Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/01/GHSA-24v3-p69g-7cx6/GHSA-24v3-p69g-7cx6.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-24v3-p69g-7cx6",
+  "modified": "2025-01-19T12:31:25Z",
+  "published": "2025-01-19T12:31:25Z",
+  "aliases": [
+    "CVE-2025-21636"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n  from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, as this is the only\nmember needed from the 'net' structure, but that would increase the size\nof this fix, to use '*data' everywhere 'net->sctp.probe_interval' is\nused.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21636"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/284a221f8fa503628432c7bb5108277c688c6ffa"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/44ee8635922b6eb940faddb961a8347c6857d722"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6259d2484d0ceff42245d1f09cc8cb6ee72d847a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bcf8c60074e81ed2ac2d35130917175a3949c917"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T11:15:09Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-27hv-jcq3-jj36/GHSA-27hv-jcq3-jj36.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27hv-jcq3-jj36",
+  "modified": "2025-01-19T12:31:26Z",
+  "published": "2025-01-19T12:31:25Z",
+  "aliases": [
+    "CVE-2025-21651"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: don't auto enable misc vector\n\nCurrently, there is a time window between misc irq enabled\nand service task inited. If an interrupte is reported at\nthis time, it will cause warning like below:\n\n[   16.324639] Call trace:\n[   16.324641]  __queue_delayed_work+0xb8/0xe0\n[   16.324643]  mod_delayed_work_on+0x78/0xd0\n[   16.324655]  hclge_errhand_task_schedule+0x58/0x90 [hclge]\n[   16.324662]  hclge_misc_irq_handle+0x168/0x240 [hclge]\n[   16.324666]  __handle_irq_event_percpu+0x64/0x1e0\n[   16.324667]  handle_irq_event+0x80/0x170\n[   16.324670]  handle_fasteoi_edge_irq+0x110/0x2bc\n[   16.324671]  __handle_domain_irq+0x84/0xfc\n[   16.324673]  gic_handle_irq+0x88/0x2c0\n[   16.324674]  el1_irq+0xb8/0x140\n[   16.324677]  arch_cpu_idle+0x18/0x40\n[   16.324679]  default_idle_call+0x5c/0x1bc\n[   16.324682]  cpuidle_idle_call+0x18c/0x1c4\n[   16.324684]  do_idle+0x174/0x17c\n[   16.324685]  cpu_startup_entry+0x30/0x6c\n[   16.324687]  secondary_start_kernel+0x1a4/0x280\n[   16.324688] ---[ end trace 6aa0bff672a964aa ]---\n\nSo don't auto enable misc vector when request irq..",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21651"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/98b1e3b27734139c76295754b6c317aa4df6d32e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bcf430d3bb5525fc89a92a0c451c725ba1aa4306"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T11:15:10Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-2g8f-3mwg-x245/GHSA-2g8f-3mwg-x245.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2g8f-3mwg-x245",
+  "modified": "2025-01-19T12:31:25Z",
+  "published": "2025-01-19T12:31:25Z",
+  "aliases": [
+    "CVE-2025-21642"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: sysctl: sched: avoid using current->nsproxy\n\nUsing the 'net' structure via 'current' is not recommended for different\nreasons.\n\nFirst, if the goal is to use it to read or write per-netns data, this is\ninconsistent with how the \"generic\" sysctl entries are doing: directly\nby only using pointers set to the table entry, e.g. table->data. Linked\nto that, the per-netns data should always be obtained from the table\nlinked to the netns it had been created for, which may not coincide with\nthe reader's or writer's netns.\n\nAnother reason is that access to current->nsproxy->netns can oops if\nattempted when current->nsproxy had been dropped when the current task\nis exiting. This is what syzbot found, when using acct(2):\n\n  Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n  KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n  CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n  RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125\n  Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00\n  RSP: 0018:ffffc900034774e8 EFLAGS: 00010206\n\n  RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620\n  RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028\n  RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040\n  R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000\n  R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000\n  FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   <TASK>\n   proc_sys_call_handler+0x403/0x5d0 fs/proc/proc_sysctl.c:601\n   __kernel_write_iter+0x318/0xa80 fs/read_write.c:612\n   __kernel_write+0xf6/0x140 fs/read_write.c:632\n   do_acct_process+0xcb0/0x14a0 kernel/acct.c:539\n   acct_pin_kill+0x2d/0x100 kernel/acct.c:192\n   pin_kill+0x194/0x7c0 fs/fs_pin.c:44\n   mnt_pin_kill+0x61/0x1e0 fs/fs_pin.c:81\n   cleanup_mnt+0x3ac/0x450 fs/namespace.c:1366\n   task_work_run+0x14e/0x250 kernel/task_work.c:239\n   exit_task_work include/linux/task_work.h:43 [inline]\n   do_exit+0xad8/0x2d70 kernel/exit.c:938\n   do_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n   get_signal+0x2576/0x2610 kernel/signal.c:3017\n   arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n   exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n   exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n   __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n   syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n   do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7fee3cb87a6a\n  Code: Unable to access opcode bytes at 0x7fee3cb87a40.\n  RSP: 002b:00007fffcccac688 EFLAGS: 00000202 ORIG_RAX: 0000000000000037\n  RAX: 0000000000000000 RBX: 00007fffcccac710 RCX: 00007fee3cb87a6a\n  RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003\n  RBP: 0000000000000003 R08: 00007fffcccac6ac R09: 00007fffcccacac7\n  R10: 00007fffcccac710 R11: 0000000000000202 R12: 00007fee3cd49500\n  R13: 00007fffcccac6ac R14: 0000000000000000 R15: 00007fee3cd4b000\n   </TASK>\n  Modules linked in:\n  ---[ end trace 0000000000000000 ]---\n  RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125\n  Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc\n---truncated---",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21642"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6035702381c35a8f16757332381e58b348a9eaf9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c0e394fd6b887e84da17e38aaa6c1c104f9c86c2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d38e26e36206ae3d544d496513212ae931d1da0a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T11:15:09Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-2gpq-mc93-wwwp/GHSA-2gpq-mc93-wwwp.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2gpq-mc93-wwwp",
