Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/08/GHSA-87qc-q3w7-7m8w/GHSA-87qc-q3w7-7m8w.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-87qc-q3w7-7m8w",
-  "modified": "2024-09-04T21:30:31Z",
+  "modified": "2025-01-11T15:30:27Z",
   "published": "2024-08-01T15:32:20Z",
   "aliases": [
     "CVE-2024-6923"
@@ -51,9 +51,25 @@
       "type": "WEB",
       "url": "https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html"
+    },
     {
       "type": "WEB",
       "url": "https://mail.python.org/archives/list/[email protected]/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20240926-0003"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2024/08/01/3"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2024/08/02/2"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/12/GHSA-rfr4-95g9-6vf3/GHSA-rfr4-95g9-6vf3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rfr4-95g9-6vf3",
-  "modified": "2024-12-13T15:30:38Z",
+  "modified": "2025-01-11T15:30:27Z",
   "published": "2024-12-07T09:30:23Z",
   "aliases": [
     "CVE-2024-53143"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/83af1cfa10d9aafdabd06b3655e07727f373b434"
+    },
+    {
+      "type": "WEB",
+      "url": "https://project-zero.issues.chromium.org/issues/379667898"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/01/GHSA-2658-h2r6-3vxc/GHSA-2658-h2r6-3vxc.json

@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2658-h2r6-3vxc",
+  "modified": "2025-01-11T15:30:29Z",
+  "published": "2025-01-11T15:30:29Z",
+  "aliases": [
+    "CVE-2024-57792"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: gpio-charger: Fix set charge current limits\n\nFix set charge current limits for devices which allow to set the lowest\ncharge current limit to be greater zero. If requested charge current limit\nis below lowest limit, the index equals current_limit_map_size which leads\nto accessing memory beyond allocated memory.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57792"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/13eb3cae1d8e23cce96c095abe34da8028c09ac5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6abbbd8286b6f944eecf3c74444c138590135211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/afc6e39e824ad0e44b2af50a97885caec8d213d1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b29c7783ac1fe36d639c089cf471ac7a46df05f0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c3703d9340ca2820e1ac63256f4b423ea8559831"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f6279a98db132da0cfff18712a1b06478c32007f"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-11T13:15:29Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-28h2-465h-q5v7/GHSA-28h2-465h-q5v7.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-28h2-465h-q5v7",
+  "modified": "2025-01-11T15:30:28Z",
+  "published": "2025-01-11T15:30:28Z",
+  "aliases": [
+    "CVE-2024-53689"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix potential deadlock while freezing queue and acquiring sysfs_lock\n\nFor storing a value to a queue attribute, the queue_attr_store function\nfirst freezes the queue (->q_usage_counter(io)) and then acquire\n->sysfs_lock. This seems not correct as the usual ordering should be to\nacquire ->sysfs_lock before freezing the queue. This incorrect ordering\ncauses the following lockdep splat which we are able to reproduce always\nsimply by accessing /sys/kernel/debug file using ls command:\n\n[   57.597146] WARNING: possible circular locking dependency detected\n[   57.597154] 6.12.0-10553-gb86545e02e8c #20 Tainted: G        W\n[   57.597162] ------------------------------------------------------\n[   57.597168] ls/4605 is trying to acquire lock:\n[   57.597176] c00000003eb56710 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0x58/0xc0\n[   57.597200]\n               but task is already holding lock:\n[   57.597207] c0000018e27c6810 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: iterate_dir+0x94/0x1d4\n[   57.597226]\n               which lock already depends on the new lock.