{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/irdma/hw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "87674a359ad173a3b8cd484e92e4f1901666da4c",
              "status": "affected",
              "version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
              "versionType": "git"
            },
            {
              "lessThan": "b3bd44bf20cb3a6a47aa4373e1817147efb4be04",
              "status": "affected",
              "version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
              "versionType": "git"
            },
            {
              "lessThan": "209e4aa9a7b636d8aaa1297e1d089ee2ed91d73f",
              "status": "affected",
              "version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
              "versionType": "git"
            },
            {
              "lessThan": "9cd9842c46996ef62173c36619c746f57416bcb0",
              "status": "affected",
              "version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/irdma/hw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Cap MSIX used to online CPUs + 1\n\nThe irdma driver can use a maximum number of msix vectors equal\nto num_online_cpus() + 1 and the kernel warning stack below is shown\nif that number is exceeded.\n\nThe kernel throws a warning as the driver tries to update the affinity\nhint with a CPU mask greater than the max CPU IDs. Fix this by capping\nthe MSIX vectors to num_online_cpus() + 1.\n\n WARNING: CPU: 7 PID: 23655 at include/linux/cpumask.h:106 irdma_cfg_ceq_vector+0x34c/0x3f0 [irdma]\n RIP: 0010:irdma_cfg_ceq_vector+0x34c/0x3f0 [irdma]\n Call Trace:\n irdma_rt_init_hw+0xa62/0x1290 [irdma]\n ? irdma_alloc_local_mac_entry+0x1a0/0x1a0 [irdma]\n ? __is_kernel_percpu_address+0x63/0x310\n ? rcu_read_lock_held_common+0xe/0xb0\n ? irdma_lan_unregister_qset+0x280/0x280 [irdma]\n ? irdma_request_reset+0x80/0x80 [irdma]\n ? ice_get_qos_params+0x84/0x390 [ice]\n irdma_probe+0xa40/0xfc0 [irdma]\n ? rcu_read_lock_bh_held+0xd0/0xd0\n ? irdma_remove+0x140/0x140 [irdma]\n ? rcu_read_lock_sched_held+0x62/0xe0\n ? down_write+0x187/0x3d0\n ? auxiliary_match_id+0xf0/0x1a0\n ? irdma_remove+0x140/0x140 [irdma]\n auxiliary_bus_probe+0xa6/0x100\n __driver_probe_device+0x4a4/0xd50\n ? __device_attach_driver+0x2c0/0x2c0\n driver_probe_device+0x4a/0x110\n __driver_attach+0x1aa/0x350\n bus_for_each_dev+0x11d/0x1b0\n ? subsys_dev_iter_init+0xe0/0xe0\n bus_add_driver+0x3b1/0x610\n driver_register+0x18e/0x410\n ? 0xffffffffc0b88000\n irdma_init_module+0x50/0xaa [irdma]\n do_one_initcall+0x103/0x5f0\n ? perf_trace_initcall_level+0x420/0x420\n ? do_init_module+0x4e/0x700\n ? __kasan_kmalloc+0x7d/0xa0\n ? kmem_cache_alloc_trace+0x188/0x2b0\n ? kasan_unpoison+0x21/0x50\n do_init_module+0x1d1/0x700\n load_module+0x3867/0x5260\n ? layout_and_allocate+0x3990/0x3990\n ? rcu_read_lock_held_common+0xe/0xb0\n ? rcu_read_lock_sched_held+0x62/0xe0\n ? rcu_read_lock_bh_held+0xd0/0xd0\n ? __vmalloc_node_range+0x46b/0x890\n ? lock_release+0x5c8/0xba0\n ? alloc_vm_area+0x120/0x120\n ? selinux_kernel_module_from_file+0x2a5/0x300\n ? __inode_security_revalidate+0xf0/0xf0\n ? __do_sys_init_module+0x1db/0x260\n __do_sys_init_module+0x1db/0x260\n ? load_module+0x5260/0x5260\n ? do_syscall_64+0x22/0x450\n do_syscall_64+0xa5/0x450\n entry_SYSCALL_64_after_hwframe+0x66/0xdb"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T00:01:09.005Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/87674a359ad173a3b8cd484e92e4f1901666da4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3bd44bf20cb3a6a47aa4373e1817147efb4be04"
        },
        {
          "url": "https://git.kernel.org/stable/c/209e4aa9a7b636d8aaa1297e1d089ee2ed91d73f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cd9842c46996ef62173c36619c746f57416bcb0"
        }
      ],
      "title": "RDMA/irdma: Cap MSIX used to online CPUs + 1",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53811",
    "datePublished": "2025-12-09T00:01:09.005Z",
    "dateReserved": "2025-12-08T23:58:35.277Z",
    "dateUpdated": "2025-12-09T00:01:09.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/midi2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f819b343aa95d24d5f7d6e06660c7f62591abc5f",
              "status": "affected",
              "version": "ff49d1df79aef7580fe3ac99d17c3f886655d080",
              "versionType": "git"
            },
            {
              "lessThan": "b1757fa30ef14f254f4719bf6f7d54a4c8207216",
              "status": "affected",
              "version": "ff49d1df79aef7580fe3ac99d17c3f886655d080",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/midi2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.3",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential memory leaks at error path for UMP open\n\nThe allocation and initialization errors at alloc_midi_urbs() that is\ncalled at MIDI 2.0 / UMP device are supposed to be handled at the\ncaller side by invoking free_midi_urbs().  However, free_midi_urbs()\nloops only for ep-\u003enum_urbs entries, and since ep-\u003enum_entries wasn\u0027t\nupdated yet at the allocation / init error in alloc_midi_urbs(), this\nentry won\u0027t be released.\n\nThe intention of free_midi_urbs() is to release the whole elements, so\nchange the loop size to NUM_URBS to scan over all elements for fixing\nthe missed releases.\n\nAlso, the call of free_midi_urbs() is missing at\nsnd_usb_midi_v2_open().  Although it\u0027ll be released later at\nreopen/close or disconnection, it\u0027s better to release immediately at\nthe error path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:55:52.045Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f819b343aa95d24d5f7d6e06660c7f62591abc5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1757fa30ef14f254f4719bf6f7d54a4c8207216"
        }
      ],
      "title": "ALSA: usb-audio: Fix potential memory leaks at error path for UMP open",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54022",
    "datePublished": "2025-12-24T10:55:52.045Z",
    "dateReserved": "2025-12-24T10:53:46.179Z",
    "dateUpdated": "2025-12-24T10:55:52.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/rng.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "15d6f42da1bb527629d8e1067b1302d58dec9166",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            },
            {
              "lessThan": "bd903c25b652c331831226cdf56c8179d18e43f4",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            },
            {
              "lessThan": "17acbcd44fe8dc17dc1072375e76df2d52da6ac8",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            },
            {
              "lessThan": "ab172f4f42626549b02bada05f09e3f2b0cc26ec",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            },
            {
              "lessThan": "c5c703b50e91dd4748769f4c5ab50d9ad60be370",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            },
            {
              "lessThan": "e247a7d138e514a40edda7c4d72c8bd49bb2cad3",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            },
            {
              "lessThan": "915cb75983bc5e8b80f8a2f25a4af463f7b18c14",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            },
            {
              "lessThan": "c0d36727bf39bb16ef0a67ed608e279535ebf0da",
              "status": "affected",
              "version": "77ebdabe8de7c02f43c6de3357f79ff96f9f0579",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/rng.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.52",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.156",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.111",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.52",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.2",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: rng - Ensure set_ent is always present\n\nEnsure that set_ent is always set since only drbg provides it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:18:12.220Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/15d6f42da1bb527629d8e1067b1302d58dec9166"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd903c25b652c331831226cdf56c8179d18e43f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/17acbcd44fe8dc17dc1072375e76df2d52da6ac8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab172f4f42626549b02bada05f09e3f2b0cc26ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5c703b50e91dd4748769f4c5ab50d9ad60be370"
        },
        {
          "url": "https://git.kernel.org/stable/c/e247a7d138e514a40edda7c4d72c8bd49bb2cad3"
        },
        {
          "url": "https://git.kernel.org/stable/c/915cb75983bc5e8b80f8a2f25a4af463f7b18c14"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0d36727bf39bb16ef0a67ed608e279535ebf0da"
        }
      ],
      "title": "crypto: rng - Ensure set_ent is always present",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40109",
    "datePublished": "2025-11-09T04:35:59.979Z",
    "dateReserved": "2025-04-16T07:20:57.167Z",
    "dateUpdated": "2025-12-01T06:18:12.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/sco.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "391f83547b7b2c63e4b572ab838e10a06cfa4425",
              "status": "affected",
              "version": "e6720779ae612a14ac4ba7fe4fd5b27d900d932c",
              "versionType": "git"
            },
            {
              "lessThan": "ecb9a843be4d6fd710d7026e359f21015a062572",
              "status": "affected",
              "version": "e6720779ae612a14ac4ba7fe4fd5b27d900d932c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/sco.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.13"
            },
            {
