Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2023/05/GHSA-3fwg-2c37-rvfx/GHSA-3fwg-2c37-rvfx.json

@@ -33,7 +33,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-346"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2023/05/GHSA-8pm2-xpgg-f6c8/GHSA-8pm2-xpgg-f6c8.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-346"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2023/05/GHSA-94rr-mj9r-877f/GHSA-94rr-mj9r-877f.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-203"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2023/05/GHSA-pvfp-mm8f-f953/GHSA-pvfp-mm8f-f953.json

@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-22"
+      "CWE-22",
+      "CWE-346"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2023/05/GHSA-xfmg-vm58-58gp/GHSA-xfmg-vm58-58gp.json

@@ -37,7 +37,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-346"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-98gp-w8mx-vgw9/GHSA-98gp-w8mx-vgw9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-98gp-w8mx-vgw9",
-  "modified": "2024-03-03T00:30:31Z",
+  "modified": "2025-01-13T21:30:46Z",
   "published": "2024-03-03T00:30:31Z",
   "aliases": [
     "CVE-2023-52506"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Set all reserved memblocks on Node#0 at initialization\n\nAfter commit 61167ad5fecdea (\"mm: pass nid to reserve_bootmem_region()\")\nwe get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled:\n\n[    0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000000000002b82, era == 90000000040e3f28, ra == 90000000040e3f18\n[    0.000000] Oops[#1]:\n[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0+ #733\n[    0.000000] pc 90000000040e3f28 ra 90000000040e3f18 tp 90000000046f4000 sp 90000000046f7c90\n[    0.000000] a0 0000000000000001 a1 0000000000200000 a2 0000000000000040 a3 90000000046f7ca0\n[    0.000000] a4 90000000046f7ca4 a5 0000000000000000 a6 90000000046f7c38 a7 0000000000000000\n[    0.000000] t0 0000000000000002 t1 9000000004b00ac8 t2 90000000040e3f18 t3 90000000040f0800\n[    0.000000] t4 00000000000f0000 t5 80000000ffffe07e t6 0000000000000003 t7 900000047fff5e20\n[    0.000000] t8 aaaaaaaaaaaaaaab u0 0000000000000018 s9 0000000000000000 s0 fffffefffe000000\n[    0.000000] s1 0000000000000000 s2 0000000000000080 s3 0000000000000040 s4 0000000000000000\n[    0.000000] s5 0000000000000000 s6 fffffefffe000000 s7 900000000470b740 s8 9000000004ad4000\n[    0.000000]    ra: 90000000040e3f18 reserve_bootmem_region+0xec/0x21c\n[    0.000000]   ERA: 90000000040e3f28 reserve_bootmem_region+0xfc/0x21c\n[    0.000000]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[    0.000000]  PRMD: 00000000 (PPLV0 -PIE -PWE)\n[    0.000000]  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[    0.000000]  ECFG: 00070800 (LIE=11 VS=7)\n[    0.000000] ESTAT: 00010800 [PIL] (IS=11 ECode=1 EsubCode=0)\n[    0.000000]  BADV: 0000000000002b82\n[    0.000000]  PRID: 0014d000 (Loongson-64bit, Loongson-3A6000)\n[    0.000000] Modules linked in:\n[    0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))\n[    0.000000] Stack : 0000000000000000 9000000002eb5430 0000003a00000020 90000000045ccd00\n[    0.000000]         900000000470e000 90000000002c1918 0000000000000000 9000000004110780\n[    0.000000]         00000000fe6c0000 0000000480000000 9000000004b4e368 9000000004110748\n[    0.000000]         0000000000000000 900000000421ca84 9000000004620000 9000000004564970\n[    0.000000]         90000000046f7d78 9000000002cc9f70 90000000002c1918 900000000470e000\n[    0.000000]         9000000004564970 90000000040bc0e0 90000000046f7d78 0000000000000000\n[    0.000000]         0000000000004000 90000000045ccd00 0000000000000000 90000000002c1918\n[    0.000000]         90000000002c1900 900000000470b700 9000000004b4df78 9000000004620000\n[    0.000000]         90000000046200a8 90000000046200a8 0000000000000000 9000000004218b2c\n[    0.000000]         9000000004270008 0000000000000001 0000000000000000 90000000045ccd00\n[    0.000000]         ...\n[    0.000000] Call Trace:\n[    0.000000] [<90000000040e3f28>] reserve_bootmem_region+0xfc/0x21c\n[    0.000000] [<900000000421ca84>] memblock_free_all+0x114/0x350\n[    0.000000] [<9000000004218b2c>] mm_core_init+0x138/0x3cc\n[    0.000000] [<9000000004200e38>] start_kernel+0x488/0x7a4\n[    0.000000] [<90000000040df0d8>] kernel_entry+0xd8/0xdc\n[    0.000000]\n[    0.000000] Code: 02eb21ad  00410f4c  380c31ac <262b818d> 6800b70d  02c1c196  0015001c  57fe4bb1  260002cd\n\nThe reason is early memblock_reserve() in memblock_init() set node id to\nMAX_NUMNODES, making NODE_DATA(nid) a NULL dereference in the call chain\nreserve_bootmem_region() -> init_reserved_page(). After memblock_init(),\nthose late calls of memblock_reserve() operate on subregions of memblock\n.memory regions. As a result, these reserved regions will be set to the\ncorrect node at the first iteration of memmap_init_reserved_pages().\n\nSo set all reserved memblocks on Node#0 at initialization can avoid this\npanic.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:47Z"

