{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6482c3dccbfb8d20e2856ce67c75856859930b3f",
              "status": "affected",
              "version": "620c266f394932e5decc4b34683a75dfc59dc2f4",
              "versionType": "git"
            },
            {
              "lessThan": "287c7d34eedd37af1272dfb3b6e8656f4f026424",
              "status": "affected",
              "version": "620c266f394932e5decc4b34683a75dfc59dc2f4",
              "versionType": "git"
            },
            {
              "lessThan": "1f282cdc1d219c4a557f7009e81bc792820d9d9a",
              "status": "affected",
              "version": "620c266f394932e5decc4b34683a75dfc59dc2f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.46",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.3",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/fhandle.c: fix a race in call of has_locked_children()\n\nmay_decode_fh() is calling has_locked_children() while holding no locks.\nThat\u0027s an oopsable race...\n\nThe rest of the callers are safe since they are holding namespace_sem and\nare guaranteed a positive refcount on the mount in question.\n\nRename the current has_locked_children() to __has_locked_children(), make\nit static and switch the fs/namespace.c users to it.\n\nMake has_locked_children() a wrapper for __has_locked_children(), calling\nthe latter under read_seqlock_excl(\u0026mount_lock)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T17:06:11.491Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6482c3dccbfb8d20e2856ce67c75856859930b3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/287c7d34eedd37af1272dfb3b6e8656f4f026424"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f282cdc1d219c4a557f7009e81bc792820d9d9a"
        }
      ],
      "title": "fs/fhandle.c: fix a race in call of has_locked_children()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38306",
    "datePublished": "2025-07-10T07:42:16.806Z",
    "dateReserved": "2025-04-16T04:51:24.002Z",
    "dateUpdated": "2025-09-09T17:06:11.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "210ef6cd8e634f18fd889421012192b81325b27b",
              "status": "affected",
              "version": "a2d3b4b81fd49b14782ce0ff68ca74e40f16609a",
              "versionType": "git"
            },
            {
              "lessThan": "0ebc02d9ff85626a526353584526da6aa9c96792",
              "status": "affected",
              "version": "a2d3b4b81fd49b14782ce0ff68ca74e40f16609a",
              "versionType": "git"
            },
            {
              "lessThan": "5e08e9c742a00384e5abe74bd40cf4dc15cb3a2e",
              "status": "affected",
              "version": "a2d3b4b81fd49b14782ce0ff68ca74e40f16609a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.30",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.4",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix sdma v4 sw fini error\n\nFix sdma v4 sw fini error for sdma 4.2.2 to\nsolve the following general protection fault\n\n[  +0.108196] general protection fault, probably for non-canonical\naddress 0xd5e5a4ae79d24a32: 0000 [#1] PREEMPT SMP PTI\n[  +0.000018] RIP: 0010:free_fw_priv+0xd/0x70\n[  +0.000022] Call Trace:\n[  +0.000012]  \u003cTASK\u003e\n[  +0.000011]  release_firmware+0x55/0x80\n[  +0.000021]  amdgpu_ucode_release+0x11/0x20 [amdgpu]\n[  +0.000415]  amdgpu_sdma_destroy_inst_ctx+0x4f/0x90 [amdgpu]\n[  +0.000360]  sdma_v4_0_sw_fini+0xce/0x110 [amdgpu]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T10:50:29.575Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/210ef6cd8e634f18fd889421012192b81325b27b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ebc02d9ff85626a526353584526da6aa9c96792"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e08e9c742a00384e5abe74bd40cf4dc15cb3a2e"
        }
      ],
      "title": "drm/amdgpu: Fix sdma v4 sw fini error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53547",
    "datePublished": "2025-10-04T15:16:54.794Z",
    "dateReserved": "2025-10-04T15:14:15.921Z",
    "dateUpdated": "2025-10-29T10:50:29.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/udc/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bed19d95fcb9c98dfaa9585922b39a2dfba7898d",
              "status": "affected",
              "version": "d8195536ce2624e2947d9f56b1a61e7a27874bd3",
              "versionType": "git"
            },
            {
              "lessThan": "8c1edc00db65f6d4408b3d1cd845e8da3b9e0ca4",
              "status": "affected",
              "version": "286d9975a838d0a54da049765fa1d1fb96b89682",
              "versionType": "git"
            },
            {
              "lessThan": "65dadb2beeb7360232b09ebc4585b54475dfee06",
              "status": "affected",
              "version": "286d9975a838d0a54da049765fa1d1fb96b89682",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "85102a45c7390caf124a3a5796574446f1e037b9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/udc/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.46",
                  "versionStartIncluding": "6.1.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.11",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration.  The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work.  gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback.  There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked.  So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate().  Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context.  This may\nhelp prevent similar bugs from arising in the future."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-04T15:43:57.064Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bed19d95fcb9c98dfaa9585922b39a2dfba7898d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c1edc00db65f6d4408b3d1cd845e8da3b9e0ca4"
        },
        {
          "url": "https://git.kernel.org/stable/c/65dadb2beeb7360232b09ebc4585b54475dfee06"
        }
      ],
      "title": "USB: Gadget: core: Help prevent panic during UVC unconfigure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53580",
    "datePublished": "2025-10-04T15:43:57.064Z",
    "dateReserved": "2025-10-04T15:14:15.926Z",
    "dateUpdated": "2025-10-04T15:43:57.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f1ecccb5cdda39bca8cd17bb0b6cf61361e33578",
              "status": "affected",
              "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
              "versionType": "git"
            },
            {
              "lessThan": "abc43c1ffdbc801b0b04ac845bfaf1d42b8f68f7",
              "status": "affected",
              "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
              "versionType": "git"
            },
            {
              "lessThan": "9ab7945f3a61ed23da412e30f1e56414c05c4f06",
              "status": "affected",
              "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
              "versionType": "git"
            },
            {
              "lessThan": "92ec4855034b2c4d13f117558dc73d20581fa9ff",
              "status": "affected",
              "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.92",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.30",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices\n\nThe driver only offloads neighbors that are constructed on top of net\ndevices registered by it or their uppers (which are all Ethernet). The\ndevice supports GRE encapsulation and decapsulation of forwarded\ntraffic, but the driver will not offload dummy neighbors constructed on\ntop of GRE net devices as they are not uppers of its net devices:\n\n # ip link add name gre1 up type gre tos inherit local 192.0.2.1 remote 198.51.100.1\n # ip neigh add 0.0.0.0 lladdr 0.0.0.0 nud noarp dev gre1\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 NOARP\n\n(Note that the neighbor is not marked with \u0027offload\u0027)\n\nWhen the driver is reloaded and the existing configuration is replayed,\nthe driver does not perform the same check regarding existing neighbors\nand offloads the previously added one:\n\n # devlink dev reload pci/0000:01:00.0\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 offload NOARP\n\nIf the neighbor is later deleted, the driver will ignore the\nnotification (given the GRE net device is not its upper) and will\ntherefore keep referencing freed memory, resulting in a use-after-free\n[1] when the net device is deleted:\n\n # ip neigh del 0.0.0.0 lladdr 0.0.0.0 dev gre1\n # ip link del dev gre1\n\nFix by skipping neighbor replay if the net device for which the replay\nis performed is not our upper.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x1ea/0x200\nRead of size 8 at addr ffff888155b0e420 by task ip/2282\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6f/0x350\n print_report+0x108/0x205\n kasan_report+0xdf/0x110\n mlxsw_sp_neigh_entry_update+0x1ea/0x200\n mlxsw_sp_router_rif_gone_sync+0x2a8/0x440\n mlxsw_sp_rif_destroy+0x1e9/0x750\n mlxsw_sp_netdevice_ipip_ol_event+0x3c9/0xdc0\n mlxsw_sp_router_netdevice_event+0x3ac/0x15e0\n notifier_call_chain+0xca/0x150\n call_netdevice_notifiers_info+0x7f/0x100\n unregister_netdevice_many_notify+0xc8c/0x1d90\n rtnl_dellink+0x34e/0xa50\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x131/0x360\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n __sys_sendmsg+0x121/0x1b0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T09:28:27.046Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f1ecccb5cdda39bca8cd17bb0b6cf61361e33578"
        },
        {
          "url": "https://git.kernel.org/stable/c/abc43c1ffdbc801b0b04ac845bfaf1d42b8f68f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ab7945f3a61ed23da412e30f1e56414c05c4f06"
        },
        {
          "url": "https://git.kernel.org/stable/c/92ec4855034b2c4d13f117558dc73d20581fa9ff"
        }
      ],
      "title": "mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38019",
    "datePublished": "2025-06-18T09:28:27.046Z",
    "dateReserved": "2025-04-16T04:51:23.977Z",
    "dateUpdated": "2025-06-18T09:28:27.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mac80211/cfg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7e1cda5cf07f848e6b50b4e5e7761ffbce905a3d",
              "status": "affected",
              "version": "55de908ab292c03f1eb280f51170ddb9c6b57e31",
              "versionType": "git"
            },
            {
              "lessThan": "7dce2deb0b03aaf46c87ceedea81ef4153e26c40",
              "status": "affected",
              "version": "55de908ab292c03f1eb280f51170ddb9c6b57e31",
              "versionType": "git"
            },
            {
              "lessThan": "67dfa589aa8806c7959cbca2f4613b8d41c75a06",
              "status": "affected",
              "version": "55de908ab292c03f1eb280f51170ddb9c6b57e31",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mac80211/cfg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.55",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:21:25.575Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7e1cda5cf07f848e6b50b4e5e7761ffbce905a3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dce2deb0b03aaf46c87ceedea81ef4153e26c40"
        },
        {
          "url": "https://git.kernel.org/stable/c/67dfa589aa8806c7959cbca2f4613b8d41c75a06"
        }
      ],
      "title": "wifi: mac80211: check for station first in client probe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53588",
    "datePublished": "2025-10-04T15:44:03.354Z",
    "dateReserved": "2025-10-04T15:40:38.477Z",
    "dateUpdated": "2026-01-05T10:21:25.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/hw.c",
            "drivers/net/wireless/ath/ath12k/hw.h",
            "drivers/net/wireless/ath/ath12k/pci.c",
            "drivers/net/wireless/ath/ath12k/pci.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "569972c5bdb839b0eaf8aba6ce76ea0b78e2acf8",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "d71ac5694b33c80f1de97d074f6fbdc6c01a9d61",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "7588a893cde5385ad308400ff167d29a29913b3a",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/hw.c",
            "drivers/net/wireless/ath/ath12k/hw.h",
            "drivers/net/wireless/ath/ath12k/pci.c",
            "drivers/net/wireless/ath/ath12k/pci.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.34",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.3",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:21:27.806Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/569972c5bdb839b0eaf8aba6ce76ea0b78e2acf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d71ac5694b33c80f1de97d074f6fbdc6c01a9d61"
        },
        {
          "url": "https://git.kernel.org/stable/c/7588a893cde5385ad308400ff167d29a29913b3a"
        }
      ],
      "title": "wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38414",
    "datePublished": "2025-07-25T13:32:08.777Z",
    "dateReserved": "2025-04-16T04:51:24.013Z",
    "dateUpdated": "2025-07-28T04:21:27.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:23.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/powercap/dtpm_cpu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "27914f2b795e2b58e9506f281dcdd98fef09d3c2",
              "status": "affected",
              "version": "eb82bace893169b319c563b7f813c58a0a5a9f76",
              "versionType": "git"
            },
            {
              "lessThan": "c6ec27091cf5ac05094c1fe3a6ce914cf711a37c",
              "status": "affected",
              "version": "eb82bace893169b319c563b7f813c58a0a5a9f76",
              "versionType": "git"
            },
            {
              "lessThan": "8374ac7d69a57d737e701a851ffe980a0d27d3ad",
              "status": "affected",
              "version": "eb82bace893169b319c563b7f813c58a0a5a9f76",
              "versionType": "git"
            },
            {
              "lessThan": "27e0318f0ea69fcfa32228847debc384ade14578",
              "status": "affected",
              "version": "eb82bace893169b319c563b7f813c58a0a5a9f76",
              "versionType": "git"
            },
            {
              "lessThan": "2fd001a0075ac01dc64a28a8e21226b3d989a91d",
              "status": "affected",
              "version": "eb82bace893169b319c563b7f813c58a0a5a9f76",
              "versionType": "git"
            },
            {
              "lessThan": "46dc57406887dd02565cb264224194a6776d882b",
              "status": "affected",
              "version": "eb82bace893169b319c563b7f813c58a0a5a9f76",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/powercap/dtpm_cpu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()\n\nThe get_pd_power_uw() function can crash with a NULL pointer dereference\nwhen em_cpu_get() returns NULL. This occurs when a CPU becomes impossible\nduring runtime, causing get_cpu_device() to return NULL, which propagates\nthrough em_cpu_get() and leads to a crash when em_span_cpus() dereferences\nthe NULL pointer.\n\nAdd a NULL check after em_cpu_get() and return 0 if unavailable,\nmatching the existing fallback behavior in __dtpm_cpu_setup().\n\n[ rjw: Drop an excess empty code line ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:54:45.207Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/27914f2b795e2b58e9506f281dcdd98fef09d3c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6ec27091cf5ac05094c1fe3a6ce914cf711a37c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8374ac7d69a57d737e701a851ffe980a0d27d3ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/27e0318f0ea69fcfa32228847debc384ade14578"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fd001a0075ac01dc64a28a8e21226b3d989a91d"
        },
        {
          "url": "https://git.kernel.org/stable/c/46dc57406887dd02565cb264224194a6776d882b"
        }
      ],
      "title": "powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38610",
    "datePublished": "2025-08-19T17:03:53.255Z",
    "dateReserved": "2025-04-16T04:51:24.029Z",
    "dateUpdated": "2025-11-03T17:40:23.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/bluetooth/hci_core.h",