              "lessThan": "6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.8",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_conn_free\n\nBUG: KASAN: slab-use-after-free in sco_conn_free net/bluetooth/sco.c:87 [inline]\nBUG: KASAN: slab-use-after-free in kref_put include/linux/kref.h:65 [inline]\nBUG: KASAN: slab-use-after-free in sco_conn_put+0xdd/0x410\nnet/bluetooth/sco.c:107\nWrite of size 8 at addr ffff88811cb96b50 by task kworker/u17:4/352\n\nCPU: 1 UID: 0 PID: 352 Comm: kworker/u17:4 Not tainted\n6.17.0-rc5-g717368f83676 #4 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci13 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x10b/0x170 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x191/0x550 mm/kasan/report.c:482\n kasan_report+0xc4/0x100 mm/kasan/report.c:595\n sco_conn_free net/bluetooth/sco.c:87 [inline]\n kref_put include/linux/kref.h:65 [inline]\n sco_conn_put+0xdd/0x410 net/bluetooth/sco.c:107\n sco_connect_cfm+0xb4/0xae0 net/bluetooth/sco.c:1441\n hci_connect_cfm include/net/bluetooth/hci_core.h:2082 [inline]\n hci_conn_failed+0x20a/0x2e0 net/bluetooth/hci_conn.c:1313\n hci_conn_unlink+0x55f/0x810 net/bluetooth/hci_conn.c:1121\n hci_conn_del+0xb6/0x1110 net/bluetooth/hci_conn.c:1147\n hci_abort_conn_sync+0x8c5/0xbb0 net/bluetooth/hci_sync.c:5689\n hci_cmd_sync_work+0x281/0x380 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0x77e/0x1040 kernel/workqueue.c:3319\n worker_thread+0xbee/0x1200 kernel/workqueue.c:3400\n kthread+0x3c7/0x870 kernel/kthread.c:463\n ret_from_fork+0x13a/0x1e0 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 31370:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x70 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0x82/0x90 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4382 [inline]\n __kmalloc_noprof+0x22f/0x390 mm/slub.c:4394\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xae/0x220 net/core/sock.c:2239\n sk_alloc+0x34/0x5a0 net/core/sock.c:2295\n bt_sock_alloc+0x3c/0x330 net/bluetooth/af_bluetooth.c:151\n sco_sock_alloc net/bluetooth/sco.c:562 [inline]\n sco_sock_create+0xc0/0x350 net/bluetooth/sco.c:593\n bt_sock_create+0x161/0x3b0 net/bluetooth/af_bluetooth.c:135\n __sock_create+0x3ad/0x780 net/socket.c:1589\n sock_create net/socket.c:1647 [inline]\n __sys_socket_create net/socket.c:1684 [inline]\n __sys_socket+0xd5/0x330 net/socket.c:1731\n __do_sys_socket net/socket.c:1745 [inline]\n __se_sys_socket net/socket.c:1743 [inline]\n __x64_sys_socket+0x7a/0x90 net/socket.c:1743\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xc7/0x240 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 31374:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x70 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:243 [inline]\n __kasan_slab_free+0x3d/0x50 mm/kasan/common.c:275\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2428 [inline]\n slab_free mm/slub.c:4701 [inline]\n kfree+0x199/0x3b0 mm/slub.c:4900\n sk_prot_free net/core/sock.c:2278 [inline]\n __sk_destruct+0x4aa/0x630 net/core/sock.c:2373\n sco_sock_release+0x2ad/0x300 net/bluetooth/sco.c:1333\n __sock_release net/socket.c:649 [inline]\n sock_close+0xb8/0x230 net/socket.c:1439\n __fput+0x3d1/0x9e0 fs/file_table.c:468\n task_work_run+0x206/0x2a0 kernel/task_work.c:227\n get_signal+0x1201/0x1410 kernel/signal.c:2807\n arch_do_signal_or_restart+0x34/0x740 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop+0x68/0xc0 kernel/entry/common.c:40\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n s\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:33:30.865Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/391f83547b7b2c63e4b572ab838e10a06cfa4425"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecb9a843be4d6fd710d7026e359f21015a062572"
        }
      ],
      "title": "Bluetooth: SCO: Fix UAF on sco_conn_free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40309",
    "datePublished": "2025-12-08T00:46:34.785Z",
    "dateReserved": "2025-04-16T07:20:57.185Z",
    "dateUpdated": "2026-01-02T15:33:30.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/net/lcs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7b4da3fcd513b8e67823eb80da37aad99b3339c1",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "d49cc2b705711fb8fb849e7c660929b2100360b7",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "e684215d8a903752e2b0cc946517fb61e57a880a",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "20022d551f2064a194d8e0acb6cd7a85094a17b2",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "ebc3c77785dc8b5b626309c0032a38fbb139287a",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "5ad774fb823c24bbeb21a15a67103ea7a6f5b928",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "69669820844f81a77b6db24b86581320ae4d17af",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "cda74cdc280ba35c8993e7517bac5c257ff36f18",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            },
            {
              "lessThan": "bb16db8393658e0978c3f0d30ae069e878264fa3",
              "status": "affected",
              "version": "dc1f8bf68b311b1537cb65893430b6796118498a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/net/lcs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/lcs: Fix return type of lcs_start_xmit()\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n  drivers/s390/net/lcs.c:2090:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n          .ndo_start_xmit         = lcs_start_xmit,\n                                    ^~~~~~~~~~~~~~\n  drivers/s390/net/lcs.c:2097:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n          .ndo_start_xmit         = lcs_start_xmit,\n                                    ^~~~~~~~~~~~~~\n\n-\u003endo_start_xmit() in \u0027struct net_device_ops\u0027 expects a return type of\n\u0027netdev_tx_t\u0027, not \u0027int\u0027. Adjust the return type of lcs_start_xmit() to\nmatch the prototype\u0027s to resolve the warning and potential CFI failure,\nshould s390 select ARCH_SUPPORTS_CFI_CLANG in the future."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:04:08.318Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7b4da3fcd513b8e67823eb80da37aad99b3339c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/d49cc2b705711fb8fb849e7c660929b2100360b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e684215d8a903752e2b0cc946517fb61e57a880a"
        },
        {
          "url": "https://git.kernel.org/stable/c/20022d551f2064a194d8e0acb6cd7a85094a17b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebc3c77785dc8b5b626309c0032a38fbb139287a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ad774fb823c24bbeb21a15a67103ea7a6f5b928"
        },
        {
          "url": "https://git.kernel.org/stable/c/69669820844f81a77b6db24b86581320ae4d17af"
        },
        {
          "url": "https://git.kernel.org/stable/c/cda74cdc280ba35c8993e7517bac5c257ff36f18"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb16db8393658e0978c3f0d30ae069e878264fa3"
        }
      ],
      "title": "s390/lcs: Fix return type of lcs_start_xmit()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50728",
    "datePublished": "2025-12-24T12:22:49.001Z",
    "dateReserved": "2025-12-24T12:20:40.330Z",
    "dateUpdated": "2026-01-02T15:04:08.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0e3ea7e82a06014b9baf1b84ba579c38cbff3558",
              "status": "affected",
              "version": "50f303496d92e25b79bdfb73e3707ad0684ad67f",
              "versionType": "git"
            },
            {
              "lessThan": "bc6ed2fa24b14e40e1005488bbe11268ce7108fa",
              "status": "affected",
              "version": "50f303496d92e25b79bdfb73e3707ad0684ad67f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.4",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: clean up in all error paths when enabling SR-IOV\n\nAfter commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"), removing\nthe igb module could hang or crash (depending on the machine) when the\nmodule has been loaded with the max_vfs parameter set to some value != 0.\n\nIn case of one test machine with a dual port 82580, this hang occurred:\n\n[  232.480687] igb 0000:41:00.1: removed PHC on enp65s0f1\n[  233.093257] igb 0000:41:00.1: IOV Disabled\n[  233.329969] pcieport 0000:40:01.0: AER: Multiple Uncorrected (Non-Fatal) err0\n[  233.340302] igb 0000:41:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[  233.352248] igb 0000:41:00.0:   device [8086:1516] error status/mask=00100000\n[  233.361088] igb 0000:41:00.0:    [20] UnsupReq               (First)\n[  233.368183] igb 0000:41:00.0: AER:   TLP Header: 40000001 0000040f cdbfc00c c\n[  233.376846] igb 0000:41:00.1: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[  233.388779] igb 0000:41:00.1:   device [8086:1516] error status/mask=00100000\n[  233.397629] igb 0000:41:00.1:    [20] UnsupReq               (First)\n[  233.404736] igb 0000:41:00.1: AER:   TLP Header: 40000001 0000040f cdbfc00c c\n[  233.538214] pci 0000:41:00.1: AER: can\u0027t recover (no error_detected callback)\n[  233.538401] igb 0000:41:00.0: removed PHC on enp65s0f0\n[  233.546197] pcieport 0000:40:01.0: AER: device recovery failed\n[  234.157244] igb 0000:41:00.0: IOV Disabled\n[  371.619705] INFO: task irq/35-aerdrv:257 blocked for more than 122 seconds.\n[  371.627489]       Not tainted 6.4.0-dirty #2\n[  371.632257] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this.\n[  371.641000] task:irq/35-aerdrv   state:D stack:0     pid:257   ppid:2      f0\n[  371.650330] Call Trace:\n[  371.653061]  \u003cTASK\u003e\n[  371.655407]  __schedule+0x20e/0x660\n[  371.659313]  schedule+0x5a/0xd0\n[  371.662824]  schedule_preempt_disabled+0x11/0x20\n[  371.667983]  __mutex_lock.constprop.0+0x372/0x6c0\n[  371.673237]  ? __pfx_aer_root_reset+0x10/0x10\n[  371.678105]  report_error_detected+0x25/0x1c0\n[  371.682974]  ? __pfx_report_normal_detected+0x10/0x10\n[  371.688618]  pci_walk_bus+0x72/0x90\n[  371.692519]  pcie_do_recovery+0xb2/0x330\n[  371.696899]  aer_process_err_devices+0x117/0x170\n[  371.702055]  aer_isr+0x1c0/0x1e0\n[  371.705661]  ? __set_cpus_allowed_ptr+0x54/0xa0\n[  371.710723]  ? __pfx_irq_thread_fn+0x10/0x10\n[  371.715496]  irq_thread_fn+0x20/0x60\n[  371.719491]  irq_thread+0xe6/0x1b0\n[  371.723291]  ? __pfx_irq_thread_dtor+0x10/0x10\n[  371.728255]  ? __pfx_irq_thread+0x10/0x10\n[  371.732731]  kthread+0xe2/0x110\n[  371.736243]  ? __pfx_kthread+0x10/0x10\n[  371.740430]  ret_from_fork+0x2c/0x50\n[  371.744428]  \u003c/TASK\u003e\n\nThe reproducer was a simple script:\n\n  #!/bin/sh\n  for i in `seq 1 5`; do\n    modprobe -rv igb\n    modprobe -v igb max_vfs=1\n    sleep 1\n    modprobe -rv igb\n  done\n\nIt turned out that this could only be reproduce on 82580 (quad and\ndual-port), but not on 82576, i350 and i210.  Further debugging showed\nthat igb_enable_sriov()\u0027s call to pci_enable_sriov() is failing, because\ndev-\u003eis_physfn is 0 on 82580.\n\nPrior to commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"),\nigb_enable_sriov() jumped into the \"err_out\" cleanup branch.  After this\ncommit it only returned the error code.\n\nSo the cleanup didn\u0027t take place, and the incorrect VF setup in the\nigb_adapter structure fooled the igb driver into assuming that VFs have\nbeen set up where no VF actually existed.\n\nFix this problem by cleaning up again if pci_enable_sriov() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T12:23:14.182Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0e3ea7e82a06014b9baf1b84ba579c38cbff3558"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc6ed2fa24b14e40e1005488bbe11268ce7108fa"
        }
      ],
      "title": "igb: clean up in all error paths when enabling SR-IOV",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54070",
    "datePublished": "2025-12-24T12:23:14.182Z",
    "dateReserved": "2025-12-24T12:21:05.093Z",
    "dateUpdated": "2025-12-24T12:23:14.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bridge/br_forward.c",
            "net/bridge/br_input.c",
            "net/bridge/br_private.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e19085b2a86addccff33ab8536fc67ebd9d52198",
              "status": "affected",
              "version": "ec7328b59176227216c461601c6bd0e922232a9b",
              "versionType": "git"
            },
            {
              "lessThan": "3b60ce334c1ce8b3fad7e02dcd5ed9f6646477c8",
              "status": "affected",
              "version": "ec7328b59176227216c461601c6bd0e922232a9b",
              "versionType": "git"
            },
            {
              "lessThan": "bf3843183bc3158e5821b46f330c438ae9bd6ddb",