advisories/unreviewed/2024/03/GHSA-cx4w-f43c-ww54/GHSA-cx4w-f43c-ww54.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cx4w-f43c-ww54",
-  "modified": "2024-03-03T00:30:30Z",
+  "modified": "2025-01-13T21:30:46Z",
   "published": "2024-03-03T00:30:30Z",
   "aliases": [
     "CVE-2023-52500"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command\n\nTags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed\nwhen we receive the response.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:47Z"

advisories/unreviewed/2024/03/GHSA-fh4f-4w54-vgrf/GHSA-fh4f-4w54-vgrf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fh4f-4w54-vgrf",
-  "modified": "2024-03-03T00:30:32Z",
+  "modified": "2025-01-13T21:30:47Z",
   "published": "2024-03-03T00:30:32Z",
   "aliases": [
     "CVE-2023-52523"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets\n\nWith a SOCKMAP/SOCKHASH map and an sk_msg program user can steer messages\nsent from one TCP socket (s1) to actually egress from another TCP\nsocket (s2):\n\ntcp_bpf_sendmsg(s1)\t\t// = sk_prot->sendmsg\n  tcp_bpf_send_verdict(s1)\t// __SK_REDIRECT case\n    tcp_bpf_sendmsg_redir(s2)\n      tcp_bpf_push_locked(s2)\n\ttcp_bpf_push(s2)\n\t  tcp_rate_check_app_limited(s2) // expects tcp_sock\n\t  tcp_sendmsg_locked(s2)\t // ditto\n\nThere is a hard-coded assumption in the call-chain, that the egress\nsocket (s2) is a TCP socket.\n\nHowever in commit 122e6c79efe1 (\"sock_map: Update sock type checks for\nUDP\") we have enabled redirects to non-TCP sockets. This was done for the\nsake of BPF sk_skb programs. There was no indention to support sk_msg\nsend-to-egress use case.\n\nAs a result, attempts to send-to-egress through a non-TCP socket lead to a\ncrash due to invalid downcast from sock to tcp_sock:\n\n BUG: kernel NULL pointer dereference, address: 000000000000002f\n ...\n Call Trace:\n  <TASK>\n  ? show_regs+0x60/0x70\n  ? __die+0x1f/0x70\n  ? page_fault_oops+0x80/0x160\n  ? do_user_addr_fault+0x2d7/0x800\n  ? rcu_is_watching+0x11/0x50\n  ? exc_page_fault+0x70/0x1c0\n  ? asm_exc_page_fault+0x27/0x30\n  ? tcp_tso_segs+0x14/0xa0\n  tcp_write_xmit+0x67/0xce0\n  __tcp_push_pending_frames+0x32/0xf0\n  tcp_push+0x107/0x140\n  tcp_sendmsg_locked+0x99f/0xbb0\n  tcp_bpf_push+0x19d/0x3a0\n  tcp_bpf_sendmsg_redir+0x55/0xd0\n  tcp_bpf_send_verdict+0x407/0x550\n  tcp_bpf_sendmsg+0x1a1/0x390\n  inet_sendmsg+0x6a/0x70\n  sock_sendmsg+0x9d/0xc0\n  ? sockfd_lookup_light+0x12/0x80\n  __sys_sendto+0x10e/0x160\n  ? syscall_enter_from_user_mode+0x20/0x60\n  ? __this_cpu_preempt_check+0x13/0x20\n  ? lockdep_hardirqs_on+0x82/0x110\n  __x64_sys_sendto+0x1f/0x30\n  do_syscall_64+0x38/0x90\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nReject selecting a non-TCP sockets as redirect target from a BPF sk_msg\nprogram to prevent the crash. When attempted, user will receive an EACCES\nerror from send/sendto/sendmsg() syscall.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:48Z"