            "net/bluetooth/hci_core.c",
            "net/bluetooth/mgmt.c",
            "net/bluetooth/mgmt_util.c",
            "net/bluetooth/mgmt_util.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bdd56875c6926d8009914f427df71797693e90d4",
              "status": "affected",
              "version": "a380b6cff1a2d2139772e88219d08330f84d0381",
              "versionType": "git"
            },
            {
              "lessThan": "4e83f2dbb2bf677e614109df24426c4dded472d4",
              "status": "affected",
              "version": "a380b6cff1a2d2139772e88219d08330f84d0381",
              "versionType": "git"
            },
            {
              "lessThan": "d7882db79135c829a922daf3571f33ea1e056ae3",
              "status": "affected",
              "version": "a380b6cff1a2d2139772e88219d08330f84d0381",
              "versionType": "git"
            },
            {
              "lessThan": "6fe26f694c824b8a4dbf50c635bee1302e3f099c",
              "status": "affected",
              "version": "a380b6cff1a2d2139772e88219d08330f84d0381",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/bluetooth/hci_core.h",
            "net/bluetooth/hci_core.c",
            "net/bluetooth/mgmt.c",
            "net/bluetooth/mgmt_util.c",
            "net/bluetooth/mgmt_util.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.94",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.34",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.3",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:12:35.763Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bdd56875c6926d8009914f427df71797693e90d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e83f2dbb2bf677e614109df24426c4dded472d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7882db79135c829a922daf3571f33ea1e056ae3"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fe26f694c824b8a4dbf50c635bee1302e3f099c"
        }
      ],
      "title": "Bluetooth: MGMT: Protect mgmt_pending list with its own lock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38117",
    "datePublished": "2025-07-03T08:35:25.060Z",
    "dateReserved": "2025-04-16T04:51:23.986Z",
    "dateUpdated": "2025-07-28T04:12:35.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:38:17.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/atm/clip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f493f31a63847624fd3199ac836a8bd8828e50e2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "125166347d5676466d368aadc0bbc31ee7714352",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5641019dfbaee5e85fe093b590f0451c9dd4d6f8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1579a2777cb914a249de22c789ba4d41b154509f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "024876b247a882972095b22087734dcd23396a4e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "df0312d8859763aa15b8b56ac151a1ea4a4e5b88",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c489f3283dbfc0f3c00c312149cae90d27552c45",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/atm/clip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.240",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.146",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.296",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.240",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.189",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.146",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.99",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.39",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix infinite recursive call of clip_push().\n\nsyzbot reported the splat below. [0]\n\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\n\nDuring the first call, clip_mkip() sets clip_push() to vcc-\u003epush(),\nand the second call copies it to clip_vcc-\u003eold_push().\n\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc-\u003eold_push(),\ntriggering the infinite recursion.\n\nLet\u0027s prevent the second ioctl(ATMARP_MKIP) by checking\nvcc-\u003euser_back, which is allocated by the first call as clip_vcc.\n\nNote also that we use lock_sock() to prevent racy calls.\n\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 \u003c41\u003e 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS:  000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n...\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n vcc_destroy_socket net/atm/common.c:183 [inline]\n vcc_release+0x157/0x460 net/atm/common.c:205\n __sock_release net/socket.c:647 [inline]\n sock_close+0xc0/0x240 net/socket.c:1391\n __fput+0x449/0xa70 fs/file_table.c:465\n task_work_run+0x1d1/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\n exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\n do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n \u003c/TASK\u003e\nModules linked in:"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:22:59.776Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352"
        },
        {
          "url": "https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31"
        },
        {
          "url": "https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88"
        },
        {
          "url": "https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45"
        }
      ],
      "title": "atm: clip: Fix infinite recursive call of clip_push().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38459",
    "datePublished": "2025-07-25T15:27:37.893Z",
    "dateReserved": "2025-04-16T04:51:24.019Z",
    "dateUpdated": "2025-11-03T17:38:17.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:44:22.015Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3858c44341ad49dc7544b19cc9f9ecffaa7cc50e",
              "status": "affected",
              "version": "a61ea561c87139992fe32afdee48a6f6b85d824a",
              "versionType": "git"
            },
            {
              "lessThan": "60d7a3d2b985a395318faa1d88da6915fad11c19",
              "status": "affected",
              "version": "a61ea561c87139992fe32afdee48a6f6b85d824a",
              "versionType": "git"
            },
            {
              "lessThan": "26d29b2ac87a2989071755f9828ebf839b560d4c",
              "status": "affected",
              "version": "a61ea561c87139992fe32afdee48a6f6b85d824a",
              "versionType": "git"
            },
            {
              "lessThan": "4e87f461d61959647464a94d11ae15c011be58ce",
              "status": "affected",
              "version": "a61ea561c87139992fe32afdee48a6f6b85d824a",
              "versionType": "git"
            },
            {
              "lessThan": "3260a3f0828e06f5f13fac69fb1999a6d60d9cff",
              "status": "affected",
              "version": "a61ea561c87139992fe32afdee48a6f6b85d824a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.153",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.107",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.48",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.8",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix use-after-free in state_show()\n\nstate_show() reads kdamond-\u003edamon_ctx without holding damon_sysfs_lock. \nThis allows a use-after-free race:\n\nCPU 0                         CPU 1\n-----                         -----\nstate_show()                  damon_sysfs_turn_damon_on()\nctx = kdamond-\u003edamon_ctx;     mutex_lock(\u0026damon_sysfs_lock);\n                              damon_destroy_ctx(kdamond-\u003edamon_ctx);\n                              kdamond-\u003edamon_ctx = NULL;\n                              mutex_unlock(\u0026damon_sysfs_lock);\ndamon_is_running(ctx);        /* ctx is freed */\nmutex_lock(\u0026ctx-\u003ekdamond_lock); /* UAF */\n\n(The race can also occur with damon_sysfs_kdamonds_rm_dirs() and\ndamon_sysfs_kdamond_release(), which free or replace the context under\ndamon_sysfs_lock.)\n\nFix by taking damon_sysfs_lock before dereferencing the context, mirroring\nthe locking used in pid_show().\n\nThe bug has existed since state_show() first accessed kdamond-\u003edamon_ctx."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T06:01:35.845Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3858c44341ad49dc7544b19cc9f9ecffaa7cc50e"
        },
        {
          "url": "https://git.kernel.org/stable/c/60d7a3d2b985a395318faa1d88da6915fad11c19"
        },
        {
          "url": "https://git.kernel.org/stable/c/26d29b2ac87a2989071755f9828ebf839b560d4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e87f461d61959647464a94d11ae15c011be58ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/3260a3f0828e06f5f13fac69fb1999a6d60d9cff"
        }
      ],
      "title": "mm/damon/sysfs: fix use-after-free in state_show()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39877",
    "datePublished": "2025-09-23T06:00:48.317Z",
    "dateReserved": "2025-04-16T07:20:57.144Z",
    "dateUpdated": "2025-11-03T17:44:22.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:39:12.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/free-space-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7c77df23324f60bcff0ea44392e2c82e9486640c",
              "status": "affected",
              "version": "1c56ab991903dce60e905a08f431c0e6f79b9b9e",
              "versionType": "git"
            },
            {
              "lessThan": "f4428b2d4c68732653e93f748f538bdee639ff80",
              "status": "affected",
              "version": "1c56ab991903dce60e905a08f431c0e6f79b9b9e",
              "versionType": "git"
            },
            {
              "lessThan": "0bcc14f36c7ad37121cf5c0ae18cdde5bfad9c4e",
              "status": "affected",
              "version": "1c56ab991903dce60e905a08f431c0e6f79b9b9e",
              "versionType": "git"
            },
            {
              "lessThan": "6bbe6530b1db7b4365ce9e86144c18c5d73b2c5b",
              "status": "affected",
              "version": "1c56ab991903dce60e905a08f431c0e6f79b9b9e",
              "versionType": "git"
            },
            {
              "lessThan": "1961d20f6fa8903266ed9bd77c691924c22c8f02",
              "status": "affected",
              "version": "1c56ab991903dce60e905a08f431c0e6f79b9b9e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "dc74beca1672adf3874e6cb6c26917139e2faf01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/free-space-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.146",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.146",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.99",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.39",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.7",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.0.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion when building free space tree\n\nWhen building the free space tree with the block group tree feature\nenabled, we can hit an assertion failure like this:\n\n  BTRFS info (device loop0 state M): rebuilding free space tree\n  assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102\n  ------------[ cut here ]------------\n  kernel BUG at fs/btrfs/free-space-tree.c:1102!\n  Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP\n  Modules linked in:\n  CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n  pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n  lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n  sp : ffff8000a4ce7600\n  x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8\n  x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001\n  x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160\n  x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff\n  x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0\n  x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff\n  x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00\n  x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001\n  x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0\n  x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e\n  Call trace:\n   populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P)\n   btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337\n   btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074\n   btrfs_remount_rw fs/btrfs/super.c:1319 [inline]\n   btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543\n   reconfigure_super+0x1d4/0x6f0 fs/super.c:1083\n   do_remount fs/namespace.c:3365 [inline]\n   path_mount+0xb34/0xde0 fs/namespace.c:4200\n   do_mount fs/namespace.c:4221 [inline]\n   __do_sys_mount fs/namespace.c:4432 [inline]\n   __se_sys_mount fs/namespace.c:4409 [inline]\n   __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n   el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n   el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n   el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n  Code: f0047182 91178042 528089c3 9771d47b (d4210000)\n  ---[ end trace 0000000000000000 ]---\n\nThis happens because we are processing an empty block group, which has\nno extents allocated from it, there are no items for this block group,\nincluding the block group item since block group items are stored in a\ndedicated tree when using the block group tree feature. It also means\nthis is the block group with the highest start offset, so there are no\nhigher keys in the extent root, hence btrfs_search_slot_for_read()\nreturns 1 (no higher key found).\n\nFix this by asserting \u0027ret\u0027 is 0 only if the block group tree feature\nis not enabled, in which case we should find a block group item for\nthe block group since it\u0027s stored in the extent root and block group\nitem keys are greater than extent item keys (the value for\nBTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and\nBTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively).\nIn case \u0027ret\u0027 is 1, we just need to add a record to the free space\ntree which spans the whole block group, and we can achieve this by\nmaking \u0027ret == 0\u0027 as the while loop\u0027s condition."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:30:44.208Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7c77df23324f60bcff0ea44392e2c82e9486640c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4428b2d4c68732653e93f748f538bdee639ff80"
        },
        {
          "url": "https://git.kernel.org/stable/c/0bcc14f36c7ad37121cf5c0ae18cdde5bfad9c4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6bbe6530b1db7b4365ce9e86144c18c5d73b2c5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1961d20f6fa8903266ed9bd77c691924c22c8f02"
        }
      ],
      "title": "btrfs: fix assertion when building free space tree",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38503",
    "datePublished": "2025-08-16T10:54:41.004Z",
    "dateReserved": "2025-04-16T04:51:24.022Z",
    "dateUpdated": "2026-01-02T15:30:44.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-hyperv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a7902cc5f5b9c95997017c8e309da760fb1deb6e",
              "status": "affected",
              "version": "542f25a94471570e2594be5b422b9ca572cf88a1",
              "versionType": "git"
            },
            {
              "lessThan": "5f151364b1da6bd217632fd4ee8cc24eaf66a497",
              "status": "affected",
              "version": "542f25a94471570e2594be5b422b9ca572cf88a1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-hyperv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.5",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n                 from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n    inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n  583 |    __write_overflow_field(p_size_field, size);\n      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-04T15:16:59.091Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a7902cc5f5b9c95997017c8e309da760fb1deb6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f151364b1da6bd217632fd4ee8cc24eaf66a497"
        }
      ],