              "status": "affected",
              "version": "ec7328b59176227216c461601c6bd0e922232a9b",
              "versionType": "git"
            },
            {
              "lessThan": "991fbe1680cd41a5f97c92cd3a3496315df36e4b",
              "status": "affected",
              "version": "ec7328b59176227216c461601c6bd0e922232a9b",
              "versionType": "git"
            },
            {
              "lessThan": "8dca36978aa80bab9d4da130c211db75c9e00048",
              "status": "affected",
              "version": "ec7328b59176227216c461601c6bd0e922232a9b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bridge/br_forward.c",
            "net/bridge/br_input.c",
            "net/bridge/br_private.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.159",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.117",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.58",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.8",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix use-after-free due to MST port state bypass\n\nsyzbot reported[1] a use-after-free when deleting an expired fdb. It is\ndue to a race condition between learning still happening and a port being\ndeleted, after all its fdbs have been flushed. The port\u0027s state has been\ntoggled to disabled so no learning should happen at that time, but if we\nhave MST enabled, it will bypass the port\u0027s state, that together with VLAN\nfiltering disabled can lead to fdb learning at a time when it shouldn\u0027t\nhappen while the port is being deleted. VLAN filtering must be disabled\nbecause we flush the port VLANs when it\u0027s being deleted which will stop\nlearning. This fix adds a check for the port\u0027s vlan group which is\ninitialized to NULL when the port is getting deleted, that avoids the port\nstate bypass. When MST is enabled there would be a minimal new overhead\nin the fast-path because the port\u0027s vlan group pointer is cache-hot.\n\n[1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-08T00:46:21.112Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e19085b2a86addccff33ab8536fc67ebd9d52198"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b60ce334c1ce8b3fad7e02dcd5ed9f6646477c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf3843183bc3158e5821b46f330c438ae9bd6ddb"
        },
        {
          "url": "https://git.kernel.org/stable/c/991fbe1680cd41a5f97c92cd3a3496315df36e4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8dca36978aa80bab9d4da130c211db75c9e00048"
        }
      ],
      "title": "net: bridge: fix use-after-free due to MST port state bypass",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40297",
    "datePublished": "2025-12-08T00:46:21.112Z",
    "dateReserved": "2025-04-16T07:20:57.185Z",
    "dateUpdated": "2025-12-08T00:46:21.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_vti.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f0ab8d52ee0062b28367dea23c29e254a26d7db",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            },
            {
              "lessThan": "fa6c6c04f6c9b21b315023f487e5a07ae7fcf647",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            },
            {
              "lessThan": "eb47e612e59c358c3968a92f90dd36c78c9a2106",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            },
            {
              "lessThan": "ec23b25e5687dbd644c0f57bcb6af22dd5a6dd36",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            },
            {
              "lessThan": "a1639a82ce14af76b6419778d343ccbff86ee626",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            },
            {
              "lessThan": "55ad2309205cc00c585344374c7472420e1b2c12",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            },
            {
              "lessThan": "c070688bfbe7759e61e697e421b2a331b0dd74bc",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            },
            {
              "lessThan": "9fd41f1ba638938c9a1195d09bc6fa3be2712f25",
              "status": "affected",
              "version": "f855691975bb06373a98711e4cfe2c224244b536",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_vti.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.255",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.192",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.324",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.293",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.255",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.192",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.128",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.47",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.12",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: fix slab-use-after-free in decode_session6\n\nWhen ipv6_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ipv6_vti device sends IPv6 packets.\n\nThe stack information is as follows:\nBUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890\nRead of size 1 at addr ffff88802e08edc2 by task swapper/0/0\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0-next-20230707-00001-g84e2cad7f979 #410\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xd9/0x150\nprint_address_description.constprop.0+0x2c/0x3c0\nkasan_report+0x11d/0x130\ndecode_session6+0x103f/0x1890\n__xfrm_decode_session+0x54/0xb0\nvti6_tnl_xmit+0x3e6/0x1ee0\ndev_hard_start_xmit+0x187/0x700\nsch_direct_xmit+0x1a3/0xc30\n__qdisc_run+0x510/0x17a0\n__dev_queue_xmit+0x2215/0x3b10\nneigh_connected_output+0x3c2/0x550\nip6_finish_output2+0x55a/0x1550\nip6_finish_output+0x6b9/0x1270\nip6_output+0x1f1/0x540\nndisc_send_skb+0xa63/0x1890\nndisc_send_rs+0x132/0x6f0\naddrconf_rs_timer+0x3f1/0x870\ncall_timer_fn+0x1a0/0x580\nexpire_timers+0x29b/0x4b0\nrun_timer_softirq+0x326/0x910\n__do_softirq+0x1d4/0x905\nirq_exit_rcu+0xb7/0x120\nsysvec_apic_timer_interrupt+0x97/0xc0\n\u003c/IRQ\u003e\nAllocated by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\n__kasan_slab_alloc+0x7f/0x90\nkmem_cache_alloc_node+0x1cd/0x410\nkmalloc_reserve+0x165/0x270\n__alloc_skb+0x129/0x330\nnetlink_sendmsg+0x9b1/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\nkasan_save_free_info+0x2b/0x40\n____kasan_slab_free+0x160/0x1c0\nslab_free_freelist_hook+0x11b/0x220\nkmem_cache_free+0xf0/0x490\nskb_free_head+0x17f/0x1b0\nskb_release_data+0x59c/0x850\nconsume_skb+0xd2/0x170\nnetlink_unicast+0x54f/0x7f0\nnetlink_sendmsg+0x926/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nThe buggy address belongs to the object at ffff88802e08ed00\nwhich belongs to the cache skbuff_small_head of size 640\nThe buggy address is located 194 bytes inside of\nfreed 640-byte region [ffff88802e08ed00, ffff88802e08ef80)\n\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T01:29:34.073Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f0ab8d52ee0062b28367dea23c29e254a26d7db"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa6c6c04f6c9b21b315023f487e5a07ae7fcf647"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb47e612e59c358c3968a92f90dd36c78c9a2106"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec23b25e5687dbd644c0f57bcb6af22dd5a6dd36"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1639a82ce14af76b6419778d343ccbff86ee626"
        },
        {
          "url": "https://git.kernel.org/stable/c/55ad2309205cc00c585344374c7472420e1b2c12"
        },
        {
          "url": "https://git.kernel.org/stable/c/c070688bfbe7759e61e697e421b2a331b0dd74bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fd41f1ba638938c9a1195d09bc6fa3be2712f25"
        }
      ],
      "title": "ip6_vti: fix slab-use-after-free in decode_session6",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53821",
    "datePublished": "2025-12-09T01:29:34.073Z",
    "dateReserved": "2025-12-09T01:27:17.824Z",
    "dateUpdated": "2025-12-09T01:29:34.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "399b73d6b7720a9eae68a333193b53ed4f432fe5",
              "status": "affected",
              "version": "2f77b9a242a2e01822efc80c8b63eaa31df0f8b4",
              "versionType": "git"
            },
            {
              "lessThan": "e9dca969b2426702a73719ab9207e43c6d80b581",
              "status": "affected",
              "version": "2f77b9a242a2e01822efc80c8b63eaa31df0f8b4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.4",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Add missing gfx11 MQD manager callbacks\n\nmqd_stride function was introduced in commit 2f77b9a242a2\n(\"drm/amdkfd: Update MQD management on multi XCC setup\")\nbut not assigned for gfx11. Fixes a NULL dereference in debugfs."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T11:37:08.116Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/399b73d6b7720a9eae68a333193b53ed4f432fe5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9dca969b2426702a73719ab9207e43c6d80b581"
        }
      ],
      "title": "drm/amdkfd: Add missing gfx11 MQD manager callbacks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54261",
    "datePublished": "2025-12-30T12:15:54.870Z",
    "dateReserved": "2025-12-30T12:06:44.516Z",
    "dateUpdated": "2026-01-05T11:37:08.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3fba965a9aac0fa3cbd8138436a37af9ab466d79",
              "status": "affected",
              "version": "b4ab31414970a7a03a5d55d75083f2c101a30592",
              "versionType": "git"
            },
            {
              "lessThan": "057764172fcc6ee2ccb6c41351a55a9f054dc8fd",
              "status": "affected",
              "version": "b4ab31414970a7a03a5d55d75083f2c101a30592",
              "versionType": "git"
            },
            {
              "lessThan": "2e67c2037382abb56497bb9d7b7e10be04eb5598",
              "status": "affected",
              "version": "b4ab31414970a7a03a5d55d75083f2c101a30592",
              "versionType": "git"
            },
            {
              "lessThan": "b6bfe44b6dbb14a31d86c475cdc9c7689534fb09",
              "status": "affected",
              "version": "b4ab31414970a7a03a5d55d75083f2c101a30592",
              "versionType": "git"
            },
            {
              "lessThan": "f36a305d30f557306d87c787ddffe094ac5dac89",
              "status": "affected",
              "version": "b4ab31414970a7a03a5d55d75083f2c101a30592",
              "versionType": "git"
            },
            {
              "lessThan": "7404ce888a45eb7da0508b7cbbe6f2e95302eeb8",
              "status": "affected",
              "version": "b4ab31414970a7a03a5d55d75083f2c101a30592",
              "versionType": "git"
            },
            {
              "lessThan": "23f3770e1a53e6c7a553135011f547209e141e72",
              "status": "affected",