advisories/unreviewed/2024/03/GHSA-h7jr-j6p8-85m6/GHSA-h7jr-j6p8-85m6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h7jr-j6p8-85m6",
-  "modified": "2024-03-03T00:30:31Z",
+  "modified": "2025-01-13T21:30:47Z",
   "published": "2024-03-03T00:30:31Z",
   "aliases": [
     "CVE-2023-52507"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: assert requested protocol is valid\n\nThe protocol is used in a bit mask to determine if the protocol is\nsupported. Assert the provided protocol is less than the maximum\ndefined so it doesn't potentially perform a shift-out-of-bounds and\nprovide a clearer error for undefined protocols vs unsupported ones.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:47Z"

advisories/unreviewed/2024/03/GHSA-j6qg-38wf-82gm/GHSA-j6qg-38wf-82gm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j6qg-38wf-82gm",
-  "modified": "2024-03-03T00:30:32Z",
+  "modified": "2025-01-13T21:30:47Z",
   "published": "2024-03-03T00:30:32Z",
   "aliases": [
     "CVE-2023-52527"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()\n\nIncluding the transhdrlen in length is a problem when the packet is\npartially filled (e.g. something like send(MSG_MORE) happened previously)\nwhen appending to an IPv4 or IPv6 packet as we don't want to repeat the\ntransport header or account for it twice.  This can happen under some\ncircumstances, such as splicing into an L2TP socket.\n\nThe symptom observed is a warning in __ip6_append_data():\n\n    WARNING: CPU: 1 PID: 5042 at net/ipv6/ip6_output.c:1800 __ip6_append_data.isra.0+0x1be8/0x47f0 net/ipv6/ip6_output.c:1800\n\nthat occurs when MSG_SPLICE_PAGES is used to append more data to an already\npartially occupied skbuff.  The warning occurs when 'copy' is larger than\nthe amount of data in the message iterator.  This is because the requested\nlength includes the transport header length when it shouldn't.  This can be\ntriggered by, for example:\n\n        sfd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP);\n        bind(sfd, ...); // ::1\n        connect(sfd, ...); // ::1 port 7\n        send(sfd, buffer, 4100, MSG_MORE);\n        sendfile(sfd, dfd, NULL, 1024);\n\nFix this by only adding transhdrlen into the length if the write queue is\nempty in l2tp_ip6_sendmsg(), analogously to how UDP does things.\n\nl2tp_ip_sendmsg() looks like it won't suffer from this problem as it builds\nthe UDP packet itself.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:48Z"

advisories/unreviewed/2024/03/GHSA-jfc7-9f46-xvqw/GHSA-jfc7-9f46-xvqw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jfc7-9f46-xvqw",
-  "modified": "2024-03-03T00:30:30Z",
+  "modified": "2025-01-13T21:30:46Z",
   "published": "2024-03-03T00:30:30Z",
   "aliases": [
     "CVE-2023-52501"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not attempt to read past \"commit\"\n\nWhen iterating over the ring buffer while the ring buffer is active, the\nwriter can corrupt the reader. There's barriers to help detect this and\nhandle it, but that code missed the case where the last event was at the\nvery end of the page and has only 4 bytes left.\n\nThe checks to detect the corruption by the writer to reads needs to see the\nlength of the event. If the length in the first 4 bytes is zero then the\nlength is stored in the second 4 bytes. But if the writer is in the process\nof updating that code, there's a small window where the length in the first\n4 bytes could be zero even though the length is only 4 bytes. That will\ncause rb_event_length() to read the next 4 bytes which could happen to be off the\nallocated page.\n\nTo protect against this, fail immediately if the next event pointer is\nless than 8 bytes from the end of the commit (last byte of data), as all\nevents must be a minimum of 8 bytes anyway.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:47Z"