      "title": "HID: hyperv: avoid struct memcpy overrun warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53553",
    "datePublished": "2025-10-04T15:16:59.091Z",
    "dateReserved": "2025-10-04T15:14:15.922Z",
    "dateUpdated": "2025-10-04T15:16:59.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:35:50.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfssvc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "deaeb74ae9318252829c59a84a7d2316fc335660",
              "status": "affected",
              "version": "a4bc287943f5695209ff36bdc89f17b48d68fae7",
              "versionType": "git"
            },
            {
              "lessThan": "0fccf5f01ed28725cc313a66ca1247eef911d55e",
              "status": "affected",
              "version": "f4e44b393389c77958f7c58bf4415032b4cda15b",
              "versionType": "git"
            },
            {
              "lessThan": "a97668ec6d73dab237cd1c15efe012a10090a4ed",
              "status": "affected",
              "version": "f4e44b393389c77958f7c58bf4415032b4cda15b",
              "versionType": "git"
            },
            {
              "lessThan": "5060e1a5fef184bd11d298e3f0ee920d96a23236",
              "status": "affected",
              "version": "f4e44b393389c77958f7c58bf4415032b4cda15b",
              "versionType": "git"
            },
            {
              "lessThan": "d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0",
              "status": "affected",
              "version": "f4e44b393389c77958f7c58bf4415032b4cda15b",
              "versionType": "git"
            },
            {
              "lessThan": "83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64",
              "status": "affected",
              "version": "f4e44b393389c77958f7c58bf4415032b4cda15b",
              "versionType": "git"
            },
            {
              "lessThan": "b31da62889e6d610114d81dc7a6edbcaa503fcf8",
              "status": "affected",
              "version": "f4e44b393389c77958f7c58bf4415032b4cda15b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfssvc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "5.10.220",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.95",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.35",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.4",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:15:46.499Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236"
        },
        {
          "url": "https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64"
        },
        {
          "url": "https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8"
        }
      ],
      "title": "nfsd: Initialize ssc before laundromat_work to prevent NULL dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38231",
    "datePublished": "2025-07-04T13:37:44.978Z",
    "dateReserved": "2025-04-16T04:51:23.996Z",
    "dateUpdated": "2025-11-03T17:35:50.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:36:53.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/acpica/dsutils.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4fa430a8bca708c7776f6b9d001257f48b19a5b7",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            },
            {
              "lessThan": "1c0d9115a001979cb446ba5e8331dd1d29a10bbf",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            },
            {
              "lessThan": "5a68893b594ee6ce0efce5f74c07e64e9dd0c2c4",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            },
            {
              "lessThan": "64c4bcf0308dd1d752ef31d560040b8725e29984",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            },
            {
              "lessThan": "755a8006b76792922ff7b1c9674d8897a476b5d7",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            },
            {
              "lessThan": "76d37168155880f2b04a0aad92ceb0f9d799950e",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            },
            {
              "lessThan": "e0783910ca4368b01466bc8dcdcc13c3e0b7db53",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            },
            {
              "lessThan": "156fd20a41e776bbf334bd5e45c4f78dfc90ce1c",
              "status": "affected",
              "version": "773069d48030e670cf2032a13ddf16a2e0034df3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/acpica/dsutils.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.295",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.95",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.35",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.4",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[    0.585957] ACPI: Added _OSI(Module Device)\n\u003e[    0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[    0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[    0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[    0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[    0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[    0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[    0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[    0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[    0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[    0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[    0.609177] Call Trace:\n\u003e[    0.610063]  ? dump_stack+0x5c/0x81\n\u003e[    0.611118]  ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[    0.612632]  ? acpi_sleep_proc_init+0x27/0x27\n\u003e[    0.613906]  ? acpi_os_delete_cache+0xa/0x10\n\u003e[    0.617986]  ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[    0.619293]  ? acpi_terminate+0xa/0x14\n\u003e[    0.620394]  ? acpi_init+0x2af/0x34f\n\u003e[    0.621616]  ? __class_create+0x4c/0x80\n\u003e[    0.623412]  ? video_setup+0x7f/0x7f\n\u003e[    0.624585]  ? acpi_sleep_proc_init+0x27/0x27\n\u003e[    0.625861]  ? do_one_initcall+0x4e/0x1a0\n\u003e[    0.627513]  ? kernel_init_freeable+0x19e/0x21f\n\u003e[    0.628972]  ? rest_init+0x80/0x80\n\u003e[    0.630043]  ? kernel_init+0xa/0x100\n\u003e[    0.631084]  ? ret_from_fork+0x25/0x30\n\u003e[    0.633343] vgaarb: loaded\n\u003e[    0.635036] EDAC MC: Ver: 3.0.0\n\u003e[    0.638601] PCI: Probing PCI hardware\n\u003e[    0.639833] PCI host bridge to bus 0000:00\n\u003e[    0.641031] pci_bus 0000:00: root bus resource [io  0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:30:28.081Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4fa430a8bca708c7776f6b9d001257f48b19a5b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c0d9115a001979cb446ba5e8331dd1d29a10bbf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a68893b594ee6ce0efce5f74c07e64e9dd0c2c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/64c4bcf0308dd1d752ef31d560040b8725e29984"
        },
        {
          "url": "https://git.kernel.org/stable/c/755a8006b76792922ff7b1c9674d8897a476b5d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/76d37168155880f2b04a0aad92ceb0f9d799950e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0783910ca4368b01466bc8dcdcc13c3e0b7db53"
        },
        {
          "url": "https://git.kernel.org/stable/c/156fd20a41e776bbf334bd5e45c4f78dfc90ce1c"
        }
      ],
      "title": "ACPICA: fix acpi operand cache leak in dswstate.c",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38345",
    "datePublished": "2025-07-10T08:15:13.652Z",
    "dateReserved": "2025-04-16T04:51:24.006Z",
    "dateUpdated": "2026-01-02T15:30:28.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a4d634ded4d3d400f115d84f654f316f249531c9",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            },
            {
              "lessThan": "1492e3dcb2be3aa46d1963da96aa9593e4e4db5a",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: remove refcounting in expectation dumpers\n\nSame pattern as previous patch: do not keep the expectation object\nalive via refcount, only store a cookie value and then use that\nas the skip hint for dump resumption.\n\nAFAICS this has the same issue as the one resolved in the conntrack\ndumper, when we do\n  if (!refcount_inc_not_zero(\u0026exp-\u003euse))\n\nto increment the refcount, there is a chance that exp == last, which\ncauses a double-increment of the refcount and subsequent memory leak."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:58:56.459Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a4d634ded4d3d400f115d84f654f316f249531c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1492e3dcb2be3aa46d1963da96aa9593e4e4db5a"
        }
      ],
      "title": "netfilter: ctnetlink: remove refcounting in expectation dumpers",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39764",
    "datePublished": "2025-09-11T16:52:32.060Z",
    "dateReserved": "2025-04-16T07:20:57.126Z",
    "dateUpdated": "2025-09-29T05:58:56.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a11b6ee7cab87c4d75e95ac9e7443155f7cecb55",
              "status": "affected",
              "version": "3581b7062cec5a40b54acbd0dc28321d3aaa9fc7",
              "versionType": "git"
            },
            {
              "lessThan": "c62963370627f3aa22d991e0a3e93f5d61ad9b08",
              "status": "affected",
              "version": "3581b7062cec5a40b54acbd0dc28321d3aaa9fc7",
              "versionType": "git"
            },
            {
              "lessThan": "3d470cf40c9265092eb33c3d3d9dc8bad452bcc2",
              "status": "affected",
              "version": "3581b7062cec5a40b54acbd0dc28321d3aaa9fc7",
              "versionType": "git"
            },
            {
              "lessThan": "e52bbaa209ebff3bf7a10c17ba7d3e1d3cb0fe61",
              "status": "affected",
              "version": "3581b7062cec5a40b54acbd0dc28321d3aaa9fc7",
              "versionType": "git"
            },
            {
              "lessThan": "f7fa8520f30373ce99c436c4d57c76befdacbef3",
              "status": "affected",
              "version": "3581b7062cec5a40b54acbd0dc28321d3aaa9fc7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.43",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.11",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-qcom: Add SM6115 MDSS compatible\n\nAdd the SM6115 MDSS compatible to clients compatible list, as it also\nneeds that workaround.\nWithout this workaround, for example, QRB4210 RB2 which is based on\nSM4250/SM6115 generates a lot of smmu unhandled context faults during\nboot:\n\narm_smmu_context_fault: 116854 callbacks suppressed\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR    = 00000402 [Format=2 TF], SID=0x420\narm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1]\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR    = 00000402 [Format=2 TF], SID=0x420\n\nand also failed initialisation of lontium lt9611uxc, gpu and dpu is\nobserved:\n(binding MDSS components triggered by lt9611uxc have failed)\n\n ------------[ cut here ]------------\n !aspace\n WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm]\n Modules linked in: ... (long list of modules)\n CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT\n Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT)\n pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : msm_gem_vma_init+0x150/0x18c [msm]\n lr : msm_gem_vma_init+0x150/0x18c [msm]\n sp : ffff80008144b280\n  \t\t...\n Call trace:\n  msm_gem_vma_init+0x150/0x18c [msm] (P)\n  get_vma_locked+0xc0/0x194 [msm]\n  msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm]\n  msm_gem_kernel_new+0x48/0x160 [msm]\n  msm_gpu_init+0x34c/0x53c [msm]\n  adreno_gpu_init+0x1b0/0x2d8 [msm]\n  a6xx_gpu_init+0x1e8/0x9e0 [msm]\n  adreno_bind+0x2b8/0x348 [msm]\n  component_bind_all+0x100/0x230\n  msm_drm_bind+0x13c/0x3d0 [msm]\n  try_to_bring_up_aggregate_device+0x164/0x1d0\n  __component_add+0xa4/0x174\n  component_add+0x14/0x20\n  dsi_dev_attach+0x20/0x34 [msm]\n  dsi_host_attach+0x58/0x98 [msm]\n  devm_mipi_dsi_attach+0x34/0x90\n  lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc]\n  lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc]\n  i2c_device_probe+0x148/0x2a8\n  really_probe+0xbc/0x2c0\n  __driver_probe_device+0x78/0x120\n  driver_probe_device+0x3c/0x154\n  __driver_attach+0x90/0x1a0\n  bus_for_each_dev+0x68/0xb8\n  driver_attach+0x24/0x30\n  bus_add_driver+0xe4/0x208\n  driver_register+0x68/0x124\n  i2c_register_driver+0x48/0xcc\n  lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc]\n  do_one_initcall+0x60/0x1d4\n  do_init_module+0x54/0x1fc\n  load_module+0x1748/0x1c8c\n  init_module_from_file+0x74/0xa0\n  __arm64_sys_finit_module+0x130/0x2f8\n  invoke_syscall+0x48/0x104\n  el0_svc_common.constprop.0+0xc0/0xe0\n  do_el0_svc+0x1c/0x28\n  el0_svc+0x2c/0x80\n  el0t_64_sync_handler+0x10c/0x138\n  el0t_64_sync+0x198/0x19c\n ---[ end trace 0000000000000000 ]---\n msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22\n msm_dpu 5e01000.display-controller: failed to load adreno gpu\n platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19\n msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22\n msm_dpu 5e01000.display-controller: adev bind failed: -22\n lt9611uxc 0-002b: failed to attach dsi to host\n lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:58:25.752Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a11b6ee7cab87c4d75e95ac9e7443155f7cecb55"
        },
        {
          "url": "https://git.kernel.org/stable/c/c62963370627f3aa22d991e0a3e93f5d61ad9b08"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d470cf40c9265092eb33c3d3d9dc8bad452bcc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/e52bbaa209ebff3bf7a10c17ba7d3e1d3cb0fe61"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7fa8520f30373ce99c436c4d57c76befdacbef3"
        }
      ],
      "title": "iommu/arm-smmu-qcom: Add SM6115 MDSS compatible",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39739",
    "datePublished": "2025-09-11T16:52:13.954Z",
    "dateReserved": "2025-04-16T07:20:57.120Z",
    "dateUpdated": "2025-09-29T05:58:25.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/mm/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a4284246fca2ef482a8fcf5ad7d2c33a45b41e9c",
              "status": "affected",
              "version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
              "versionType": "git"
            },
            {
              "lessThan": "0a1b80ff4f721c4be98707bfe9d20238df133eb8",
              "status": "affected",
              "version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
              "versionType": "git"
            },
            {
              "lessThan": "ba11f4e59509538810e5c44578fc73984acdf1d7",
              "status": "affected",
              "version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
              "versionType": "git"
            },
            {
              "lessThan": "85fadc0d04119c2fe4a20287767ab904c6d21ba1",
              "status": "affected",
              "version": "671f9a3e2e24cdeb2d2856abee7422f093e23e29",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/mm/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.39",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[    0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[    0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[    0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[    0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[    0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[    0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[    0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[    0.000000] Oops [#1]\n[    0.000000] Modules linked in:\n[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[    0.000000] Hardware name: riscv-virtio,qemu (DT)\n[    0.000000] epc : __memcpy+0x60/0xf8\n[    0.000000]  ra : memblock_double_array+0x192/0x248\n[    0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[    0.000000]  gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[    0.000000]  t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[    0.000000]  s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[    0.000000]  a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[    0.000000]  a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[    0.000000]  s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[    0.000000]  s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[    0.000000]  s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[    0.000000]  s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[    0.000000]  t5 : 000000008f003000 t6 : ff600000ffffd000\n[    0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[    0.000000] [\u003cfff\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T13:23:38.981Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a4284246fca2ef482a8fcf5ad7d2c33a45b41e9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a1b80ff4f721c4be98707bfe9d20238df133eb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba11f4e59509538810e5c44578fc73984acdf1d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/85fadc0d04119c2fe4a20287767ab904c6d21ba1"