              "version": "b4ab31414970a7a03a5d55d75083f2c101a30592",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.157",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.113",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.54",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.4",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}\n\nCilium has a BPF egress gateway feature which forces outgoing K8s Pod\ntraffic to pass through dedicated egress gateways which then SNAT the\ntraffic in order to interact with stable IPs outside the cluster.\n\nThe traffic is directed to the gateway via vxlan tunnel in collect md\nmode. A recent BPF change utilized the bpf_redirect_neigh() helper to\nforward packets after the arrival and decap on vxlan, which turned out\nover time that the kmalloc-256 slab usage in kernel was ever-increasing.\n\nThe issue was that vxlan allocates the metadata_dst object and attaches\nit through a fake dst entry to the skb. The latter was never released\nthough given bpf_redirect_neigh() was merely setting the new dst entry\nvia skb_dst_set() without dropping an existing one first."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:19:40.805Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3fba965a9aac0fa3cbd8138436a37af9ab466d79"
        },
        {
          "url": "https://git.kernel.org/stable/c/057764172fcc6ee2ccb6c41351a55a9f054dc8fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e67c2037382abb56497bb9d7b7e10be04eb5598"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6bfe44b6dbb14a31d86c475cdc9c7689534fb09"
        },
        {
          "url": "https://git.kernel.org/stable/c/f36a305d30f557306d87c787ddffe094ac5dac89"
        },
        {
          "url": "https://git.kernel.org/stable/c/7404ce888a45eb7da0508b7cbbe6f2e95302eeb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/23f3770e1a53e6c7a553135011f547209e141e72"
        }
      ],
      "title": "bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40183",
    "datePublished": "2025-11-12T21:56:27.429Z",
    "dateReserved": "2025-04-16T07:20:57.177Z",
    "dateUpdated": "2025-12-01T06:19:40.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c",
            "drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c",
            "drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c863b9c7b4e9af0b7931cb791ec91971a50f1a25",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            },
            {
              "lessThan": "e1fc9afcce9139791260f962541282d47fbb508d",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            },
            {
              "lessThan": "55f60a72a178909ece4e32987e4c642ba57e1cf4",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            },
            {
              "lessThan": "c2b0f8d3e7358c33d90f0e62765d474f25f26a45",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            },
            {
              "lessThan": "64e3175d1c8a3bea02032e7c9d1befd5f43786fa",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            },
            {
              "lessThan": "a6eed58249e7d60f856900e682992300f770f64b",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            },
            {
              "lessThan": "dbc7357b6aae686d9404e1dd7e2e6cf92c3a1b5a",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            },
            {
              "lessThan": "3776c685ebe5f43e9060af06872661de55e80b9a",
              "status": "affected",
              "version": "18e2f61db3b708e0a22ccc403cb6ab2203d6faab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c",
            "drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c",
            "drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.302",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.247",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.302",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.247",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.197",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.159",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.117",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.58",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.8",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode\n\nCurrently, whenever there is a need to transmit an Action frame,\nthe brcmfmac driver always uses the P2P vif to send the \"actframe\" IOVAR to\nfirmware. The P2P interfaces were available when wpa_supplicant is managing\nthe wlan interface.\n\nHowever, the P2P interfaces are not created/initialized when only hostapd\nis managing the wlan interface. And if hostapd receives an ANQP Query REQ\nAction frame even from an un-associated STA, the brcmfmac driver tries\nto use an uninitialized P2P vif pointer for sending the IOVAR to firmware.\nThis NULL pointer dereferencing triggers a driver crash.\n\n [ 1417.074538] Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000000\n [...]\n [ 1417.075188] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n [...]\n [ 1417.075653] Call trace:\n [ 1417.075662]  brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac]\n [ 1417.075738]  brcmf_cfg80211_mgmt_tx+0x304/0x5c0 [brcmfmac]\n [ 1417.075810]  cfg80211_mlme_mgmt_tx+0x1b0/0x428 [cfg80211]\n [ 1417.076067]  nl80211_tx_mgmt+0x238/0x388 [cfg80211]\n [ 1417.076281]  genl_family_rcv_msg_doit+0xe0/0x158\n [ 1417.076302]  genl_rcv_msg+0x220/0x2a0\n [ 1417.076317]  netlink_rcv_skb+0x68/0x140\n [ 1417.076330]  genl_rcv+0x40/0x60\n [ 1417.076343]  netlink_unicast+0x330/0x3b8\n [ 1417.076357]  netlink_sendmsg+0x19c/0x3f8\n [ 1417.076370]  __sock_sendmsg+0x64/0xc0\n [ 1417.076391]  ____sys_sendmsg+0x268/0x2a0\n [ 1417.076408]  ___sys_sendmsg+0xb8/0x118\n [ 1417.076427]  __sys_sendmsg+0x90/0xf8\n [ 1417.076445]  __arm64_sys_sendmsg+0x2c/0x40\n [ 1417.076465]  invoke_syscall+0x50/0x120\n [ 1417.076486]  el0_svc_common.constprop.0+0x48/0xf0\n [ 1417.076506]  do_el0_svc+0x24/0x38\n [ 1417.076525]  el0_svc+0x30/0x100\n [ 1417.076548]  el0t_64_sync_handler+0x100/0x130\n [ 1417.076569]  el0t_64_sync+0x190/0x198\n [ 1417.076589] Code: f9401e80 aa1603e2 f9403be1 5280e483 (f9400000)\n\nFix this, by always using the vif corresponding to the wdev on which the\nAction frame Transmission request was initiated by the userspace. This way,\neven if P2P vif is not available, the IOVAR is sent to firmware on AP vif\nand the ANQP Query RESP Action frame is transmitted without crashing the\ndriver.\n\nMove init_completion() for \"send_af_done\" from brcmf_p2p_create_p2pdev()\nto brcmf_p2p_attach(). Because the former function would not get executed\nwhen only hostapd is managing wlan interface, and it is not safe to do\nreinit_completion() later in brcmf_p2p_tx_action_frame(), without any prior\ninit_completion().\n\nAnd in the brcmf_p2p_tx_action_frame() function, the condition check for\nP2P Presence response frame is not needed, since the wpa_supplicant is\nproperly sending the P2P Presense Response frame on the P2P-GO vif instead\nof the P2P-Device vif.\n\n[Cc stable]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-08T00:46:48.724Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c863b9c7b4e9af0b7931cb791ec91971a50f1a25"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1fc9afcce9139791260f962541282d47fbb508d"
        },
        {
          "url": "https://git.kernel.org/stable/c/55f60a72a178909ece4e32987e4c642ba57e1cf4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2b0f8d3e7358c33d90f0e62765d474f25f26a45"
        },
        {
          "url": "https://git.kernel.org/stable/c/64e3175d1c8a3bea02032e7c9d1befd5f43786fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6eed58249e7d60f856900e682992300f770f64b"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbc7357b6aae686d9404e1dd7e2e6cf92c3a1b5a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3776c685ebe5f43e9060af06872661de55e80b9a"
        }
      ],
      "title": "wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40321",
    "datePublished": "2025-12-08T00:46:48.724Z",
    "dateReserved": "2025-04-16T07:20:57.186Z",
    "dateUpdated": "2025-12-08T00:46:48.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en.h",
            "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dcb2ad755a16cb0ecd2dc98234d71a6e216ae7fe",
              "status": "affected",
              "version": "c4d7eb57687f358cd498ea3624519236af8db97e",
              "versionType": "git"
            },
            {
              "lessThan": "a3d4f87d41f5140f1cf5c02fce5cdad2637f6244",
              "status": "affected",
              "version": "c4d7eb57687f358cd498ea3624519236af8db97e",
              "versionType": "git"
            },
            {
              "lessThan": "123eda2e5b1638e298e3a66bb1e64a8da92de5e1",
              "status": "affected",
              "version": "c4d7eb57687f358cd498ea3624519236af8db97e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en.h",
            "drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.67",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.7",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don\u0027t store mlx5e_priv in mlx5e_dev devlink priv\n\nmlx5e_priv is an unstable structure that can be memset(0) if profile\nattaching fails, mlx5e_priv in mlx5e_dev devlink private is used to\nreference the netdev and mdev associated with that struct. Instead,\nstore netdev directly into mlx5e_dev and get mdev from the containing\nmlx5_adev aux device structure.\n\nThis fixes a kernel oops in mlx5e_remove when switchdev mode fails due\nto change profile failure.\n\n$ devlink dev eswitch set pci/0000:00:03.0 mode switchdev\nError: mlx5_core: Failed setting eswitch to offloads.\ndmesg:\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n\n$ devlink dev reload pci/0000:00:03.0 ==\u003e oops\n\nBUG: kernel NULL pointer dereference, address: 0000000000000520\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 3 UID: 0 PID: 521 Comm: devlink Not tainted 6.18.0-rc5+ #117 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:mlx5e_remove+0x68/0x130\nRSP: 0018:ffffc900034838f0 EFLAGS: 00010246\nRAX: ffff88810283c380 RBX: ffff888101874400 RCX: ffffffff826ffc45\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\nRBP: ffff888102d789c0 R08: ffff8881007137f0 R09: ffff888100264e10\nR10: ffffc90003483898 R11: ffffc900034838a0 R12: ffff888100d261a0\nR13: ffff888100d261a0 R14: ffff8881018749a0 R15: ffff888101874400\nFS:  00007f8565fea740(0000) GS:ffff88856a759000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000520 CR3: 000000010b11a004 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n device_release_driver_internal+0x19c/0x200\n bus_remove_device+0xc6/0x130\n device_del+0x160/0x3d0\n ? devl_param_driverinit_value_get+0x2d/0x90\n mlx5_detach_device+0x89/0xe0\n mlx5_unload_one_devl_locked+0x3a/0x70\n mlx5_devlink_reload_down+0xc8/0x220\n devlink_reload+0x7d/0x260\n devlink_nl_reload_doit+0x45b/0x5a0\n genl_family_rcv_msg_doit+0xe8/0x140"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T08:36:47.852Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dcb2ad755a16cb0ecd2dc98234d71a6e216ae7fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3d4f87d41f5140f1cf5c02fce5cdad2637f6244"
        },
        {
          "url": "https://git.kernel.org/stable/c/123eda2e5b1638e298e3a66bb1e64a8da92de5e1"
        }
      ],
      "title": "net/mlx5e: Don\u0027t store mlx5e_priv in mlx5e_dev devlink priv",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-22996",
    "datePublished": "2026-01-25T14:36:11.195Z",
    "dateReserved": "2026-01-13T15:37:45.938Z",