\n\n[   57.597233]\n               the existing dependency chain (in reverse order) is:\n[   57.597241]\n               -> #5 (&sb->s_type->i_mutex_key#3){++++}-{4:4}:\n[   57.597255]        down_write+0x6c/0x18c\n[   57.597264]        start_creating+0xb4/0x24c\n[   57.597274]        debugfs_create_dir+0x2c/0x1e8\n[   57.597283]        blk_register_queue+0xec/0x294\n[   57.597292]        add_disk_fwnode+0x2e4/0x548\n[   57.597302]        brd_alloc+0x2c8/0x338\n[   57.597309]        brd_init+0x100/0x178\n[   57.597317]        do_one_initcall+0x88/0x3e4\n[   57.597326]        kernel_init_freeable+0x3cc/0x6e0\n[   57.597334]        kernel_init+0x34/0x1cc\n[   57.597342]        ret_from_kernel_user_thread+0x14/0x1c\n[   57.597350]\n               -> #4 (&q->debugfs_mutex){+.+.}-{4:4}:\n[   57.597362]        __mutex_lock+0xfc/0x12a0\n[   57.597370]        blk_register_queue+0xd4/0x294\n[   57.597379]        add_disk_fwnode+0x2e4/0x548\n[   57.597388]        brd_alloc+0x2c8/0x338\n[   57.597395]        brd_init+0x100/0x178\n[   57.597402]        do_one_initcall+0x88/0x3e4\n[   57.597410]        kernel_init_freeable+0x3cc/0x6e0\n[   57.597418]        kernel_init+0x34/0x1cc\n[   57.597426]        ret_from_kernel_user_thread+0x14/0x1c\n[   57.597434]\n               -> #3 (&q->sysfs_lock){+.+.}-{4:4}:\n[   57.597446]        __mutex_lock+0xfc/0x12a0\n[   57.597454]        queue_attr_store+0x9c/0x110\n[   57.597462]        sysfs_kf_write+0x70/0xb0\n[   57.597471]        kernfs_fop_write_iter+0x1b0/0x2ac\n[   57.597480]        vfs_write+0x3dc/0x6e8\n[   57.597488]        ksys_write+0x84/0x140\n[   57.597495]        system_call_exception+0x130/0x360\n[   57.597504]        system_call_common+0x160/0x2c4\n[   57.597516]\n               -> #2 (&q->q_usage_counter(io)#21){++++}-{0:0}:\n[   57.597530]        __submit_bio+0x5ec/0x828\n[   57.597538]        submit_bio_noacct_nocheck+0x1e4/0x4f0\n[   57.597547]        iomap_readahead+0x2a0/0x448\n[   57.597556]        xfs_vm_readahead+0x28/0x3c\n[   57.597564]        read_pages+0x88/0x41c\n[   57.597571]        page_cache_ra_unbounded+0x1ac/0x2d8\n[   57.597580]        filemap_get_pages+0x188/0x984\n[   57.597588]        filemap_read+0x13c/0x4bc\n[   57.597596]        xfs_file_buffered_read+0x88/0x17c\n[   57.597605]        xfs_file_read_iter+0xac/0x158\n[   57.597614]        vfs_read+0x2d4/0x3b4\n[   57.597622]        ksys_read+0x84/0x144\n[   57.597629]        system_call_exception+0x130/0x360\n[   57.597637]        system_call_common+0x160/0x2c4\n[   57.597647]\n               -> #1 (mapping.invalidate_lock#2){++++}-{4:4}:\n[   57.597661]        down_read+0x6c/0x220\n[   57.597669]        filemap_fault+0x870/0x100c\n[   57.597677]        xfs_filemap_fault+0xc4/0x18c\n[   57.597684]        __do_fault+0x64/0x164\n[   57.597693]        __handle_mm_fault+0x1274/0x1dac\n[   57.597702]        handle_mm_fault+0x248/0x48\n---truncated---",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53689"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/be26ba96421ab0a8fa2055ccf7db7832a13c44d2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f1a494df8350da2e673618627cb392a8669825dd"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-11T13:15:26Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-2fgg-8h82-rq82/GHSA-2fgg-8h82-rq82.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fgg-8h82-rq82",
+  "modified": "2025-01-11T15:30:30Z",
+  "published": "2025-01-11T15:30:30Z",
+  "aliases": [
+    "CVE-2025-23128"
+  ],
+  "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23128"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-11T15:15:09Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-2g99-pch7-3284/GHSA-2g99-pch7-3284.json

@@ -0,0 +1,53 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2g99-pch7-3284",
+  "modified": "2025-01-11T15:30:28Z",
+  "published": "2025-01-11T15:30:28Z",
+  "aliases": [