        }
      ],
      "title": "riscv: move memblock_allow_resize() after linear mapping is ready",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53699",
    "datePublished": "2025-10-22T13:23:38.981Z",
    "dateReserved": "2025-10-22T13:21:37.345Z",
    "dateUpdated": "2025-10-22T13:23:38.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/u_serial.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c5360eec648bd506afa304ae4a71f82e13d41897",
              "status": "affected",
              "version": "aba3a8d01d623a5efef48ab8e78752d58d4c90c3",
              "versionType": "git"
            },
            {
              "lessThan": "3b24c980dc07be4550a9d1450ed7057f882530e5",
              "status": "affected",
              "version": "aba3a8d01d623a5efef48ab8e78752d58d4c90c3",
              "versionType": "git"
            },
            {
              "lessThan": "ec357cd3e8af614855d286dd378725cdc7264df6",
              "status": "affected",
              "version": "aba3a8d01d623a5efef48ab8e78752d58d4c90c3",
              "versionType": "git"
            },
            {
              "lessThan": "44e004f757a7ae13dfebaadbcfdb1a6f98c10377",
              "status": "affected",
              "version": "aba3a8d01d623a5efef48ab8e78752d58d4c90c3",
              "versionType": "git"
            },
            {
              "lessThan": "5ec63fdbca604568890c577753c6f66c5b3ef0b5",
              "status": "affected",
              "version": "aba3a8d01d623a5efef48ab8e78752d58d4c90c3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/u_serial.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.171",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.171",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.97",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.15",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.2",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Add null pointer check in gserial_resume\n\nConsider a case where gserial_disconnect has already cleared\ngser-\u003eioport. And if a wakeup interrupt triggers afterwards,\ngserial_resume gets called, which will lead to accessing of\ngser-\u003eioport and thus causing null pointer dereference.Add\na null pointer check to prevent this.\n\nAdded a static spinlock to prevent gser-\u003eioport from becoming\nnull after the newly added check."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-04T15:16:57.736Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c5360eec648bd506afa304ae4a71f82e13d41897"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b24c980dc07be4550a9d1450ed7057f882530e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec357cd3e8af614855d286dd378725cdc7264df6"
        },
        {
          "url": "https://git.kernel.org/stable/c/44e004f757a7ae13dfebaadbcfdb1a6f98c10377"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ec63fdbca604568890c577753c6f66c5b3ef0b5"
        }
      ],
      "title": "usb: gadget: u_serial: Add null pointer check in gserial_resume",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53551",
    "datePublished": "2025-10-04T15:16:57.736Z",
    "dateReserved": "2025-10-04T15:14:15.922Z",
    "dateUpdated": "2025-10-04T15:16:57.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:46.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/generic.c",
            "fs/proc/inode.c",
            "fs/proc/internal.h",
            "include/linux/proc_fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c35b0feb80b48720dfbbf4e33759c7be3faaebb6",
              "status": "affected",
              "version": "3f61631d47f115b83c935d0039f95cb68b0c8ab7",
              "versionType": "git"
            },
            {
              "lessThan": "33c778ea0bd0fa62ff590497e72562ff90f82b13",
              "status": "affected",
              "version": "3f61631d47f115b83c935d0039f95cb68b0c8ab7",
              "versionType": "git"
            },
            {
              "lessThan": "fc1072d934f687e1221d685cf1a49a5068318f34",
              "status": "affected",
              "version": "3f61631d47f115b83c935d0039f95cb68b0c8ab7",
              "versionType": "git"
            },
            {
              "lessThan": "d136502e04d8853a9aecb335d07bbefd7a1519a8",
              "status": "affected",
              "version": "3f61631d47f115b83c935d0039f95cb68b0c8ab7",
              "versionType": "git"
            },
            {
              "lessThan": "1fccbfbae1dd36198dc47feac696563244ad81d3",
              "status": "affected",
              "version": "3f61631d47f115b83c935d0039f95cb68b0c8ab7",
              "versionType": "git"
            },
            {
              "lessThan": "ff7ec8dc1b646296f8d94c39339e8d3833d16c05",
              "status": "affected",
              "version": "3f61631d47f115b83c935d0039f95cb68b0c8ab7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/generic.c",
            "fs/proc/inode.c",
            "fs/proc/internal.h",
            "include/linux/proc_fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\").  Followed by AI Viro\u0027s suggestion, fix it in same\nmanner."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:55:34.510Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c35b0feb80b48720dfbbf4e33759c7be3faaebb6"
        },
        {
          "url": "https://git.kernel.org/stable/c/33c778ea0bd0fa62ff590497e72562ff90f82b13"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc1072d934f687e1221d685cf1a49a5068318f34"
        },
        {
          "url": "https://git.kernel.org/stable/c/d136502e04d8853a9aecb335d07bbefd7a1519a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fccbfbae1dd36198dc47feac696563244ad81d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff7ec8dc1b646296f8d94c39339e8d3833d16c05"
        }
      ],
      "title": "proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38653",
    "datePublished": "2025-08-22T16:00:57.413Z",
    "dateReserved": "2025-04-16T04:51:24.030Z",
    "dateUpdated": "2025-11-03T17:40:46.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/virtio_net.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "892f6ed9a4a38bb3360fdff091b9241cfa105b61",
              "status": "affected",
              "version": "a4e7ba7027012f009f22a68bcfde670f9298d3a4",
              "versionType": "git"
            },
            {
              "lessThan": "6013bb6bc24c2cac3f45b37a15b71b232a5b00ff",
              "status": "affected",
              "version": "a4e7ba7027012f009f22a68bcfde670f9298d3a4",
              "versionType": "git"
            },
            {
              "lessThan": "5177373c31318c3c6a190383bfd232e6cf565c36",
              "status": "affected",
              "version": "a4e7ba7027012f009f22a68bcfde670f9298d3a4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/virtio_net.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.37",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.6",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: xsk: rx: fix the frame\u0027s length check\n\nWhen calling buf_to_xdp, the len argument is the frame data\u0027s length\nwithout virtio header\u0027s length (vi-\u003ehdr_len). We check that len with\n\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nto ensure the provided len does not larger than the allocated chunk\nsize. The additional vi-\u003ehdr_len is because in virtnet_add_recvbuf_xsk,\nwe use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost\nto start placing data from\n\n\thard_start + XDP_PACKET_HEADROOM - vi-\u003ehdr_len\nnot\n\thard_start + XDP_PACKET_HEADROOM\n\nBut the first buffer has virtio_header, so the maximum frame\u0027s length in\nthe first buffer can only be\n\n\txsk_pool_get_rx_frame_size()\nnot\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nlike in the current check.\n\nThis commit adds an additional argument to buf_to_xdp differentiate\nbetween the first buffer and other ones to correctly calculate the maximum\nframe\u0027s length."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:21:26.450Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/892f6ed9a4a38bb3360fdff091b9241cfa105b61"
        },
        {
          "url": "https://git.kernel.org/stable/c/6013bb6bc24c2cac3f45b37a15b71b232a5b00ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/5177373c31318c3c6a190383bfd232e6cf565c36"
        }
      ],
      "title": "virtio-net: xsk: rx: fix the frame\u0027s length check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38413",
    "datePublished": "2025-07-25T13:20:17.394Z",
    "dateReserved": "2025-04-16T04:51:24.013Z",
    "dateUpdated": "2025-07-28T04:21:26.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/atheros/alx/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6f1991a940b90753b34570f093a21dba366e8cc0",
              "status": "affected",
              "version": "4a5fe57e775188be96359a1934501be45fe5f705",
              "versionType": "git"
            },
            {
              "lessThan": "a845a0c4bdece2c0073ecea2fca7c4d5f0550f78",
              "status": "affected",
              "version": "4a5fe57e775188be96359a1934501be45fe5f705",
              "versionType": "git"
            },
            {
              "lessThan": "c0323c0fd07804d5874699e93f935cda0d989c67",
              "status": "affected",
              "version": "4a5fe57e775188be96359a1934501be45fe5f705",
              "versionType": "git"
            },
            {
              "lessThan": "6ad1c94e1e7e374d88f0cfd77936dddb8339aaba",
              "status": "affected",
              "version": "4a5fe57e775188be96359a1934501be45fe5f705",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/atheros/alx/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: alx: take rtnl_lock on resume\n\nZbynek reports that alx trips an rtnl assertion on resume:\n\n RTNL: assertion failed at net/core/dev.c (2891)\n RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0\n Call Trace:\n  \u003cTASK\u003e\n  __alx_open+0x230/0x570 [alx]\n  alx_resume+0x54/0x80 [alx]\n  ? pci_legacy_resume+0x80/0x80\n  dpm_run_callback+0x4a/0x150\n  device_resume+0x8b/0x190\n  async_resume+0x19/0x30\n  async_run_entry_fn+0x30/0x130\n  process_one_work+0x1e5/0x3b0\n\nindeed the driver does not hold rtnl_lock during its internal close\nand re-open functions during suspend/resume. Note that this is not\na huge bug as the driver implements its own locking, and does not\nimplement changing the number of queues, but we need to silence\nthe splat."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-04T15:43:49.383Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6f1991a940b90753b34570f093a21dba366e8cc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a845a0c4bdece2c0073ecea2fca7c4d5f0550f78"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0323c0fd07804d5874699e93f935cda0d989c67"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ad1c94e1e7e374d88f0cfd77936dddb8339aaba"
        }
      ],
      "title": "eth: alx: take rtnl_lock on resume",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50498",
    "datePublished": "2025-10-04T15:43:49.383Z",
    "dateReserved": "2025-10-04T15:39:19.464Z",
    "dateUpdated": "2025-10-04T15:43:49.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3decf3a750a924362bf4e2680dd3b07242fe56e8",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "c1420276be7a98df0074584bb9c1709cbc1a9df5",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "823787470e320f90372c3ef506769520026c571f",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "2a179117a3b29e7136e4045c57090a05bb97f373",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "71e1f44077db83e205db70a684c1f2c5d2247174",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "c5123c193696bf97fdf259c825ebfac517b54e44",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "8b229ada2669b74fdae06c83fbfda5a5a99fc253",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.243",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.243",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.180",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.112",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.29",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.16",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.3",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend\n\nsdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini,\ndriver unconditionally disables ecc_irq which is only enabled on\nthose asics enabling sdma ecc. This will introduce a warning in\nsuspend cycle on those chips with sdma ip v4.0, while without\nsdma ecc. So this patch correct this.\n\n[ 7283.166354] RIP: 0010:amdgpu_irq_put+0x45/0x70 [amdgpu]\n[ 7283.167001] RSP: 0018:ffff9a5fc3967d08 EFLAGS: 00010246\n[ 7283.167019] RAX: ffff98d88afd3770 RBX: 0000000000000001 RCX: 0000000000000000\n[ 7283.167023] RDX: 0000000000000000 RSI: ffff98d89da30390 RDI: ffff98d89da20000\n[ 7283.167025] RBP: ffff98d89da20000 R08: 0000000000036838 R09: 0000000000000006\n[ 7283.167028] R10: ffffd5764243c008 R11: 0000000000000000 R12: ffff98d89da30390\n[ 7283.167030] R13: ffff98d89da38978 R14: ffffffff999ae15a R15: ffff98d880130105\n[ 7283.167032] FS:  0000000000000000(0000) GS:ffff98d996f00000(0000) knlGS:0000000000000000\n[ 7283.167036] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7283.167039] CR2: 00000000f7a9d178 CR3: 00000001c42ea000 CR4: 00000000003506e0\n[ 7283.167041] Call Trace:\n[ 7283.167046]  \u003cTASK\u003e\n[ 7283.167048]  sdma_v4_0_hw_fini+0x38/0xa0 [amdgpu]\n[ 7283.167704]  amdgpu_device_ip_suspend_phase2+0x101/0x1a0 [amdgpu]\n[ 7283.168296]  amdgpu_device_suspend+0x103/0x180 [amdgpu]\n[ 7283.168875]  amdgpu_pmops_freeze+0x21/0x60 [amdgpu]\n[ 7283.169464]  pci_pm_freeze+0x54/0xc0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-20T08:51:12.751Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3decf3a750a924362bf4e2680dd3b07242fe56e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1420276be7a98df0074584bb9c1709cbc1a9df5"
        },
        {
          "url": "https://git.kernel.org/stable/c/823787470e320f90372c3ef506769520026c571f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a179117a3b29e7136e4045c57090a05bb97f373"
        },
        {
          "url": "https://git.kernel.org/stable/c/71e1f44077db83e205db70a684c1f2c5d2247174"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5123c193696bf97fdf259c825ebfac517b54e44"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b229ada2669b74fdae06c83fbfda5a5a99fc253"
        }
      ],
      "title": "drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53723",
    "datePublished": "2025-10-22T13:23:53.900Z",
    "dateReserved": "2025-10-22T13:21:37.348Z",
    "dateUpdated": "2025-12-20T08:51:12.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-mvebu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b19e90521286a03bc3793fd598f20277a8f99c85",
              "status": "affected",
              "version": "812d47889a8e418d7bea9bec383581a34c19183e",
              "versionType": "git"
            },