    "dateUpdated": "2026-02-09T08:36:47.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/codecs/tlv320adcx140.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "954260a32c21d5072d8e7253c0a8b1627927cb02",
              "status": "affected",
              "version": "4e82971f7b556cff3491c867e8840e7d788693b9",
              "versionType": "git"
            },
            {
              "lessThan": "659939d08e5f7bc17b941c53e8c9c0a6c6113b21",
              "status": "affected",
              "version": "4e82971f7b556cff3491c867e8840e7d788693b9",
              "versionType": "git"
            },
            {
              "lessThan": "61757f5191daab863d25f03680e912b5449a1eed",
              "status": "affected",
              "version": "4e82971f7b556cff3491c867e8840e7d788693b9",
              "versionType": "git"
            },
            {
              "lessThan": "53bd838ed5950cb18927e4b2e8ee841b7cb10929",
              "status": "affected",
              "version": "4e82971f7b556cff3491c867e8840e7d788693b9",
              "versionType": "git"
            },
            {
              "lessThan": "be7664c81d3129fc313ef62ff275fd3d33cfecd4",
              "status": "affected",
              "version": "4e82971f7b556cff3491c867e8840e7d788693b9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/codecs/tlv320adcx140.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.162",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.122",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.67",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.7",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: tlv320adcx140: fix null pointer\n\nThe \"snd_soc_component\" in \"adcx140_priv\" was only used once but never\nset. It was only used for reaching \"dev\" which is already present in\n\"adcx140_priv\"."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T08:36:58.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/954260a32c21d5072d8e7253c0a8b1627927cb02"
        },
        {
          "url": "https://git.kernel.org/stable/c/659939d08e5f7bc17b941c53e8c9c0a6c6113b21"
        },
        {
          "url": "https://git.kernel.org/stable/c/61757f5191daab863d25f03680e912b5449a1eed"
        },
        {
          "url": "https://git.kernel.org/stable/c/53bd838ed5950cb18927e4b2e8ee841b7cb10929"
        },
        {
          "url": "https://git.kernel.org/stable/c/be7664c81d3129fc313ef62ff275fd3d33cfecd4"
        }
      ],
      "title": "ASoC: tlv320adcx140: fix null pointer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23006",
    "datePublished": "2026-01-25T14:36:19.819Z",
    "dateReserved": "2026-01-13T15:37:45.939Z",
    "dateUpdated": "2026-02-09T08:36:58.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/acct.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e93f995a591c352d35d89c518c54f790e1537754",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cf60bbca1b83a7e0927e36dbf178328982927886",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1750a0983c455a9b3badd848471fc8d58cb61f67",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a815a3e019456c94b03bd183e7ac22fd29e9e6fd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6edd0cdee5780fd5f43356b72b29a2a6d48ef6da",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ebe16676e1dcaa4556ec4d36ca40c82e99e88cfa",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2224897d8187dc22a83e05d9361efcccf67bcf12",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0aac6e60c464a5f942f995428e67f8ae1c422250",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c5f31c655bcc01b6da53b836ac951c1556245305",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/acct.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: fix potential integer overflow in encode_comp_t()\n\nThe integer overflow is descripted with following codes:\n  \u003e 317 static comp_t encode_comp_t(u64 value)\n  \u003e 318 {\n  \u003e 319         int exp, rnd;\n    ......\n  \u003e 341         exp \u003c\u003c= MANTSIZE;\n  \u003e 342         exp += value;\n  \u003e 343         return exp;\n  \u003e 344 }\n\nCurrently comp_t is defined as type of \u0027__u16\u0027, but the variable \u0027exp\u0027 is\ntype of \u0027int\u0027, so overflow would happen when variable \u0027exp\u0027 in line 343 is\ngreater than 65535."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:04:23.470Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e93f995a591c352d35d89c518c54f790e1537754"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf60bbca1b83a7e0927e36dbf178328982927886"
        },
        {
          "url": "https://git.kernel.org/stable/c/1750a0983c455a9b3badd848471fc8d58cb61f67"
        },
        {
          "url": "https://git.kernel.org/stable/c/a815a3e019456c94b03bd183e7ac22fd29e9e6fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/6edd0cdee5780fd5f43356b72b29a2a6d48ef6da"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebe16676e1dcaa4556ec4d36ca40c82e99e88cfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/2224897d8187dc22a83e05d9361efcccf67bcf12"
        },
        {
          "url": "https://git.kernel.org/stable/c/0aac6e60c464a5f942f995428e67f8ae1c422250"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5f31c655bcc01b6da53b836ac951c1556245305"
        }
      ],
      "title": "acct: fix potential integer overflow in encode_comp_t()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50749",
    "datePublished": "2025-12-24T13:05:44.734Z",
    "dateReserved": "2025-12-24T13:02:21.544Z",
    "dateUpdated": "2026-01-02T15:04:23.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/maple_tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4e2ad53ababeaac44d71162650984abfe783960c",
              "status": "affected",
              "version": "54a611b605901c7d5d05b6b8f5d04a6ceb0962aa",
              "versionType": "git"
            },
            {
              "lessThan": "dc4751bd4aba01ccfc02f91adfeee0ba4cda405c",
              "status": "affected",
              "version": "54a611b605901c7d5d05b6b8f5d04a6ceb0962aa",
              "versionType": "git"
            },
            {
              "lessThan": "f5fcf6555a2a4f32947d17b92b173837cc652891",
              "status": "affected",
              "version": "54a611b605901c7d5d05b6b8f5d04a6ceb0962aa",
              "versionType": "git"
            },
            {
              "lessThan": "cd00dd2585c4158e81fdfac0bbcc0446afbad26d",
              "status": "affected",
              "version": "54a611b605901c7d5d05b6b8f5d04a6ceb0962aa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/maple_tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.37",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.11",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.1",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix potential out-of-bounds access in mas_wr_end_piv()\n\nCheck the write offset end bounds before using it as the offset into the\npivot array.  This avoids a possible out-of-bounds access on the pivot\narray if the write extends to the last slot in the node, in which case the\nnode maximum should be used as the end pivot.\n\nakpm: this doesn\u0027t affect any current callers, but new users of mapletree\nmay encounter this problem if backported into earlier kernels, so let\u0027s\nfix it in -stable kernels in case of this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T13:06:51.329Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4e2ad53ababeaac44d71162650984abfe783960c"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc4751bd4aba01ccfc02f91adfeee0ba4cda405c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5fcf6555a2a4f32947d17b92b173837cc652891"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd00dd2585c4158e81fdfac0bbcc0446afbad26d"
        }
      ],
      "title": "maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54135",
    "datePublished": "2025-12-24T13:06:51.329Z",
    "dateReserved": "2025-12-24T13:02:52.522Z",
    "dateUpdated": "2025-12-24T13:06:51.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace_events.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1488d782c9e43087a3f341b8186cd25f3cf75583",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            },
            {
              "lessThan": "b4f4ab423107dc1ba8e9cc6488c645be6403d3f5",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            },
            {
              "lessThan": "cdcc35e6454133feb61561b4e0d0c80e52cbc2ba",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            },
            {
              "lessThan": "a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            },
            {
              "lessThan": "813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            },
            {
              "lessThan": "a3a3c7bddab9b6c5690b20796ef5e332b8c48afb",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            },
            {
              "lessThan": "528c9d73153754defb748f0b96ad33308668d817",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            },
            {
              "lessThan": "dea499781a1150d285c62b26659f62fb00824fce",
              "status": "affected",
              "version": "0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace_events.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.322",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.291",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.253",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.190",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.124",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.43",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix warning in trace_buffered_event_disable()\n\nWarning happened in trace_buffered_event_disable() at\n  WARN_ON_ONCE(!trace_buffered_event_ref)\n\n  Call Trace:\n   ? __warn+0xa5/0x1b0\n   ? trace_buffered_event_disable+0x189/0x1b0\n   __ftrace_event_enable_disable+0x19e/0x3e0\n   free_probe_data+0x3b/0xa0\n   unregister_ftrace_function_probe_func+0x6b8/0x800\n   event_enable_func+0x2f0/0x3d0\n   ftrace_process_regex.isra.0+0x12d/0x1b0\n   ftrace_filter_write+0xe6/0x140\n   vfs_write+0x1c9/0x6f0\n   [...]\n\nThe cause of the warning is in __ftrace_event_enable_disable(),\ntrace_buffered_event_enable() was called once while\ntrace_buffered_event_disable() was called twice.\nReproduction script show as below, for analysis, see the comments:\n ```\n #!/bin/bash\n\n cd /sys/kernel/tracing/\n\n # 1. Register a \u0027disable_event\u0027 command, then:\n #    1) SOFT_DISABLED_BIT was set;\n #    2) trace_buffered_event_enable() was called first time;\n echo \u0027cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n     set_ftrace_filter\n\n # 2. Enable the event registered, then:\n #    1) SOFT_DISABLED_BIT was cleared;\n #    2) trace_buffered_event_disable() was called first time;\n echo 1 \u003e events/initcall/initcall_finish/enable\n\n # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was\n #    set again!!!\n cat /proc/cmdline\n\n # 4. Unregister the \u0027disable_event\u0027 command, then:\n #    1) SOFT_DISABLED_BIT was cleared again;\n #    2) trace_buffered_event_disable() was called second time!!!\n echo \u0027!cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n     set_ftrace_filter\n ```\n\nTo fix it, IIUC, we can change to call trace_buffered_event_enable() at\nfist time soft-mode enabled, and call trace_buffered_event_disable() at\nlast time soft-mode disabled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:11:09.356Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1488d782c9e43087a3f341b8186cd25f3cf75583"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4f4ab423107dc1ba8e9cc6488c645be6403d3f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cdcc35e6454133feb61561b4e0d0c80e52cbc2ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074"