+    "CVE-2024-48881"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: revert replacing IS_ERR_OR_NULL with IS_ERR again\n\nCommit 028ddcac477b (\"bcache: Remove unnecessary NULL point check in\nnode allocations\") leads a NULL pointer deference in cache_set_flush().\n\n1721         if (!IS_ERR_OR_NULL(c->root))\n1722                 list_add(&c->root->list, &c->btree_cache);\n\n>From the above code in cache_set_flush(), if previous registration code\nfails before allocating c->root, it is possible c->root is NULL as what\nit is initialized. __bch_btree_node_alloc() never returns NULL but\nc->root is possible to be NULL at above line 1721.\n\nThis patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48881"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/336e30f32ae7c043fde0f6fa21586ff30bea9fe2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4379c5828492a4c2a651c8f826a01453bd2b80b0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5202391970ffbf81975251b3526b890ba027b715"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5e0e913624bcd24f3de414475018d3023f060ee1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b2e382ae12a63560fca35050498e19e760adf8c0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/cc05aa2c0117e20fa25a3c0d915f98b8f2e78667"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/fb5fee35bdd18316a84b5f30881a24e1415e1464"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-11T13:15:23Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-2r8x-hvqm-j9xf/GHSA-2r8x-hvqm-j9xf.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2r8x-hvqm-j9xf",
+  "modified": "2025-01-11T15:30:29Z",
+  "published": "2025-01-11T15:30:29Z",
+  "aliases": [
+    "CVE-2024-54460"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Fix circular lock in iso_listen_bis\n\nThis fixes the circular locking dependency warning below, by\nreleasing the socket lock before enterning iso_listen_bis, to\navoid any potential deadlock with hdev lock.\n\n[   75.307983] ======================================================\n[   75.307984] WARNING: possible circular locking dependency detected\n[   75.307985] 6.12.0-rc6+ #22 Not tainted\n[   75.307987] ------------------------------------------------------\n[   75.307987] kworker/u81:2/2623 is trying to acquire lock:\n[   75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO)\n               at: iso_connect_cfm+0x253/0x840 [bluetooth]\n[   75.308021]\n               but task is already holding lock:\n[   75.308022] ffff8fdd61a10078 (&hdev->lock)\n               at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth]\n[   75.308053]\n               which lock already depends on the new lock.\n\n[   75.308054]\n               the existing dependency chain (in reverse order) is:\n[   75.308055]\n               -> #1 (&hdev->lock){+.+.}-{3:3}:\n[   75.308057]        __mutex_lock+0xad/0xc50\n[   75.308061]        mutex_lock_nested+0x1b/0x30\n[   75.308063]        iso_sock_listen+0x143/0x5c0 [bluetooth]\n[   75.308085]        __sys_listen_socket+0x49/0x60\n[   75.308088]        __x64_sys_listen+0x4c/0x90\n[   75.308090]        x64_sys_call+0x2517/0x25f0\n[   75.308092]        do_syscall_64+0x87/0x150\n[   75.308095]        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[   75.308098]\n               -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[   75.308100]        __lock_acquire+0x155e/0x25f0\n[   75.308103]        lock_acquire+0xc9/0x300\n[   75.308105]        lock_sock_nested+0x32/0x90\n[   75.308107]        iso_connect_cfm+0x253/0x840 [bluetooth]\n[   75.308128]        hci_connect_cfm+0x6c/0x190 [bluetooth]\n[   75.308155]        hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth]\n[   75.308180]        hci_le_meta_evt+0xe7/0x200 [bluetooth]\n[   75.308206]        hci_event_packet+0x21f/0x5c0 [bluetooth]\n[   75.308230]        hci_rx_work+0x3ae/0xb10 [bluetooth]\n[   75.308254]        process_one_work+0x212/0x740\n[   75.308256]        worker_thread+0x1bd/0x3a0\n[   75.308258]        kthread+0xe4/0x120\n[   75.308259]        ret_from_fork+0x44/0x70\n[   75.308261]        ret_from_fork_asm+0x1a/0x30\n[   75.308263]\n               other info that might help us debug this:\n\n[   75.308264]  Possible unsafe locking scenario:\n\n[   75.308264]        CPU0                CPU1\n[   75.308265]        ----                ----\n[   75.308265]   lock(&hdev->lock);\n[   75.308267]                            