            {
              "lessThan": "44e2afbf650f3264519643fcc9e6b4d2f6e8d547",
              "status": "affected",
              "version": "812d47889a8e418d7bea9bec383581a34c19183e",
              "versionType": "git"
            },
            {
              "lessThan": "d9b791d8362359d241b4e8f4b4767c681ffdb6ef",
              "status": "affected",
              "version": "812d47889a8e418d7bea9bec383581a34c19183e",
              "versionType": "git"
            },
            {
              "lessThan": "644ee70267a934be27370f9aa618b29af7290544",
              "status": "affected",
              "version": "812d47889a8e418d7bea9bec383581a34c19183e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f0cde54863da281cec1ed85497b4ec58d29c1460",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7a9239fd04802ee6ddf82d211cff3ee7df9c473a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-mvebu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.124",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.43",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.8",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.40",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.8.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-K\u00f6nig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-04T15:17:18.040Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b19e90521286a03bc3793fd598f20277a8f99c85"
        },
        {
          "url": "https://git.kernel.org/stable/c/44e2afbf650f3264519643fcc9e6b4d2f6e8d547"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9b791d8362359d241b4e8f4b4767c681ffdb6ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/644ee70267a934be27370f9aa618b29af7290544"
        }
      ],
      "title": "gpio: mvebu: fix irq domain leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53579",
    "datePublished": "2025-10-04T15:17:18.040Z",
    "dateReserved": "2025-10-04T15:14:15.926Z",
    "dateUpdated": "2025-10-04T15:17:18.040Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:37:42.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/msm_gem_submit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "00b3401f692082ddf6342500d1be25560bba46d4",
              "status": "affected",
              "version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
              "versionType": "git"
            },
            {
              "lessThan": "c40ad1c04d306f7fde26337fdcf8a5979657d93f",
              "status": "affected",
              "version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
              "versionType": "git"
            },
            {
              "lessThan": "3f6ce8433a9035b0aa810e1f5b708e9dc1c367b0",
              "status": "affected",
              "version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
              "versionType": "git"
            },
            {
              "lessThan": "30d3819b0b9173e31b84d662a592af8bad351427",
              "status": "affected",
              "version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
              "versionType": "git"
            },
            {
              "lessThan": "f681c2aa8676a890eacc84044717ab0fd26e058f",
              "status": "affected",
              "version": "0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/msm_gem_submit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.144",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.144",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.97",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.37",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.6",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install().  So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T11:16:53.177Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/00b3401f692082ddf6342500d1be25560bba46d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c40ad1c04d306f7fde26337fdcf8a5979657d93f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f6ce8433a9035b0aa810e1f5b708e9dc1c367b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/30d3819b0b9173e31b84d662a592af8bad351427"
        },
        {
          "url": "https://git.kernel.org/stable/c/f681c2aa8676a890eacc84044717ab0fd26e058f"
        }
      ],
      "title": "drm/msm: Fix another leak in the submit error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38409",
    "datePublished": "2025-07-25T13:20:14.229Z",
    "dateReserved": "2025-04-16T04:51:24.013Z",
    "dateUpdated": "2025-11-03T17:37:42.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:38:11.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/svm/sev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e0d9a7cf37ca09c513420dc88e0d0e805a4f0820",
              "status": "affected",
              "version": "b56639318bb2be66aceba92836279714488709b4",
              "versionType": "git"
            },
            {
              "lessThan": "8c8e8d4d7544bb783e15078eda8ba2580e192246",
              "status": "affected",
              "version": "b56639318bb2be66aceba92836279714488709b4",
              "versionType": "git"
            },
            {
              "lessThan": "fd044c99d831e9f837518816c7c366b04014d405",
              "status": "affected",
              "version": "b56639318bb2be66aceba92836279714488709b4",
              "versionType": "git"
            },
            {
              "lessThan": "b5725213149597cd9c2b075b87bc4e0f87e906c1",
              "status": "affected",
              "version": "b56639318bb2be66aceba92836279714488709b4",
              "versionType": "git"
            },
            {
              "lessThan": "ecf371f8b02d5e31b9aa1da7f159f1b2107bdb01",
              "status": "affected",
              "version": "b56639318bb2be66aceba92836279714488709b4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/svm/sev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.146",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.146",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.99",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.39",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.7",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus.  The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n  BUG: unable to handle page fault for address: ffffebde00000000\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n  CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G     U     O        6.15.0-smp-DEV #2 NONE\n  Tainted: [U]=USER, [O]=OOT_MODULE\n  Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n  RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n  RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n  RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n  RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n  RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n  Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n  RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n  RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n  RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n  RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n  R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n  R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n  FS:  0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n  DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n  Call Trace:\n   \u003cTASK\u003e\n   sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n   svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n   kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n   kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n   kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n   kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n   kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n   kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n   __fput+0x3e4/0x9e0 fs/file_table.c:465\n   task_work_run+0x1a9/0x220 kernel/task_work.c:227\n   exit_task_work include/linux/task_work.h:40 [inline]\n   do_exit+0x7f0/0x25b0 kernel/exit.c:953\n   do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n   get_signal+0x1357/0x1480 kernel/signal.c:3034\n   arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n   exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n   exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n   __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n   syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n   do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f87a898e969\n   \u003c/TASK\u003e\n  Modules linked in: gq(O)\n  gsmi: Log Shutdown Reason 0x03\n  CR2: ffffebde00000000\n  ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page.  Accessing P\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:22:48.515Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e0d9a7cf37ca09c513420dc88e0d0e805a4f0820"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c8e8d4d7544bb783e15078eda8ba2580e192246"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd044c99d831e9f837518816c7c366b04014d405"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5725213149597cd9c2b075b87bc4e0f87e906c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecf371f8b02d5e31b9aa1da7f159f1b2107bdb01"
        }
      ],
      "title": "KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38455",
    "datePublished": "2025-07-25T15:27:34.873Z",
    "dateReserved": "2025-04-16T04:51:24.018Z",
    "dateUpdated": "2025-11-03T17:38:11.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:43:13.756Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ddf1691f25345699296e642f0f59f2d464722fa3",
              "status": "affected",
              "version": "b3df5e65cc03696b0624a877d03a3ddf3ef43f52",
              "versionType": "git"
            },
            {
              "lessThan": "c950e1be3a24d021475b56efdb49daa7fbba63a9",
              "status": "affected",
              "version": "b3df5e65cc03696b0624a877d03a3ddf3ef43f52",
              "versionType": "git"
            },
            {
              "lessThan": "f93032e5d68f459601c701f6ab087b5feb3382e8",
              "status": "affected",
              "version": "b3df5e65cc03696b0624a877d03a3ddf3ef43f52",
              "versionType": "git"
            },
            {
              "lessThan": "a4f1b9c57092c48bdc7958abd23403ccaed437b2",
              "status": "affected",
              "version": "b3df5e65cc03696b0624a877d03a3ddf3ef43f52",
              "versionType": "git"
            },
            {
              "lessThan": "d3e774266c28aefab3e9db334fdf568f936cae04",
              "status": "affected",
              "version": "b3df5e65cc03696b0624a877d03a3ddf3ef43f52",
              "versionType": "git"
            },
            {
              "lessThan": "93a08f856fcc5aaeeecad01f71bef3088588216a",
              "status": "affected",
              "version": "b3df5e65cc03696b0624a877d03a3ddf3ef43f52",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.44",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hisilicon/hibmc: fix the hibmc loaded failed bug\n\nWhen hibmc loaded failed, the driver use hibmc_unload to free the\nresource, but the mutexes in mode.config are not init, which will\naccess an NULL pointer. Just change goto statement to return, because\nhibnc_hw_init() doesn\u0027t need to free anything."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:59:06.904Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ddf1691f25345699296e642f0f59f2d464722fa3"
        },
        {
          "url": "https://git.kernel.org/stable/c/c950e1be3a24d021475b56efdb49daa7fbba63a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/f93032e5d68f459601c701f6ab087b5feb3382e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4f1b9c57092c48bdc7958abd23403ccaed437b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3e774266c28aefab3e9db334fdf568f936cae04"
        },
        {
          "url": "https://git.kernel.org/stable/c/93a08f856fcc5aaeeecad01f71bef3088588216a"
        }
      ],
      "title": "drm/hisilicon/hibmc: fix the hibmc loaded failed bug",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39772",
    "datePublished": "2025-09-11T16:56:26.130Z",
    "dateReserved": "2025-04-16T07:20:57.128Z",
    "dateUpdated": "2025-11-03T17:43:13.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:34:59.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/marvell/cesa/cipher.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "32d3e8049a8b60f18c5c39f5931bfb1130ac11c9",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            },
            {
              "lessThan": "c064ae2881d839709bd72d484d5f2af157f46024",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            },
            {
              "lessThan": "e1cc69da619588b1488689fe3535a0ba75a2b0e7",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            },
            {
              "lessThan": "78ea1ff6cb413a03ff6f7af4e28e24b4461a0965",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            },
            {
              "lessThan": "5e9666ac8b94c978690f937d59170c5237bd2c45",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            },
            {
              "lessThan": "7894694b5d5b2ecfd7fb081d6f60b9e169ab4d13",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            },
            {
              "lessThan": "c9610dda42bd382a96f97e68825cb5f66cd9e1dc",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            },
            {
              "lessThan": "8a4e047c6cc07676f637608a9dd675349b5de0a7",
              "status": "affected",
              "version": "f63601fd616ab370774fa00ea10bcaaa9e48e84c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/marvell/cesa/cipher.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.295",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.94",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.34",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.3",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:14:15.078Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/32d3e8049a8b60f18c5c39f5931bfb1130ac11c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/c064ae2881d839709bd72d484d5f2af157f46024"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1cc69da619588b1488689fe3535a0ba75a2b0e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/78ea1ff6cb413a03ff6f7af4e28e24b4461a0965"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e9666ac8b94c978690f937d59170c5237bd2c45"
        },
        {
          "url": "https://git.kernel.org/stable/c/7894694b5d5b2ecfd7fb081d6f60b9e169ab4d13"
        },
        {
          "url": "https://git.kernel.org/stable/c/c9610dda42bd382a96f97e68825cb5f66cd9e1dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a4e047c6cc07676f637608a9dd675349b5de0a7"
        }
      ],
      "title": "crypto: marvell/cesa - Handle zero-length skcipher requests",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38173",
    "datePublished": "2025-07-03T08:36:10.969Z",
    "dateReserved": "2025-04-16T04:51:23.991Z",
    "dateUpdated": "2025-11-03T17:34:59.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/crypto.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb80f7618832d26f7e395f52f82b1dac76223e5f",
              "status": "affected",
              "version": "dd66df0053ef84add5e684df517aa9b498342381",
              "versionType": "git"
            },
            {
              "lessThan": "3145b2b11492d61c512bbc59660bb823bc757f48",
              "status": "affected",
              "version": "dd66df0053ef84add5e684df517aa9b498342381",
              "versionType": "git"
            },
            {
              "lessThan": "493479af8af3ab907f49e99323777d498a4fbd2b",
              "status": "affected",
              "version": "dd66df0053ef84add5e684df517aa9b498342381",
              "versionType": "git"
            },
            {
              "lessThan": "101841c38346f4ca41dc1802c867da990ffb32eb",
              "status": "affected",