        },
        {
          "url": "https://git.kernel.org/stable/c/813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3a3c7bddab9b6c5690b20796ef5e332b8c48afb"
        },
        {
          "url": "https://git.kernel.org/stable/c/528c9d73153754defb748f0b96ad33308668d817"
        },
        {
          "url": "https://git.kernel.org/stable/c/dea499781a1150d285c62b26659f62fb00824fce"
        }
      ],
      "title": "tracing: Fix warning in trace_buffered_event_disable()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54211",
    "datePublished": "2025-12-30T12:11:09.356Z",
    "dateReserved": "2025-12-30T12:06:44.500Z",
    "dateUpdated": "2025-12-30T12:11:09.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/pensando/ionic/ionic_lif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4c7276a6daf7e13a6dd30b0347b3f2c7df4d40bb",
              "status": "affected",
              "version": "77ceb68e29ccd25d923b6af59e74ecaf736cc4b7",
              "versionType": "git"
            },
            {
              "lessThan": "f8cc4fd99a325505e15c3da95d6de266efd3d9b5",
              "status": "affected",
              "version": "77ceb68e29ccd25d923b6af59e74ecaf736cc4b7",
              "versionType": "git"
            },
            {
              "lessThan": "1417dd787a5e55b410a00a28231b0dcb19172457",
              "status": "affected",
              "version": "77ceb68e29ccd25d923b6af59e74ecaf736cc4b7",
              "versionType": "git"
            },
            {
              "lessThan": "dc470466753ad0dd3a8c48aaefa05a992c119b9c",
              "status": "affected",
              "version": "77ceb68e29ccd25d923b6af59e74ecaf736cc4b7",
              "versionType": "git"
            },
            {
              "lessThan": "daeaad114cb163ec51bcf14326cb7fe37d368459",
              "status": "affected",
              "version": "77ceb68e29ccd25d923b6af59e74ecaf736cc4b7",
              "versionType": "git"
            },
            {
              "lessThan": "abfb2a58a5377ebab717d4362d6180f901b6e5c1",
              "status": "affected",
              "version": "77ceb68e29ccd25d923b6af59e74ecaf736cc4b7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/pensando/ionic/ionic_lif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.40",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.5",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: remove WARN_ON to prevent panic_on_warn\n\nRemove unnecessary early code development check and the WARN_ON\nthat it uses.  The irq alloc and free paths have long been\ncleaned up and this check shouldn\u0027t have stuck around so long."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:55:32.024Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4c7276a6daf7e13a6dd30b0347b3f2c7df4d40bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8cc4fd99a325505e15c3da95d6de266efd3d9b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1417dd787a5e55b410a00a28231b0dcb19172457"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc470466753ad0dd3a8c48aaefa05a992c119b9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/daeaad114cb163ec51bcf14326cb7fe37d368459"
        },
        {
          "url": "https://git.kernel.org/stable/c/abfb2a58a5377ebab717d4362d6180f901b6e5c1"
        }
      ],
      "title": "ionic: remove WARN_ON to prevent panic_on_warn",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53994",
    "datePublished": "2025-12-24T10:55:32.024Z",
    "dateReserved": "2025-12-24T10:53:46.176Z",
    "dateUpdated": "2025-12-24T10:55:32.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_misc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e785f552ab04dbca01d31f0334f4561240b04459",
              "status": "affected",
              "version": "e7850f4d844e0acfac7e570af611d89deade3146",
              "versionType": "git"
            },
            {
              "lessThan": "90f601b497d76f40fa66795c3ecf625b6aced9fd",
              "status": "affected",
              "version": "e7850f4d844e0acfac7e570af611d89deade3146",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "467a50d5db7deaf656e18a1f633be9ecd94b393a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4a8b4124ea4156ca52918b66c750a69c6d932aa5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3fe116e33a855bbfdd32dc207e9be2a41e3ed3a6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c0e0ab60d0b15469e69db93215dad009999f5a5b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5ab9464a2a3c538eedbb438f1802f2fd98d0953f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d28492be82e19fc69cc69975fc2052b37ef0c821",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_misc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.9",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.226",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.181",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.106",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.11.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_misc: restore write access before closing files opened by open_exec()\n\nbm_register_write() opens an executable file using open_exec(), which\ninternally calls do_open_execat() and denies write access on the file to\navoid modification while it is being executed.\n\nHowever, when an error occurs, bm_register_write() closes the file using\nfilp_close() directly. This does not restore the write permission, which\nmay cause subsequent write operations on the same file to fail.\n\nFix this by calling exe_file_allow_write_access() before filp_close() to\nrestore the write permission properly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T14:21:16.889Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e785f552ab04dbca01d31f0334f4561240b04459"
        },
        {
          "url": "https://git.kernel.org/stable/c/90f601b497d76f40fa66795c3ecf625b6aced9fd"
        }
      ],
      "title": "binfmt_misc: restore write access before closing files opened by open_exec()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68239",
    "datePublished": "2025-12-16T14:21:16.889Z",
    "dateReserved": "2025-12-16T13:41:40.263Z",
    "dateUpdated": "2025-12-16T14:21:16.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1014b83778c8677f1d7a57c26dc728baa801ac62",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            },
            {
              "lessThan": "7f702f85df0266ed7b5bab81ba50394c92f3c928",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            },
            {
              "lessThan": "dbceedc0213e75bf3e9f9f9e2f66b10699d004fe",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            },
            {
              "lessThan": "025419f4e216a3ae0d0cec622262e98e8078c447",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            },
            {
              "lessThan": "c21f45cfa4a9526b34d76b397c9ef080668b6e73",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            },
            {
              "lessThan": "d0e8f1445c19b1786759ba72a38267e1449bab7e",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            },
            {
              "lessThan": "badbd79313e6591616c1b78e29a9b71efed7f035",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            },
            {
              "lessThan": "2f3119686ef50319490ccaec81a575973da98815",
              "status": "affected",
              "version": "30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.157",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.113",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.54",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.4",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()\n\nIf new_asoc-\u003epeer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0\nand sctp_ulpevent_make_authkey() returns 0, then the variable\nai_ev remains zero and the zero will be dereferenced\nin the sctp_ulpevent_free() function."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:19:45.756Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1014b83778c8677f1d7a57c26dc728baa801ac62"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f702f85df0266ed7b5bab81ba50394c92f3c928"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbceedc0213e75bf3e9f9f9e2f66b10699d004fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/025419f4e216a3ae0d0cec622262e98e8078c447"
        },
        {
          "url": "https://git.kernel.org/stable/c/c21f45cfa4a9526b34d76b397c9ef080668b6e73"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0e8f1445c19b1786759ba72a38267e1449bab7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/badbd79313e6591616c1b78e29a9b71efed7f035"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f3119686ef50319490ccaec81a575973da98815"
        }
      ],
      "title": "net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40187",
    "datePublished": "2025-11-12T21:56:29.504Z",
    "dateReserved": "2025-04-16T07:20:57.177Z",
    "dateUpdated": "2025-12-01T06:19:45.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "391d28c0e38c0e5b11a4240a2b4976cf63e87f45",
              "status": "affected",
              "version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
              "versionType": "git"
            },
            {
              "lessThan": "aad3b871efe26f36f45f8b4649653b5d3fd9c35e",
              "status": "affected",
              "version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
              "versionType": "git"
            },
            {
              "lessThan": "cbfed5f114b5310f221979fc8190f55c6abc3400",
              "status": "affected",
              "version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
              "versionType": "git"
            },
            {
              "lessThan": "b4a01ace20f5c93c724abffc0a83ec84f514b98d",
              "status": "affected",
              "version": "1f7ea1cd6a3748427512ccc9582e18cd9efea966",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.107",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.24",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix wrong fallback logic for FDIR\n\nWhen adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure,\nthe inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr\nreturns failure, the fdir context info for irq handler will not be cleared\nwhich may lead to inconsistent or memory leak issue. This patch refines\nfailure cases to resolve this issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:56:06.094Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/391d28c0e38c0e5b11a4240a2b4976cf63e87f45"