+  "modified": "2025-01-19T12:31:25Z",
+  "published": "2025-01-19T12:31:25Z",
+  "aliases": [
+    "CVE-2025-21640"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n  from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n  (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n  syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, as this is the only\nmember needed from the 'net' structure, but that would increase the size\nof this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is\nused.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21640"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T11:15:09Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-2phg-f479-57pq/GHSA-2phg-f479-57pq.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2phg-f479-57pq",
+  "modified": "2025-01-19T12:31:25Z",
+  "published": "2025-01-19T12:31:25Z",
+  "aliases": [
+    "CVE-2025-21645"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it\n\nWakeup for IRQ1 should be disabled only in cases where i8042 had\nactually enabled it, otherwise \"wake_depth\" for this IRQ will try to\ndrop below zero and there will be an unpleasant WARN() logged:\n\nkernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug\nkernel: ------------[ cut here ]------------\nkernel: Unbalanced IRQ 1 wake disable\nkernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0\n\nThe PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops\nwhich sets amd_pmc_suspend_handler() to the .suspend, .freeze, and\n.poweroff handlers. i8042_pm_suspend(), however, is only set as\nthe .suspend handler.\n\nFix the issue by call PMC suspend handler only from the same set of\ndev_pm_ops handlers as i8042_pm_suspend(), which currently means just\nthe .suspend handler.\n\nTo reproduce this issue try hibernating (S4) the machine after a fresh boot\nwithout putting it into s2idle first.\n\n[ij: edited the commit message.]",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21645"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5cc621085e2b7a9b1905a98f8e5a86bb4aea2016"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b25778c87a6bce40c31e92364f08aa6240309e25"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/dd410d784402c5775f66faf8b624e85e41c38aaf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T11:15:10Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-2w6v-cv9c-qwv2/GHSA-2w6v-cv9c-qwv2.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w6v-cv9c-qwv2",
+  "modified": "2025-01-19T12:31:26Z",
+  "published": "2025-01-19T12:31:26Z",
+  "aliases": [
+    "CVE-2024-57911"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer\n\nThe 'data' array is allocated via kmalloc() and it is used to push data\nto user space from a triggered buffer, but it does not set values for\ninactive channels, as it only uses iio_for_each_active_channel()\nto assign new values.\n\nUse kzalloc for the memory allocation to avoid pushing uninitialized\ninformation to userspace.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57911"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T12:15:25Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-37pg-r5mj-5q6w/GHSA-37pg-r5mj-5q6w.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-37pg-r5mj-5q6w",
+  "modified": "2025-01-19T12:31:26Z",
+  "published": "2025-01-19T12:31:26Z",
+  "aliases": [
+    "CVE-2024-57912"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: pressure: zpa2326: fix information leak in triggered buffer\n\nThe 'sample' local struct is used to push data to user space from a\ntriggered buffer, but it has a hole between the temperature and the\ntimestamp (u32 pressure, u16 temperature, GAP, u64 timestamp).\nThis hole is never initialized.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57912"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T12:15:25Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-3qr3-w8jf-gq87/GHSA-3qr3-w8jf-gq87.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3qr3-w8jf-gq87",
+  "modified": "2025-01-19T12:31:24Z",
+  "published": "2025-01-19T12:31:24Z",
+  "aliases": [
+    "CVE-2025-21633"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: zero sqd->thread on tctx errors\n\nSyzkeller reports:\n\nBUG: KASAN: slab-use-after-free in thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341\nRead of size 8 at addr ffff88803578c510 by task syz.2.3223/27552\n Call Trace:\n  <TASK>\n  ...\n  kasan_report+0x143/0x180 mm/kasan/report.c:602\n  thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341\n  thread_group_cputime_adjusted+0xa6/0x340 kernel/sched/cputime.c:639\n  getrusage+0x1000/0x1340 kernel/sys.c:1863\n  io_uring_show_fdinfo+0xdfe/0x1770 io_uring/fdinfo.c:197\n  seq_show+0x608/0x770 fs/proc/fd.c:68\n  ...\n\nThat's due to sqd->task not being cleared properly in cases where\nSQPOLL task tctx setup fails, which can essentially only happen with\nfault injection to insert allocation errors.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21633"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4b7cfa8b6c28a9fa22b86894166a1a34f6d630ba"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/aa7496d668c30ca7421b3bfdcd948ee861a13d17"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-19T11:15:08Z"
+  }
+}