              "version": "dd66df0053ef84add5e684df517aa9b498342381",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/crypto.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n[ceph] parse_longname(): strrchr() expects NUL-terminated string\n\n... and parse_longname() is not guaranteed that.  That\u0027s the reason\nwhy it uses kmemdup_nul() to build the argument for kstrtou64();\nthe problem is, kstrtou64() is not the only thing that need it.\n\nJust get a NUL-terminated copy of the entire thing and be done\nwith that..."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:55:44.132Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb80f7618832d26f7e395f52f82b1dac76223e5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3145b2b11492d61c512bbc59660bb823bc757f48"
        },
        {
          "url": "https://git.kernel.org/stable/c/493479af8af3ab907f49e99323777d498a4fbd2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/101841c38346f4ca41dc1802c867da990ffb32eb"
        }
      ],
      "title": "[ceph] parse_longname(): strrchr() expects NUL-terminated string",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38660",
    "datePublished": "2025-08-22T16:01:03.686Z",
    "dateReserved": "2025-04-16T04:51:24.031Z",
    "dateUpdated": "2025-09-29T05:55:44.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:37:57.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/misc/ims-pcu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c1b9d140b0807c6aee4bb53e1bfa4e391e3dc204",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            },
            {
              "lessThan": "d63706d9f73846106fde28b284f08e01b92ce9f1",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            },
            {
              "lessThan": "e5a2481dc2a0b430f49276d7482793a8923631d6",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            },
            {
              "lessThan": "8e03f1c7d50343bf21da54873301bc4fa647479f",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            },
            {
              "lessThan": "17474a56acf708bf6b2d174c06ed26abad0a9fd6",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            },
            {
              "lessThan": "5a8cd6ae8393e2eaebf51d420d5374821ef2af87",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            },
            {
              "lessThan": "74661516daee1eadebede8dc607b6830530096ec",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            },
            {
              "lessThan": "a95ef0199e80f3384eb992889322957d26c00102",
              "status": "affected",
              "version": "628329d52474323938a03826941e166bc7c8eff4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/misc/ims-pcu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.295",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.95",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.35",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.4",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check.  If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\""
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:21:53.615Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c1b9d140b0807c6aee4bb53e1bfa4e391e3dc204"
        },
        {
          "url": "https://git.kernel.org/stable/c/d63706d9f73846106fde28b284f08e01b92ce9f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5a2481dc2a0b430f49276d7482793a8923631d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e03f1c7d50343bf21da54873301bc4fa647479f"
        },
        {
          "url": "https://git.kernel.org/stable/c/17474a56acf708bf6b2d174c06ed26abad0a9fd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a8cd6ae8393e2eaebf51d420d5374821ef2af87"
        },
        {
          "url": "https://git.kernel.org/stable/c/74661516daee1eadebede8dc607b6830530096ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/a95ef0199e80f3384eb992889322957d26c00102"
        }
      ],
      "title": "Input: ims-pcu - check record size in ims_pcu_flash_firmware()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38428",
    "datePublished": "2025-07-25T14:16:48.019Z",
    "dateReserved": "2025-04-16T04:51:24.015Z",
    "dateUpdated": "2025-11-03T17:37:57.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/idpf/idpf_ethtool.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "018ff57fd79c38be989b8b3248bbe69bcfb77160",
              "status": "affected",
              "version": "02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bb",
              "versionType": "git"
            },
            {
              "lessThan": "326e384ee7acbebf0541ac064ac7a4dd1f1dde1d",
              "status": "affected",
              "version": "02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bb",
              "versionType": "git"
            },
            {
              "lessThan": "f77bf1ebf8ff6301ccdbc346f7b52db928f9cbf8",
              "status": "affected",
              "version": "02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/idpf/idpf_ethtool.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.37",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.6",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: return 0 size for RSS key if not supported\n\nReturning -EOPNOTSUPP from function returning u32 is leading to\ncast and invalid size value as a result.\n\n-EOPNOTSUPP as a size probably will lead to allocation fail.\n\nCommand: ethtool -x eth0\nIt is visible on all devices that don\u0027t have RSS caps set.\n\n[  136.615917] Call Trace:\n[  136.615921]  \u003cTASK\u003e\n[  136.615927]  ? __warn+0x89/0x130\n[  136.615942]  ? __alloc_frozen_pages_noprof+0x322/0x330\n[  136.615953]  ? report_bug+0x164/0x190\n[  136.615968]  ? handle_bug+0x58/0x90\n[  136.615979]  ? exc_invalid_op+0x17/0x70\n[  136.615987]  ? asm_exc_invalid_op+0x1a/0x20\n[  136.616001]  ? rss_prepare_get.constprop.0+0xb9/0x170\n[  136.616016]  ? __alloc_frozen_pages_noprof+0x322/0x330\n[  136.616028]  __alloc_pages_noprof+0xe/0x20\n[  136.616038]  ___kmalloc_large_node+0x80/0x110\n[  136.616072]  __kmalloc_large_node_noprof+0x1d/0xa0\n[  136.616081]  __kmalloc_noprof+0x32c/0x4c0\n[  136.616098]  ? rss_prepare_get.constprop.0+0xb9/0x170\n[  136.616105]  rss_prepare_get.constprop.0+0xb9/0x170\n[  136.616114]  ethnl_default_doit+0x107/0x3d0\n[  136.616131]  genl_family_rcv_msg_doit+0x100/0x160\n[  136.616147]  genl_rcv_msg+0x1b8/0x2c0\n[  136.616156]  ? __pfx_ethnl_default_doit+0x10/0x10\n[  136.616168]  ? __pfx_genl_rcv_msg+0x10/0x10\n[  136.616176]  netlink_rcv_skb+0x58/0x110\n[  136.616186]  genl_rcv+0x28/0x40\n[  136.616195]  netlink_unicast+0x19b/0x290\n[  136.616206]  netlink_sendmsg+0x222/0x490\n[  136.616215]  __sys_sendto+0x1fd/0x210\n[  136.616233]  __x64_sys_sendto+0x24/0x30\n[  136.616242]  do_syscall_64+0x82/0x160\n[  136.616252]  ? __sys_recvmsg+0x83/0xe0\n[  136.616265]  ? syscall_exit_to_user_mode+0x10/0x210\n[  136.616275]  ? do_syscall_64+0x8e/0x160\n[  136.616282]  ? __count_memcg_events+0xa1/0x130\n[  136.616295]  ? count_memcg_events.constprop.0+0x1a/0x30\n[  136.616306]  ? handle_mm_fault+0xae/0x2d0\n[  136.616319]  ? do_user_addr_fault+0x379/0x670\n[  136.616328]  ? clear_bhb_loop+0x45/0xa0\n[  136.616340]  ? clear_bhb_loop+0x45/0xa0\n[  136.616349]  ? clear_bhb_loop+0x45/0xa0\n[  136.616359]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  136.616369] RIP: 0033:0x7fd30ba7b047\n[  136.616376] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d bd d5 0c 00 00 41 89 ca 74 10 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 71 c3 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44\n[  136.616381] RSP: 002b:00007ffde1796d68 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\n[  136.616388] RAX: ffffffffffffffda RBX: 000055d7bd89f2a0 RCX: 00007fd30ba7b047\n[  136.616392] RDX: 0000000000000028 RSI: 000055d7bd89f3b0 RDI: 0000000000000003\n[  136.616396] RBP: 00007ffde1796e10 R08: 00007fd30bb4e200 R09: 000000000000000c\n[  136.616399] R10: 0000000000000000 R11: 0000000000000202 R12: 000055d7bd89f340\n[  136.616403] R13: 000055d7bd89f3b0 R14: 000055d78943f200 R15: 0000000000000000"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:21:11.005Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/018ff57fd79c38be989b8b3248bbe69bcfb77160"
        },
        {
          "url": "https://git.kernel.org/stable/c/326e384ee7acbebf0541ac064ac7a4dd1f1dde1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f77bf1ebf8ff6301ccdbc346f7b52db928f9cbf8"
        }
      ],
      "title": "idpf: return 0 size for RSS key if not supported",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38402",
    "datePublished": "2025-07-25T12:53:45.677Z",
    "dateReserved": "2025-04-16T04:51:24.012Z",
    "dateUpdated": "2025-07-28T04:21:11.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b5fbe940862339cdcc34dea7a057ad18d18fa137",
              "status": "affected",
              "version": "bc08041b32abe6c9824f78735bac22018eabfc06",
              "versionType": "git"
            },
            {
              "lessThan": "13017b427118f4311471ee47df74872372ca8482",
              "status": "affected",
              "version": "bc08041b32abe6c9824f78735bac22018eabfc06",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/md.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: make rdev_addable usable for rcu mode\n\nOur testcase trigger panic:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000e0\n...\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94\nPREEMPT(none)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nWorkqueue: md_misc md_start_sync\nRIP: 0010:rdev_addable+0x4d/0xf0\n...\nCall Trace:\n \u003cTASK\u003e\n md_start_sync+0x329/0x480\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x14d/0x180\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nModules linked in: raid10\nCR2: 00000000000000e0\n---[ end trace 0000000000000000 ]---\nRIP: 0010:rdev_addable+0x4d/0xf0\n\nmd_spares_need_change in md_start_sync will call rdev_addable which\nprotected by rcu_read_lock/rcu_read_unlock. This rcu context will help\nprotect rdev won\u0027t be released, but rdev-\u003emddev will be set to NULL\nbefore we call synchronize_rcu in md_kick_rdev_from_array. Fix this by\nusing READ_ONCE and check does rdev-\u003emddev still alive."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:54:56.808Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b5fbe940862339cdcc34dea7a057ad18d18fa137"
        },
        {
          "url": "https://git.kernel.org/stable/c/13017b427118f4311471ee47df74872372ca8482"
        }
      ],
      "title": "md: make rdev_addable usable for rcu mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38621",
    "datePublished": "2025-08-22T16:00:30.308Z",
    "dateReserved": "2025-04-16T04:51:24.029Z",
    "dateUpdated": "2025-09-29T05:54:56.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath6kl/htc_pipe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f2a429e6da37e32438a9adc250cc176a889c16a4",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "e7865f84adaf75cee1a4bbf79680329eca92b4e1",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "0d1792c98351b7c8ebdc53d052918e77d1e512c3",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "1300517e371e4d0acdb0f1237477e1ed223c3a9a",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "484d95c69fc1143f09e4c2e3b89019d68d190a92",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "644df7e865e76ab7a62c67c25cbbc093c944d0ef",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "6f93154d61b345acbc405c6dee16afb845eb298e",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "cbec770521ebc455c9811a23222faf8911422d4a",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            },
            {
              "lessThan": "75c4a8154cb6c7239fb55d5550f481f6765fb83c",
              "status": "affected",
              "version": "de2070fc4aa7c0205348010f500f5abce012e67b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath6kl/htc_pipe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.315",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.243",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.315",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.283",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.243",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.180",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.111",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: reduce WARN to dev_dbg() in callback\n\nThe warn is triggered on a known race condition, documented in the code above\nthe test, that is correctly handled.  Using WARN() hinders automated testing.\nReducing severity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-07T15:19:39.664Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f2a429e6da37e32438a9adc250cc176a889c16a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7865f84adaf75cee1a4bbf79680329eca92b4e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d1792c98351b7c8ebdc53d052918e77d1e512c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1300517e371e4d0acdb0f1237477e1ed223c3a9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/484d95c69fc1143f09e4c2e3b89019d68d190a92"
        },
        {
          "url": "https://git.kernel.org/stable/c/644df7e865e76ab7a62c67c25cbbc093c944d0ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f93154d61b345acbc405c6dee16afb845eb298e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbec770521ebc455c9811a23222faf8911422d4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/75c4a8154cb6c7239fb55d5550f481f6765fb83c"
        }
      ],
      "title": "wifi: ath6kl: reduce WARN to dev_dbg() in callback",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53639",
    "datePublished": "2025-10-07T15:19:39.664Z",
    "dateReserved": "2025-10-07T15:16:59.658Z",
    "dateUpdated": "2025-10-07T15:19:39.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:34:37.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/openvswitch/flow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4b9a086eedc1fddae632310386098c12155e3d0a",
              "status": "affected",
              "version": "fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3",
              "versionType": "git"
            },
            {
              "lessThan": "ad17eb86d042d72a59fd184ad1adf34f5eb36843",
              "status": "affected",
              "version": "fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3",
              "versionType": "git"
            },
            {
              "lessThan": "f26fe7c3002516dd3c288f1012786df31f4d89e0",
              "status": "affected",
              "version": "fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3",
              "versionType": "git"
            },
            {
              "lessThan": "8ebcd311b4866ab911d1445ead08690e67f0c488",
              "status": "affected",
              "version": "fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3",
              "versionType": "git"
            },
            {
              "lessThan": "69541e58323ec3e3904e1fa87a6213961b1f52f4",
              "status": "affected",
              "version": "fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3",
              "versionType": "git"
            },
            {
              "lessThan": "3c1906a3d50cb94fd0a10e97a1c0a40c0f033cb7",
              "status": "affected",
              "version": "fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3",
              "versionType": "git"
            },
            {
              "lessThan": "0bdc924bfb319fb10d1113cbf091fc26fb7b1f99",
              "status": "affected",