        },
        {
          "url": "https://git.kernel.org/stable/c/aad3b871efe26f36f45f8b4649653b5d3fd9c35e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbfed5f114b5310f221979fc8190f55c6abc3400"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4a01ace20f5c93c724abffc0a83ec84f514b98d"
        }
      ],
      "title": "ice: fix wrong fallback logic for FDIR",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54040",
    "datePublished": "2025-12-24T10:56:06.094Z",
    "dateReserved": "2025-12-24T10:53:46.181Z",
    "dateUpdated": "2025-12-24T10:56:06.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1cd102aaedb277fbe81dd08cd9f5cae951de2bff",
              "status": "affected",
              "version": "163f4d22c118d4eb9e275bf9ee1577c0d14b3208",
              "versionType": "git"
            },
            {
              "lessThan": "e74778e91fedc3b2a0143264887bbb32508c5000",
              "status": "affected",
              "version": "163f4d22c118d4eb9e275bf9ee1577c0d14b3208",
              "versionType": "git"
            },
            {
              "lessThan": "bf5d3fad7219b8de7d3a9cb59f0ea5243b018f07",
              "status": "affected",
              "version": "163f4d22c118d4eb9e275bf9ee1577c0d14b3208",
              "versionType": "git"
            },
            {
              "lessThan": "b642f4c5f3de0a8f47808d32b1ebd9c427a42a66",
              "status": "affected",
              "version": "163f4d22c118d4eb9e275bf9ee1577c0d14b3208",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.52",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.52",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.15",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.2",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix skb leak by txs missing in AMSDU\n\ntxs may be dropped if the frame is aggregated in AMSDU. When the problem\nshows up, some SKBs would be hold in driver to cause network stopped\ntemporarily. Even if the problem can be recovered by txs timeout handling,\nmt7921 still need to disable txs in AMSDU to avoid this issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T12:23:01.797Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1cd102aaedb277fbe81dd08cd9f5cae951de2bff"
        },
        {
          "url": "https://git.kernel.org/stable/c/e74778e91fedc3b2a0143264887bbb32508c5000"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf5d3fad7219b8de7d3a9cb59f0ea5243b018f07"
        },
        {
          "url": "https://git.kernel.org/stable/c/b642f4c5f3de0a8f47808d32b1ebd9c427a42a66"
        }
      ],
      "title": "wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54052",
    "datePublished": "2025-12-24T12:23:01.797Z",
    "dateReserved": "2025-12-24T12:21:05.090Z",
    "dateUpdated": "2025-12-24T12:23:01.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/xattr.c",
            "fs/mbcache.c",
            "include/linux/mbcache.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "efaa0ca678f56d47316a08030b2515678cebbc50",
              "status": "affected",
              "version": "6048c64b26097a0ffbd966866b599f990e674e9b",
              "versionType": "git"
            },
            {
              "lessThan": "af53065276376750dfac35a7248af18806404c5d",
              "status": "affected",
              "version": "6048c64b26097a0ffbd966866b599f990e674e9b",
              "versionType": "git"
            },
            {
              "lessThan": "1be16a0c2f10186df505e28b0cc92d7f3366e2a8",
              "status": "affected",
              "version": "6048c64b26097a0ffbd966866b599f990e674e9b",
              "versionType": "git"
            },
            {
              "lessThan": "5bc0b2fda4b47c86278f7c6d30c211f425bf51cf",
              "status": "affected",
              "version": "6048c64b26097a0ffbd966866b599f990e674e9b",
              "versionType": "git"
            },
            {
              "lessThan": "127b80cefb941a81255c72f11081123f3a705369",
              "status": "affected",
              "version": "6048c64b26097a0ffbd966866b599f990e674e9b",
              "versionType": "git"
            },
            {
              "lessThan": "cc1538c693d25e282bed8c54b65c914a04023a78",
              "status": "affected",
              "version": "6048c64b26097a0ffbd966866b599f990e674e9b",
              "versionType": "git"
            },
            {
              "lessThan": "a44e84a9b7764c72896f7241a0ec9ac7e7ef38dd",
              "status": "affected",
              "version": "6048c64b26097a0ffbd966866b599f990e674e9b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/xattr.c",
            "fs/mbcache.c",
            "include/linux/mbcache.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.87",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.18",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.4",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix deadlock due to mbcache entry corruption\n\nWhen manipulating xattr blocks, we can deadlock infinitely looping\ninside ext4_xattr_block_set() where we constantly keep finding xattr\nblock for reuse in mbcache but we are unable to reuse it because its\nreference count is too big. This happens because cache entry for the\nxattr block is marked as reusable (e_reusable set) although its\nreference count is too big. When this inconsistency happens, this\ninconsistent state is kept indefinitely and so ext4_xattr_block_set()\nkeeps retrying indefinitely.\n\nThe inconsistent state is caused by non-atomic update of e_reusable bit.\ne_reusable is part of a bitfield and e_reusable update can race with\nupdate of e_referenced bit in the same bitfield resulting in loss of one\nof the updates. Fix the problem by using atomic bitops instead.\n\nThis bug has been around for many years, but it became *much* easier\nto hit after commit 65f8b80053a1 (\"ext4: fix race when reusing xattr\nblocks\")."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T01:29:19.526Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/efaa0ca678f56d47316a08030b2515678cebbc50"
        },
        {
          "url": "https://git.kernel.org/stable/c/af53065276376750dfac35a7248af18806404c5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1be16a0c2f10186df505e28b0cc92d7f3366e2a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bc0b2fda4b47c86278f7c6d30c211f425bf51cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/127b80cefb941a81255c72f11081123f3a705369"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc1538c693d25e282bed8c54b65c914a04023a78"
        },
        {
          "url": "https://git.kernel.org/stable/c/a44e84a9b7764c72896f7241a0ec9ac7e7ef38dd"
        }
      ],
      "title": "ext4: fix deadlock due to mbcache entry corruption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50668",
    "datePublished": "2025-12-09T01:29:19.526Z",
    "dateReserved": "2025-12-09T01:26:45.990Z",
    "dateUpdated": "2025-12-09T01:29:19.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/media/ipu3/ipu3-v4l2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fa6bbb4894b9b947063c6ff90018a954c5f9f4b3",
              "status": "affected",
              "version": "0d346d2a6f54f06f36b224fd27cd6eafe8c83be9",
              "versionType": "git"
            },
            {
              "lessThan": "611d617bdb6c5d636a9861ec1c98e813fc8a5556",
              "status": "affected",
              "version": "0d346d2a6f54f06f36b224fd27cd6eafe8c83be9",
              "versionType": "git"
            },
            {
              "lessThan": "5038ee677606106c91564f9c4557d808d14bad70",
              "status": "affected",
              "version": "0d346d2a6f54f06f36b224fd27cd6eafe8c83be9",
              "versionType": "git"
            },
            {
              "lessThan": "dc608edf7d45ba0c2ad14c06eccd66474fec7847",
              "status": "affected",
              "version": "0d346d2a6f54f06f36b224fd27cd6eafe8c83be9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/staging/media/ipu3/ipu3-v4l2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.87",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.18",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.4",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()\n\nCalling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose()\nwith a subdev state of NULL leads to a NULL pointer dereference. This\ncan currently happen in imgu_subdev_set_selection() when the state\npassed in is NULL, as this method first gets pointers to both the \"try\"\nand \"active\" states and only then decides which to use.\n\nThe same issue has been addressed for imgu_subdev_get_selection() with\ncommit 30d03a0de650 (\"ipu3-imgu: Fix NULL pointer dereference in active\nselection access\"). However the issue still persists in\nimgu_subdev_set_selection().\n\nTherefore, apply a similar fix as done in the aforementioned commit to\nimgu_subdev_set_selection(). To keep things a bit cleaner, introduce\nhelper functions for \"crop\" and \"compose\" access and use them in both\nimgu_subdev_set_selection() and imgu_subdev_get_selection()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:08:38.950Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fa6bbb4894b9b947063c6ff90018a954c5f9f4b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/611d617bdb6c5d636a9861ec1c98e813fc8a5556"
        },
        {
          "url": "https://git.kernel.org/stable/c/5038ee677606106c91564f9c4557d808d14bad70"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc608edf7d45ba0c2ad14c06eccd66474fec7847"
        }
      ],
      "title": "ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50826",
    "datePublished": "2025-12-30T12:08:38.950Z",
    "dateReserved": "2025-12-30T12:06:07.131Z",
    "dateUpdated": "2025-12-30T12:08:38.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bdf38063fd15f2fc7361dc0b5d3c259741eab835",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            },
            {
              "lessThan": "a58e29849aef8d26554a982989a2190b49aaf8ed",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            },
            {
              "lessThan": "7d52c592cf53f5bb7163967edc01d2d7d80de44a",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            },
            {
              "lessThan": "f7728057220cabd720e27e46097edad48e5bd728",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            },
            {
              "lessThan": "192e8ce302f14ac66259231dd10cede19858d742",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            },
            {