lock(sk_lock-\n                                                AF_BLUETOOTH-BTPROTO_ISO);\n[   75.308268]                            lock(&hdev->lock);\n[   75.308269]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO);\n[   75.308270]\n                *** DEADLOCK ***\n\n[   75.308271] 4 locks held by kworker/u81:2/2623:\n[   75.308272]  #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0},\n                at: process_one_work+0x443/0x740\n[   75.308276]  #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)),\n                at: process_one_work+0x1ce/0x740\n[   75.308280]  #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3}\n                at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth]\n[   75.308304]  #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2},\n                at: hci_connect_cfm+0x29/0x190 [bluetooth]",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54460"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/168e28305b871d8ec604a8f51f35467b8d7ba05b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c541d7b5e17987ed330798b07d4ad508859c1c93"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-11T13:15:27Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-32jq-w4j4-wjvc/GHSA-32jq-w4j4-wjvc.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-32jq-w4j4-wjvc",
+  "modified": "2025-01-11T15:30:28Z",
+  "published": "2025-01-11T15:30:28Z",
+  "aliases": [
+    "CVE-2024-53685"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: give up on paths longer than PATH_MAX\n\nIf the full path to be built by ceph_mdsc_build_path() happens to be\nlonger than PATH_MAX, then this function will enter an endless (retry)\nloop, effectively blocking the whole task.  Most of the machine\nbecomes unusable, making this a very simple and effective DoS\nvulnerability.\n\nI cannot imagine why this retry was ever implemented, but it seems\nrather useless and harmful to me.  Let's remove it and fail with\nENAMETOOLONG instead.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53685"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/550f7ca98ee028a606aa75705a7e77b1bd11720f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c47ed91156daf328601d02b58d52d9804da54108"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-11T13:15:25Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-3gjf-8gc5-3w3x/GHSA-3gjf-8gc5-3w3x.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3gjf-8gc5-3w3x",
+  "modified": "2025-01-11T15:30:30Z",
+  "published": "2025-01-11T15:30:30Z",
+  "aliases": [
+    "CVE-2024-57876"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix resetting msg rx state after topology removal\n\nIf the MST topology is removed during the reception of an MST down reply\nor MST up request sideband message, the\ndrm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset\nfrom one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with\nthe reading/parsing of the message from another thread via\ndrm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is\npossible since the reader/parser doesn't hold any lock while accessing\nthe reception state. This in turn can lead to a memory corruption in the\nreader/parser as described by commit bd2fccac61b4 (\"drm/dp_mst: Fix MST\nsideband message body length check\").\n\nFix the above by resetting the message reception state if needed before\nreading/parsing a message. Another solution would be to hold the\ndrm_dp_mst_topology_mgr::lock for the whole duration of the message\nreception/parsing in drm_dp_mst_handle_down_rep() and\ndrm_dp_mst_handle_up_req(), however this would require a bigger change.\nSince the fix is also needed for stable, opting for the simpler solution\nin this patch.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57876"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/94b33b2d7640e807869451384eb88321dd0ffbd4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/be826b4451fd187a7c0b04be4f8243d5df6e0450"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d834d20d2e86c52ed5cab41763fa61e6071680ef"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-11T15:15:07Z"
+  }
+}