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/992eb8055a6e5dbb808672d20d68e60d5a89b12b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9fba97baa520c9446df51a64708daf27c5a7ed32"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d4d63059dee7e7cae0c4d9a532ed558bc90efb55"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:04Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-5r9g-9rch-3q5c/GHSA-5r9g-9rch-3q5c.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5r9g-9rch-3q5c",
+  "modified": "2026-01-31T12:30:11Z",
+  "published": "2026-01-31T12:30:11Z",
+  "aliases": [
+    "CVE-2025-71190"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: bcm-sba-raid: fix device leak on probe\n\nMake sure to drop the reference taken when looking up the mailbox device\nduring probe on probe failures and on driver unbind.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71190"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/2ed1a9de1f2d727ccae5bc9cc7c63ee3519c0c8b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7c3a46ebf15a9796b763a54272407fdbf945bed8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c80ca7bdff158401440741bdcf9175bd8608580b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/db6f1d6d31711e73e6a214c73e6a8fb4cda0483d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:04Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-5wr5-mxmx-fvmr/GHSA-5wr5-mxmx-fvmr.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5wr5-mxmx-fvmr",
+  "modified": "2026-01-31T12:30:12Z",
+  "published": "2026-01-31T12:30:12Z",
+  "aliases": [
+    "CVE-2026-23035"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv\n\nmlx5e_priv is an unstable structure that can be memset(0) if profile\nattaching fails.\n\nPass netdev to mlx5e_destroy_netdev() to guarantee it will work on a\nvalid netdev.\n\nOn mlx5e_remove: Check validity of priv->profile, before attempting\nto cleanup any resources that might be not there.\n\nThis fixes a kernel oops in mlx5e_remove when switchdev mode fails due\nto change profile failure.\n\n$ devlink dev eswitch set pci/0000:00:03.0 mode switchdev\nError: mlx5_core: Failed setting eswitch to offloads.\ndmesg:\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n\n$ devlink dev reload pci/0000:00:03.0 ==> oops\n\nBUG: kernel NULL pointer dereference, address: 0000000000000370\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 15 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:mlx5e_dcbnl_dscp_app+0x23/0x100\nRSP: 0018:ffffc9000083f8b8 EFLAGS: 00010286\nRAX: ffff8881126fc380 RBX: ffff8881015ac400 RCX: ffffffff826ffc45\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881035109c0\nRBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e10\nR10: ffffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0\nR13: ffff888101b921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400\nFS:  00007f789a3c8740(0000) GS:ffff88856aa59000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000370 CR3: 000000010b6c0001 CR4: 0000000000370ef0\nCall Trace:\n <TASK>\n mlx5e_remove+0x57/0x110\n device_release_driver_internal+0x19c/0x200\n bus_remove_device+0xc6/0x130\n device_del+0x160/0x3d0\n ? devl_param_driverinit_value_get+0x2d/0x90\n mlx5_detach_device+0x89/0xe0\n mlx5_unload_one_devl_locked+0x3a/0x70\n mlx5_devlink_reload_down+0xc8/0x220\n devlink_reload+0x7d/0x260\n devlink_nl_reload_doit+0x45b/0x5a0\n genl_family_rcv_msg_doit+0xe8/0x140",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23035"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4ef8512e1427111f7ba92b4a847d181ff0aeec42"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/66a25f6b7c0bfd84e6d27b536f5d24116dbd52da"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:06Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-6x37-w2qr-pm62/GHSA-6x37-w2qr-pm62.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6x37-w2qr-pm62",
+  "modified": "2026-01-31T12:30:12Z",
+  "published": "2026-01-31T12:30:12Z",
+  "aliases": [
+    "CVE-2026-23029"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_eiointc_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23029"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7d8553fc75aefa7ec936af0cf8443ff90b51732e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/e94ec9661c5820d157d2cc4b6cf4a6ab656a7b4d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-31T12:16:06Z"
+  }
+}