              "version": "fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/openvswitch/flow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.94",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.34",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.3",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix the dead loop of MPLS parse\n\nThe unexpected MPLS packet may not end with the bottom label stack.\nWhen there are many stacks, The label count value has wrapped around.\nA dead loop occurs, soft lockup/CPU stuck finally.\n\nstack backtrace:\nUBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26\nindex -1 is out of range for type \u0027__be32 [3]\u0027\nCPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G           OE   5.15.0-121-generic #131-Ubuntu\nHardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021\nCall Trace:\n \u003cIRQ\u003e\n show_stack+0x52/0x5c\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n key_extract_l3l4+0x82a/0x840 [openvswitch]\n ? kfree_skbmem+0x52/0xa0\n key_extract+0x9c/0x2b0 [openvswitch]\n ovs_flow_key_extract+0x124/0x350 [openvswitch]\n ovs_vport_receive+0x61/0xd0 [openvswitch]\n ? kernel_init_free_pages.part.0+0x4a/0x70\n ? get_page_from_freelist+0x353/0x540\n netdev_port_receive+0xc4/0x180 [openvswitch]\n ? netdev_port_receive+0x180/0x180 [openvswitch]\n netdev_frame_hook+0x1f/0x40 [openvswitch]\n __netif_receive_skb_core.constprop.0+0x23a/0xf00\n __netif_receive_skb_list_core+0xfa/0x240\n netif_receive_skb_list_internal+0x18e/0x2a0\n napi_complete_done+0x7a/0x1c0\n bnxt_poll+0x155/0x1c0 [bnxt_en]\n __napi_poll+0x30/0x180\n net_rx_action+0x126/0x280\n ? bnxt_msix+0x67/0x80 [bnxt_en]\n handle_softirqs+0xda/0x2d0\n irq_exit_rcu+0x96/0xc0\n common_interrupt+0x8e/0xa0\n \u003c/IRQ\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:13:28.266Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4b9a086eedc1fddae632310386098c12155e3d0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad17eb86d042d72a59fd184ad1adf34f5eb36843"
        },
        {
          "url": "https://git.kernel.org/stable/c/f26fe7c3002516dd3c288f1012786df31f4d89e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ebcd311b4866ab911d1445ead08690e67f0c488"
        },
        {
          "url": "https://git.kernel.org/stable/c/69541e58323ec3e3904e1fa87a6213961b1f52f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c1906a3d50cb94fd0a10e97a1c0a40c0f033cb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0bdc924bfb319fb10d1113cbf091fc26fb7b1f99"
        }
      ],
      "title": "net: openvswitch: Fix the dead loop of MPLS parse",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38146",
    "datePublished": "2025-07-03T08:35:52.230Z",
    "dateReserved": "2025-04-16T04:51:23.988Z",
    "dateUpdated": "2025-11-03T17:34:37.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/steering/hws/action.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "051fd8576a2e4e95d5870c5c9f8679c5b16882e4",
              "status": "affected",
              "version": "504e536d90104c850731840d3fbc95acf251f11b",
              "versionType": "git"
            },
            {
              "lessThan": "a630f83592cdad1253523a1b760cfe78fef6cd9c",
              "status": "affected",
              "version": "504e536d90104c850731840d3fbc95acf251f11b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/steering/hws/action.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.5",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow\n\nWhen an invalid stc_type is provided, the function allocates memory for\nshared_stc but jumps to unlock_and_out without freeing it, causing a\nmemory leak.\n\nFix by jumping to free_shared_stc label instead to ensure proper cleanup."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T06:00:38.178Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/051fd8576a2e4e95d5870c5c9f8679c5b16882e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a630f83592cdad1253523a1b760cfe78fef6cd9c"
        }
      ],
      "title": "net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39834",
    "datePublished": "2025-09-16T13:08:50.896Z",
    "dateReserved": "2025-04-16T07:20:57.140Z",
    "dateUpdated": "2025-09-29T06:00:38.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_gem.c",
            "drivers/gpu/drm/drm_gem_framebuffer_helper.c",
            "drivers/gpu/drm/drm_internal.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb4c956a15f8b7f870649454771fc3761f504b5f",
              "status": "affected",
              "version": "319c933c71f3dbdb2b3274d1634d3494c70efa06",
              "versionType": "git"
            },
            {
              "lessThan": "08480e285c6a82ce689008d643e4a51db0aaef8b",
              "status": "affected",
              "version": "319c933c71f3dbdb2b3274d1634d3494c70efa06",
              "versionType": "git"
            },
            {
              "lessThan": "3cf520d9860d4ec9f7f32068825da31f18dd3f25",
              "status": "affected",
              "version": "319c933c71f3dbdb2b3274d1634d3494c70efa06",
              "versionType": "git"
            },
            {
              "lessThan": "5307dce878d4126e1b375587318955bd019c3741",
              "status": "affected",
              "version": "319c933c71f3dbdb2b3274d1634d3494c70efa06",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_gem.c",
            "drivers/gpu/drm/drm_gem_framebuffer_helper.c",
            "drivers/gpu/drm/drm_internal.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.99",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.39",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.7",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[  156.791968] ------------[ cut here ]------------\n[  156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[  156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[  157.043420] Call Trace:\n[  157.045898]  \u003cTASK\u003e\n[  157.048030]  ? show_trace_log_lvl+0x1af/0x2c0\n[  157.052436]  ? show_trace_log_lvl+0x1af/0x2c0\n[  157.056836]  ? show_trace_log_lvl+0x1af/0x2c0\n[  157.061253]  ? drm_gem_shmem_vmap+0x74/0x710\n[  157.065567]  ? dma_buf_vmap+0x224/0x430\n[  157.069446]  ? __warn.cold+0x58/0xe4\n[  157.073061]  ? dma_buf_vmap+0x224/0x430\n[  157.077111]  ? report_bug+0x1dd/0x390\n[  157.080842]  ? handle_bug+0x5e/0xa0\n[  157.084389]  ? exc_invalid_op+0x14/0x50\n[  157.088291]  ? asm_exc_invalid_op+0x16/0x20\n[  157.092548]  ? dma_buf_vmap+0x224/0x430\n[  157.096663]  ? dma_resv_get_singleton+0x6d/0x230\n[  157.101341]  ? __pfx_dma_buf_vmap+0x10/0x10\n[  157.105588]  ? __pfx_dma_resv_get_singleton+0x10/0x10\n[  157.110697]  drm_gem_shmem_vmap+0x74/0x710\n[  157.114866]  drm_gem_vmap+0xa9/0x1b0\n[  157.118763]  drm_gem_vmap_unlocked+0x46/0xa0\n[  157.123086]  drm_gem_fb_vmap+0xab/0x300\n[  157.126979]  drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[  157.133032]  ? lockdep_init_map_type+0x19d/0x880\n[  157.137701]  drm_atomic_helper_commit+0x13d/0x2e0\n[  157.142671]  ? drm_atomic_nonblocking_commit+0xa0/0x180\n[  157.147988]  drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[  157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:30:38.510Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb4c956a15f8b7f870649454771fc3761f504b5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/08480e285c6a82ce689008d643e4a51db0aaef8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cf520d9860d4ec9f7f32068825da31f18dd3f25"
        },
        {
          "url": "https://git.kernel.org/stable/c/5307dce878d4126e1b375587318955bd019c3741"
        }
      ],
      "title": "drm/gem: Acquire references on GEM handles for framebuffers",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38449",
    "datePublished": "2025-07-25T15:27:30.702Z",
    "dateReserved": "2025-04-16T04:51:24.018Z",
    "dateUpdated": "2026-01-02T15:30:38.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "81373cd1d72d87c7d844d4454a526b8f53e72d00",
              "status": "affected",
              "version": "270a1c3de47e49dd2fc18f48e46b101e48050e78",
              "versionType": "git"
            },
            {
              "lessThan": "62e6160cfb5514787bda833d466509edc38fde23",
              "status": "affected",
              "version": "270a1c3de47e49dd2fc18f48e46b101e48050e78",
              "versionType": "git"
            },
            {
              "lessThan": "9f164fa6bb09fbcc60fa5c3ff551ce9eec1befd7",
              "status": "affected",
              "version": "270a1c3de47e49dd2fc18f48e46b101e48050e78",
              "versionType": "git"
            },
            {
              "lessThan": "d3a5f2871adc0c61c61869f37f3e697d97f03d8c",
              "status": "affected",
              "version": "270a1c3de47e49dd2fc18f48e46b101e48050e78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.99",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.39",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.7",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:23:11.023Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/81373cd1d72d87c7d844d4454a526b8f53e72d00"
        },
        {
          "url": "https://git.kernel.org/stable/c/62e6160cfb5514787bda833d466509edc38fde23"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f164fa6bb09fbcc60fa5c3ff551ce9eec1befd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3a5f2871adc0c61c61869f37f3e697d97f03d8c"
        }
      ],
      "title": "tcp: Correct signedness in skb remaining space calculation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38463",
    "datePublished": "2025-07-25T15:27:45.975Z",
    "dateReserved": "2025-04-16T04:51:24.020Z",
    "dateUpdated": "2025-07-28T04:23:11.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci-mem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5e4ce28ad907aa54f13b21d5f1dc490525957b0c",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            },
            {
              "lessThan": "f0de39474078adef6ece7a183e34c15ce2c1d8d1",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            },
            {
              "lessThan": "cebbc8d335d6bcc1316584f779c08f80287c6af8",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            },
            {
              "lessThan": "8f1cd9633d1f21efc13e8fc75be8f2b6bb85e38c",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            },
            {
              "lessThan": "678d2cc2041cc6ce05030852dce9ad42719abcfc",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            },
            {
              "lessThan": "c892a81c7424b4f6a660cb9c249d354ccf3afeca",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            },
            {
              "lessThan": "3bf860a41e0f2fcea0ac3aae8f7ef887a7994b70",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            },
            {
              "lessThan": "5aed5b7c2430ce318a8e62f752f181e66f0d1053",
              "status": "affected",
              "version": "2e27980e6eb78114c4ecbaad1ba71836e3887d18",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci-mem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "lessThan": "3.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.332",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.298",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.264",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.332",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.298",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.264",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.223",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.153",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.77",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.7",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Remove device endpoints from bandwidth list when freeing the device\n\nEndpoints are normally deleted from the bandwidth list when they are\ndropped, before the virt device is freed.\n\nIf xHC host is dying or being removed then the endpoints aren\u0027t dropped\ncleanly due to functions returning early to avoid interacting with a\nnon-accessible host controller.\n\nSo check and delete endpoints that are still on the bandwidth list when\nfreeing the virt device.\n\nSolves a list_del corruption kernel crash when unbinding xhci-pci,\ncaused by xhci_mem_cleanup() when it later tried to delete already freed\nendpoints from the bandwidth list.\n\nThis only affects hosts that use software bandwidth checking, which\ncurrenty is only the xHC in intel Panther Point PCH (Ivy Bridge)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:29:32.754Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5e4ce28ad907aa54f13b21d5f1dc490525957b0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0de39474078adef6ece7a183e34c15ce2c1d8d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/cebbc8d335d6bcc1316584f779c08f80287c6af8"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f1cd9633d1f21efc13e8fc75be8f2b6bb85e38c"
        },
        {
          "url": "https://git.kernel.org/stable/c/678d2cc2041cc6ce05030852dce9ad42719abcfc"
        },
        {
          "url": "https://git.kernel.org/stable/c/c892a81c7424b4f6a660cb9c249d354ccf3afeca"
        },
        {
          "url": "https://git.kernel.org/stable/c/3bf860a41e0f2fcea0ac3aae8f7ef887a7994b70"
        },
        {
          "url": "https://git.kernel.org/stable/c/5aed5b7c2430ce318a8e62f752f181e66f0d1053"
        }
      ],
      "title": "xhci: Remove device endpoints from bandwidth list when freeing the device",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50470",
    "datePublished": "2025-10-04T15:16:32.764Z",
    "dateReserved": "2025-10-04T15:13:33.466Z",
    "dateUpdated": "2025-12-23T13:29:32.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:42:15.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c",
            "kernel/trace/trace.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b842ef39c2ad6156c13afdec25ecc6792a9b67b9",
              "status": "affected",
              "version": "634684d79733124f7470b226b0f42aada4426b07",
              "versionType": "git"
            },
            {
              "lessThan": "41b838420457802f21918df66764b6fbf829d330",
              "status": "affected",
              "version": "8c9af478c06bb1ab1422f90d8ecbc53defd44bc3",
              "versionType": "git"
            },
            {
              "lessThan": "418b448e1d7470da9d4d4797f71782595ee69c49",
              "status": "affected",
              "version": "8c9af478c06bb1ab1422f90d8ecbc53defd44bc3",
              "versionType": "git"
            },
            {
              "lessThan": "58ff8064cb4c7eddac4da1a59da039ead586950a",
              "status": "affected",
              "version": "8c9af478c06bb1ab1422f90d8ecbc53defd44bc3",
              "versionType": "git"
            },
            {
              "lessThan": "d0c68045b8b0f3737ed7bd6b8c83b7887014adee",
              "status": "affected",
              "version": "8c9af478c06bb1ab1422f90d8ecbc53defd44bc3",
              "versionType": "git"
            },
            {
              "lessThan": "3079517a5ba80901fe828a06998da64b9b8749be",
              "status": "affected",
              "version": "8c9af478c06bb1ab1422f90d8ecbc53defd44bc3",
              "versionType": "git"
            },
            {
              "lessThan": "6a909ea83f226803ea0e718f6e88613df9234d58",
              "status": "affected",
              "version": "8c9af478c06bb1ab1422f90d8ecbc53defd44bc3",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "24cd31752f47699b89b4b3471155c8e599a1a23a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e9cb474de7ff7a970c2a3951c12ec7e3113c0c35",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "6ab671191f64b0da7d547e2ad4dc199ca7e5b558",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3d9281a4ac7171c808f9507f0937eb236b353905",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0b641b25870f02e2423e494365fc5243cc1e2759",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ffd51dbfd2900e50c71b5c069fe407957e52d61f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "cdd107d7f18158d966c2bc136204fe826dac445c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c",