advisories/unreviewed/2024/03/GHSA-mx24-9c8c-52xx/GHSA-mx24-9c8c-52xx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mx24-9c8c-52xx",
-  "modified": "2024-03-03T00:30:31Z",
+  "modified": "2025-01-13T21:30:46Z",
   "published": "2024-03-03T00:30:31Z",
   "aliases": [
     "CVE-2023-52505"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\n\nThe protocol converter configuration registers PCC8, PCCC, PCCD\n(implemented by the driver), as well as others, control protocol\nconverters from multiple lanes (each represented as a different\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\nto lanes sharing the same PCC register (either for the \"old\" or for the\n\"new\" protocol), corruption of the values programmed to hardware is\npossible, because lynx_28g_rmw() has no locking.\n\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\nthe global spinlock from the phy_ops :: set_mode() implementation. There\nare no other callers which modify PCC registers.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:47Z"

advisories/unreviewed/2024/03/GHSA-r867-j6v8-hv77/GHSA-r867-j6v8-hv77.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r867-j6v8-hv77",
-  "modified": "2024-03-03T00:30:31Z",
+  "modified": "2025-01-13T21:30:47Z",
   "published": "2024-03-03T00:30:31Z",
   "aliases": [
     "CVE-2023-52517"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain\n\nPreviously the transfer complete IRQ immediately drained to RX FIFO to\nread any data remaining in FIFO to the RX buffer. This behaviour is\ncorrect when dealing with SPI in interrupt mode. However in DMA mode the\ntransfer complete interrupt still fires as soon as all bytes to be\ntransferred have been stored in the FIFO. At that point data in the FIFO\nstill needs to be picked up by the DMA engine. Thus the drain procedure\nand DMA engine end up racing to read from RX FIFO, corrupting any data\nread. Additionally the RX buffer pointer is never adjusted according to\nDMA progress in DMA mode, thus calling the RX FIFO drain procedure in DMA\nmode is a bug.\nFix corruptions in DMA RX mode by draining RX FIFO only in interrupt mode.\nAlso wait for completion of RX DMA when in DMA mode before returning to\nensure all data has been copied to the supplied memory buffer.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:47Z"

advisories/unreviewed/2024/03/GHSA-vvwp-xfww-2qhh/GHSA-vvwp-xfww-2qhh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vvwp-xfww-2qhh",
-  "modified": "2024-03-03T00:30:32Z",
+  "modified": "2025-01-13T21:30:47Z",
   "published": "2024-03-03T00:30:32Z",
   "aliases": [
     "CVE-2023-52519"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit\n\nThe EHL (Elkhart Lake) based platforms provide a OOB (Out of band)\nservice, which allows to wakup device when the system is in S5 (Soft-Off\nstate). This OOB service can be enabled/disabled from BIOS settings. When\nenabled, the ISH device gets PME wake capability. To enable PME wakeup,\ndriver also needs to enable ACPI GPE bit.\n\nOn resume, BIOS will clear the wakeup bit. So driver need to re-enable it\nin resume function to keep the next wakeup capability. But this BIOS\nclearing of wakeup bit doesn't decrement internal OS GPE reference count,\nso this reenabling on every resume will cause reference count to overflow.\n\nSo first disable and reenable ACPI GPE bit using acpi_disable_gpe().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:48Z"

advisories/unreviewed/2024/03/GHSA-x9q8-72p3-mmvx/GHSA-x9q8-72p3-mmvx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x9q8-72p3-mmvx",
-  "modified": "2024-03-03T00:30:32Z",
+  "modified": "2025-01-13T21:30:47Z",
   "published": "2024-03-03T00:30:32Z",
   "aliases": [
     "CVE-2023-52524"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-02T22:15:48Z"