            "kernel/trace/trace.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.10.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.44",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.269",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.269",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.233",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.191",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.118",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.11.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:57:20.731Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b842ef39c2ad6156c13afdec25ecc6792a9b67b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/41b838420457802f21918df66764b6fbf829d330"
        },
        {
          "url": "https://git.kernel.org/stable/c/418b448e1d7470da9d4d4797f71782595ee69c49"
        },
        {
          "url": "https://git.kernel.org/stable/c/58ff8064cb4c7eddac4da1a59da039ead586950a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0c68045b8b0f3737ed7bd6b8c83b7887014adee"
        },
        {
          "url": "https://git.kernel.org/stable/c/3079517a5ba80901fe828a06998da64b9b8749be"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a909ea83f226803ea0e718f6e88613df9234d58"
        }
      ],
      "title": "tracing: Limit access to parser-\u003ebuffer when trace_get_user failed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39683",
    "datePublished": "2025-09-05T17:20:49.821Z",
    "dateReserved": "2025-04-16T07:20:57.113Z",
    "dateUpdated": "2025-11-03T17:42:15.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:41:07.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/mm/ptdump_debugfs.c",
            "arch/riscv/mm/ptdump.c",
            "arch/s390/mm/dump_pagetables.c",
            "mm/ptdump.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3ee9a8c27bfd72c3f465004fa8455785d61be5e8",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            },
            {
              "lessThan": "69bea84b06b5e779627e7afdbf4b60a7d231c76f",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            },
            {
              "lessThan": "ac25ec5fa2bf6e606dc7954488e4dded272fa9cd",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            },
            {
              "lessThan": "1636b5e9c3543b87d673e32a47e7c18698882425",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            },
            {
              "lessThan": "ff40839e018b82c4d756d035f34a63aa2d93be83",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            },
            {
              "lessThan": "67995d4244694928ce701928e530b5b4adeb17b4",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            },
            {
              "lessThan": "ca8c414499f2e5337a95a76be0d21b728ee31c6b",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            },
            {
              "lessThan": "59305202c67fea50378dcad0cc199dbc13a0e99a",
              "status": "affected",
              "version": "bbd6ec605c0fc286c3f8ce60b4ed44635361d58b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/mm/ptdump_debugfs.c",
            "arch/riscv/mm/ptdump.c",
            "arch/s390/mm/dump_pagetables.c",
            "mm/ptdump.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.43",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.11",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()\n\nMemory hot remove unmaps and tears down various kernel page table regions\nas required.  The ptdump code can race with concurrent modifications of\nthe kernel page tables.  When leaf entries are modified concurrently, the\ndump code may log stale or inconsistent information for a VA range, but\nthis is otherwise not harmful.\n\nBut when intermediate levels of kernel page table are freed, the dump code\nwill continue to use memory that has been freed and potentially\nreallocated for another purpose.  In such cases, the ptdump code may\ndereference bogus addresses, leading to a number of potential problems.\n\nTo avoid the above mentioned race condition, platforms such as arm64,\nriscv and s390 take memory hotplug lock, while dumping kernel page table\nvia the sysfs interface /sys/kernel/debug/kernel_page_tables.\n\nSimilar race condition exists while checking for pages that might have\nbeen marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages\nwhich in turn calls ptdump_check_wx().  Instead of solving this race\ncondition again, let\u0027s just move the memory hotplug lock inside generic\nptdump_check_wx() which will benefit both the scenarios.\n\nDrop get_online_mems() and put_online_mems() combination from all existing\nplatform ptdump code paths."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:55:52.426Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3ee9a8c27bfd72c3f465004fa8455785d61be5e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/69bea84b06b5e779627e7afdbf4b60a7d231c76f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac25ec5fa2bf6e606dc7954488e4dded272fa9cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/1636b5e9c3543b87d673e32a47e7c18698882425"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff40839e018b82c4d756d035f34a63aa2d93be83"
        },
        {
          "url": "https://git.kernel.org/stable/c/67995d4244694928ce701928e530b5b4adeb17b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca8c414499f2e5337a95a76be0d21b728ee31c6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/59305202c67fea50378dcad0cc199dbc13a0e99a"
        }
      ],
      "title": "mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38681",
    "datePublished": "2025-09-04T15:32:36.681Z",
    "dateReserved": "2025-04-16T04:51:24.031Z",
    "dateUpdated": "2025-11-03T17:41:07.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/task_mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ca988dcdc6683ecd9de5f525ce469588a9141c21",
              "status": "affected",
              "version": "52526ca7fdb905a768a93f8faa418e9b988fc34b",
              "versionType": "git"
            },
            {
              "lessThan": "a2cb8818a3d915cd33a1e8b2babc1bb0c34862c3",
              "status": "affected",
              "version": "52526ca7fdb905a768a93f8faa418e9b988fc34b",
              "versionType": "git"
            },
            {
              "lessThan": "28aa29986dde79e8466bc87569141291053833f5",
              "status": "affected",
              "version": "52526ca7fdb905a768a93f8faa418e9b988fc34b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/proc/task_mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.50",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.50",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc/task_mmu: check p-\u003evec_buf for NULL\n\nWhen the PAGEMAP_SCAN ioctl is invoked with vec_len = 0 reaches\npagemap_scan_backout_range(), kernel panics with null-ptr-deref:\n\n[   44.936808] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[   44.937797] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n[   44.938391] CPU: 1 UID: 0 PID: 2480 Comm: reproducer Not tainted 6.17.0-rc6 #22 PREEMPT(none)\n[   44.939062] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[   44.939935] RIP: 0010:pagemap_scan_thp_entry.isra.0+0x741/0xa80\n\n\u003csnip registers, unreliable trace\u003e\n\n[   44.946828] Call Trace:\n[   44.947030]  \u003cTASK\u003e\n[   44.949219]  pagemap_scan_pmd_entry+0xec/0xfa0\n[   44.952593]  walk_pmd_range.isra.0+0x302/0x910\n[   44.954069]  walk_pud_range.isra.0+0x419/0x790\n[   44.954427]  walk_p4d_range+0x41e/0x620\n[   44.954743]  walk_pgd_range+0x31e/0x630\n[   44.955057]  __walk_page_range+0x160/0x670\n[   44.956883]  walk_page_range_mm+0x408/0x980\n[   44.958677]  walk_page_range+0x66/0x90\n[   44.958984]  do_pagemap_scan+0x28d/0x9c0\n[   44.961833]  do_pagemap_cmd+0x59/0x80\n[   44.962484]  __x64_sys_ioctl+0x18d/0x210\n[   44.962804]  do_syscall_64+0x5b/0x290\n[   44.963111]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nvec_len = 0 in pagemap_scan_init_bounce_buffer() means no buffers are\nallocated and p-\u003evec_buf remains set to NULL.\n\nThis breaks an assumption made later in pagemap_scan_backout_range(), that\npage_region is always allocated for p-\u003evec_buf_index.\n\nFix it by explicitly checking p-\u003evec_buf for NULL before dereferencing.\n\nOther sites that might run into same deref-issue are already (directly or\ntransitively) protected by checking p-\u003evec_buf.\n\nNote:\nFrom PAGEMAP_SCAN man page, it seems vec_len = 0 is valid when no output\nis requested and it\u0027s only the side effects caller is interested in,\nhence it passes check in pagemap_scan_get_args().\n\nThis issue was found by syzkaller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-20T15:26:55.208Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ca988dcdc6683ecd9de5f525ce469588a9141c21"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2cb8818a3d915cd33a1e8b2babc1bb0c34862c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/28aa29986dde79e8466bc87569141291053833f5"
        }
      ],
      "title": "fs/proc/task_mmu: check p-\u003evec_buf for NULL",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40009",
    "datePublished": "2025-10-20T15:26:55.208Z",
    "dateReserved": "2025-04-16T07:20:57.151Z",
    "dateUpdated": "2025-10-20T15:26:55.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/qlogic/qed/qed_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "25672c620421fa2105703a94a29a03487245e6d6",
              "status": "affected",
              "version": "d52c89f120de849575f6b2e5948038f2be12ce6f",
              "versionType": "git"
            },
            {
              "lessThan": "e0e24571a7b2f8c8f06e25d3417253ebbdbc8d5c",
              "status": "affected",
              "version": "d52c89f120de849575f6b2e5948038f2be12ce6f",
              "versionType": "git"
            },
            {
              "lessThan": "8141910869596b7a3a5d9b46107da2191d523f82",
              "status": "affected",
              "version": "d52c89f120de849575f6b2e5948038f2be12ce6f",
              "versionType": "git"
            },
            {
              "lessThan": "ea53e6a47e148b490b1c652fc65d2de5a086df76",
              "status": "affected",
              "version": "d52c89f120de849575f6b2e5948038f2be12ce6f",
              "versionType": "git"
            },
            {
              "lessThan": "660b2a8f5a306a28c7efc1b4990ecc4912a68f87",
              "status": "affected",
              "version": "d52c89f120de849575f6b2e5948038f2be12ce6f",
              "versionType": "git"
            },
            {
              "lessThan": "70affe82e38fd3dc76b9c68b5a1989f11e7fa0f3",
              "status": "affected",
              "version": "d52c89f120de849575f6b2e5948038f2be12ce6f",
              "versionType": "git"
            },
            {
              "lessThan": "56c0a2a9ddc2f5b5078c5fb0f81ab76bbc3d4c37",
              "status": "affected",
              "version": "d52c89f120de849575f6b2e5948038f2be12ce6f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/qlogic/qed/qed_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.245",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.194",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.245",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.194",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.154",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.108",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.49",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.9",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n    [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n    [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-04T07:37:05.967Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/25672c620421fa2105703a94a29a03487245e6d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0e24571a7b2f8c8f06e25d3417253ebbdbc8d5c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8141910869596b7a3a5d9b46107da2191d523f82"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea53e6a47e148b490b1c652fc65d2de5a086df76"
        },
        {
          "url": "https://git.kernel.org/stable/c/660b2a8f5a306a28c7efc1b4990ecc4912a68f87"
        },
        {
          "url": "https://git.kernel.org/stable/c/70affe82e38fd3dc76b9c68b5a1989f11e7fa0f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/56c0a2a9ddc2f5b5078c5fb0f81ab76bbc3d4c37"
        }
      ],
      "title": "qed: Don\u0027t collect too many protection override GRC elements",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39949",
    "datePublished": "2025-10-04T07:31:10.164Z",
    "dateReserved": "2025-04-16T07:20:57.148Z",
    "dateUpdated": "2025-10-04T07:37:05.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:42:17.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/pcl726.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bab220b0bb5af652007e278e8e8357f952b0e1ea",
              "status": "affected",
              "version": "fff46207245cd9e39c05b638afaee2478e64914b",
              "versionType": "git"
            },
            {
              "lessThan": "5a33d07c94ba91306093e823112a7aa9727549f6",
              "status": "affected",
              "version": "fff46207245cd9e39c05b638afaee2478e64914b",
              "versionType": "git"
            },
            {
              "lessThan": "0eb4ed2aa261dee228f1668dbfa6d87353e8162d",
              "status": "affected",
              "version": "fff46207245cd9e39c05b638afaee2478e64914b",
              "versionType": "git"
            },
            {
              "lessThan": "a3cfcd0c78c80ca7cd80372dc28f77d01be57bf6",
              "status": "affected",
              "version": "fff46207245cd9e39c05b638afaee2478e64914b",
              "versionType": "git"
            },
            {
              "lessThan": "d8992c9a01f81128f36acb7c5755530e21fcd059",
              "status": "affected",
              "version": "fff46207245cd9e39c05b638afaee2478e64914b",
              "versionType": "git"
            },
            {
              "lessThan": "96cb948408b3adb69df7e451ba7da9d21f814d00",
              "status": "affected",
              "version": "fff46207245cd9e39c05b638afaee2478e64914b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/pcl726.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.44",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl726: Prevent invalid irq number\n\nThe reproducer passed in an irq number(0x80008000) that was too large,\nwhich triggered the oob.\n\nAdded an interrupt number check to prevent users from passing in an irq\nnumber that was too large.\n\nIf `it-\u003eoptions[1]` is 31, then `1 \u003c\u003c it-\u003eoptions[1]` is still invalid\nbecause it shifts a 1-bit into the sign bit (which is UB in C).\nPossible solutions include reducing the upper bound on the\n`it-\u003eoptions[1]` value to 30 or lower, or using `1U \u003c\u003c it-\u003eoptions[1]`.\n\nThe old code would just not attempt to request the IRQ if the\n`options[1]` value were invalid.  And it would still configure the\ndevice without interrupts even if the call to `request_irq` returned an\nerror.  So it would be better to combine this test with the test below."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:57:23.254Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bab220b0bb5af652007e278e8e8357f952b0e1ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a33d07c94ba91306093e823112a7aa9727549f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/0eb4ed2aa261dee228f1668dbfa6d87353e8162d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3cfcd0c78c80ca7cd80372dc28f77d01be57bf6"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8992c9a01f81128f36acb7c5755530e21fcd059"
        },
        {
          "url": "https://git.kernel.org/stable/c/96cb948408b3adb69df7e451ba7da9d21f814d00"
        }
      ],
      "title": "comedi: pcl726: Prevent invalid irq number",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39685",
    "datePublished": "2025-09-05T17:20:51.954Z",
    "dateReserved": "2025-04-16T07:20:57.113Z",
    "dateUpdated": "2025-11-03T17:42:17.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}