              "lessThan": "a8a3ca23bbd9d849308a7921a049330dc6c91398",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.199",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.199",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.162",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.122",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.68",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.2",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Initialize allocated memory before use\n\nKMSAN reports: Multiple uninitialized values detected:\n\n- KMSAN: uninit-value in ntfs_read_hdr (3)\n- KMSAN: uninit-value in bcmp (3)\n\nMemory is allocated by __getname(), which is a wrapper for\nkmem_cache_alloc(). This memory is used before being properly\ncleared. Change kmem_cache_alloc() to kmem_cache_zalloc() to\nproperly allocate and clear memory before use."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T08:32:01.417Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bdf38063fd15f2fc7361dc0b5d3c259741eab835"
        },
        {
          "url": "https://git.kernel.org/stable/c/a58e29849aef8d26554a982989a2190b49aaf8ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d52c592cf53f5bb7163967edc01d2d7d80de44a"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7728057220cabd720e27e46097edad48e5bd728"
        },
        {
          "url": "https://git.kernel.org/stable/c/192e8ce302f14ac66259231dd10cede19858d742"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8a3ca23bbd9d849308a7921a049330dc6c91398"
        }
      ],
      "title": "fs/ntfs3: Initialize allocated memory before use",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68365",
    "datePublished": "2025-12-24T10:32:52.728Z",
    "dateReserved": "2025-12-16T14:48:05.308Z",
    "dateUpdated": "2026-02-09T08:32:01.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/usbnet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "65d04291adf7c59338f87aab9c6fe0bfa9993e64",
              "status": "affected",
              "version": "43daa96b166c3cf5ff30dfac0c5efa2620e4beab",
              "versionType": "git"
            },
            {
              "lessThan": "f45fffae5e2549bd0a4670cc52a15ad54c9f121e",
              "status": "affected",
              "version": "43daa96b166c3cf5ff30dfac0c5efa2620e4beab",
              "versionType": "git"
            },
            {
              "lessThan": "17fbad93879e87a334062882b45fa727ba1b3dd7",
              "status": "affected",
              "version": "43daa96b166c3cf5ff30dfac0c5efa2620e4beab",
              "versionType": "git"
            },
            {
              "lessThan": "d1944bab8e0c1511f0cbf364aa06547735bb0ddb",
              "status": "affected",
              "version": "43daa96b166c3cf5ff30dfac0c5efa2620e4beab",
              "versionType": "git"
            },
            {
              "lessThan": "0134c7bff14bd50314a4f92b182850ddfc38e255",
              "status": "affected",
              "version": "43daa96b166c3cf5ff30dfac0c5efa2620e4beab",
              "versionType": "git"
            },
            {
              "lessThan": "327cd4b68b4398b6c24f10eb2b2533ffbfc10185",
              "status": "affected",
              "version": "43daa96b166c3cf5ff30dfac0c5efa2620e4beab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/usbnet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.199",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.199",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.162",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.122",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.64",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.5",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Fix using smp_processor_id() in preemptible code warnings\n\nSyzbot reported the following warning:\n\nBUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879\ncaller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331\nCPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary)\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\n check_preemption_disabled+0xd0/0xe0 lib/smp_processor_id.c:49\n usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331\n usbnet_resume_rx+0x4b/0x170 drivers/net/usb/usbnet.c:708\n usbnet_change_mtu+0x1be/0x220 drivers/net/usb/usbnet.c:417\n __dev_set_mtu net/core/dev.c:9443 [inline]\n netif_set_mtu_ext+0x369/0x5c0 net/core/dev.c:9496\n netif_set_mtu+0xb0/0x160 net/core/dev.c:9520\n dev_set_mtu+0xae/0x170 net/core/dev_api.c:247\n dev_ifsioc+0xa31/0x18d0 net/core/dev_ioctl.c:572\n dev_ioctl+0x223/0x10e0 net/core/dev_ioctl.c:821\n sock_do_ioctl+0x19d/0x280 net/socket.c:1204\n sock_ioctl+0x42f/0x6a0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFor historical and portability reasons, the netif_rx() is usually\nrun in the softirq or interrupt context, this commit therefore add\nlocal_bh_disable/enable() protection in the usbnet_resume_rx()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-06T16:31:29.699Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/65d04291adf7c59338f87aab9c6fe0bfa9993e64"
        },
        {
          "url": "https://git.kernel.org/stable/c/f45fffae5e2549bd0a4670cc52a15ad54c9f121e"
        },
        {
          "url": "https://git.kernel.org/stable/c/17fbad93879e87a334062882b45fa727ba1b3dd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1944bab8e0c1511f0cbf364aa06547735bb0ddb"
        },
        {
          "url": "https://git.kernel.org/stable/c/0134c7bff14bd50314a4f92b182850ddfc38e255"
        },
        {
          "url": "https://git.kernel.org/stable/c/327cd4b68b4398b6c24f10eb2b2533ffbfc10185"
        }
      ],
      "title": "usbnet: Fix using smp_processor_id() in preemptible code warnings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40164",
    "datePublished": "2025-11-12T10:26:23.482Z",
    "dateReserved": "2025-04-16T07:20:57.176Z",
    "dateUpdated": "2026-02-06T16:31:29.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/dp.c",
            "drivers/net/wireless/ath/ath12k/dp.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e16be2d34883eecfe7fd888fcdb76c7a5db5d187",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "afb522b36e76acaa9f8fc06d0a9742d841c47c16",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/dp.c",
            "drivers/net/wireless/ath/ath12k/dp.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak in rx_desc and tx_desc\n\nCurrently when ath12k_dp_cc_desc_init() is called we allocate\nmemory to rx_descs and tx_descs. In ath12k_dp_cc_cleanup(), during\ndescriptor cleanup rx_descs and tx_descs memory is not freed.\n\nThis is cause of memory leak. These allocated memory should be\nfreed in ath12k_dp_cc_cleanup.\n\nIn ath12k_dp_cc_desc_init(), we can save base address of rx_descs\nand tx_descs. In ath12k_dp_cc_cleanup(), we can free rx_descs and\ntx_descs memory using their base address.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:33:28.474Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e16be2d34883eecfe7fd888fcdb76c7a5db5d187"
        },
        {
          "url": "https://git.kernel.org/stable/c/afb522b36e76acaa9f8fc06d0a9742d841c47c16"
        }
      ],
      "title": "wifi: ath12k: Fix memory leak in rx_desc and tx_desc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54016",
    "datePublished": "2025-12-24T10:55:47.691Z",
    "dateReserved": "2025-12-24T10:53:46.178Z",
    "dateUpdated": "2026-01-05T10:33:28.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/renesas_usbhs/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fd1a7bf3a8cac13f6d2d52d8c7570ba41621db9a",
              "status": "affected",
              "version": "f1407d5c66240b33d11a7f1a41d55ccf6a9d7647",
              "versionType": "git"
            },
            {
              "lessThan": "cd5e86e34c66a831b5cb9b720ad411a006962cc8",
              "status": "affected",
              "version": "f1407d5c66240b33d11a7f1a41d55ccf6a9d7647",
              "versionType": "git"
            },
            {
              "lessThan": "230b1bc1310edcd5c1b71dcd6b77ccba43139cb5",
              "status": "affected",
              "version": "f1407d5c66240b33d11a7f1a41d55ccf6a9d7647",
              "versionType": "git"
            },
            {
              "lessThan": "9d86bc8b188a77c8d6f7252280ec2bd24ad6fbc1",
              "status": "affected",
              "version": "f1407d5c66240b33d11a7f1a41d55ccf6a9d7647",
              "versionType": "git"
            },
            {
              "lessThan": "26838f147aeaa8f820ff799d72815fba5e209bd9",
              "status": "affected",
              "version": "f1407d5c66240b33d11a7f1a41d55ccf6a9d7647",
              "versionType": "git"
            },
            {
              "lessThan": "aa658a6d5ac21c7cde54c6d015f2d4daff32e02d",
              "status": "affected",
              "version": "f1407d5c66240b33d11a7f1a41d55ccf6a9d7647",
              "versionType": "git"
            },
            {
              "lessThan": "eb9ac779830b2235847b72cb15cf07c7e3333c5e",
              "status": "affected",
              "version": "f1407d5c66240b33d11a7f1a41d55ccf6a9d7647",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/renesas_usbhs/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.247",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.247",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.197",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.159",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.119",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.61",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.11",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Fix synchronous external abort on unbind\n\nA synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is\nexecuted after the configuration sequence described above:\n\nmodprobe usb_f_ecm\nmodprobe libcomposite\nmodprobe configfs\ncd /sys/kernel/config/usb_gadget\nmkdir -p g1\ncd g1\necho \"0x1d6b\" \u003e idVendor\necho \"0x0104\" \u003e idProduct\nmkdir -p strings/0x409\necho \"0123456789\" \u003e strings/0x409/serialnumber\necho \"Renesas.\" \u003e strings/0x409/manufacturer\necho \"Ethernet Gadget\" \u003e strings/0x409/product\nmkdir -p functions/ecm.usb0\nmkdir -p configs/c.1\nmkdir -p configs/c.1/strings/0x409\necho \"ECM\" \u003e configs/c.1/strings/0x409/configuration\n\nif [ ! -L configs/c.1/ecm.usb0 ]; then\n        ln -s functions/ecm.usb0 configs/c.1\nfi\n\necho 11e20000.usb \u003e UDC\necho 11e20000.usb \u003e /sys/bus/platform/drivers/renesas_usbhs/unbind\n\nThe displayed trace is as follows:\n\n Internal error: synchronous external abort: 0000000096000010 [#1] SMP\n CPU: 0 UID: 0 PID: 188 Comm: sh Tainted: G M 6.17.0-rc7-next-20250922-00010-g41050493b2bd #55 PREEMPT\n Tainted: [M]=MACHINE_CHECK\n Hardware name: Renesas SMARC EVK version 2 based on r9a08g045s33 (DT)\n pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : usbhs_sys_function_pullup+0x10/0x40 [renesas_usbhs]\n lr : usbhsg_update_pullup+0x3c/0x68 [renesas_usbhs]\n sp : ffff8000838b3920\n x29: ffff8000838b3920 x28: ffff00000d585780 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: ffff00000c3e3810\n x23: ffff00000d5e5c80 x22: ffff00000d5e5d40 x21: 0000000000000000\n x20: 0000000000000000 x19: ffff00000d5e5c80 x18: 0000000000000020\n x17: 2e30303230316531 x16: 312d7968703a7968 x15: 3d454d414e5f4344\n x14: 000000000000002c x13: 0000000000000000 x12: 0000000000000000\n x11: ffff00000f358f38 x10: ffff00000f358db0 x9 : ffff00000b41f418\n x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\n x5 : 8080808000000000 x4 : 000000004b5ccb9d x3 : 0000000000000000\n x2 : 0000000000000000 x1 : ffff800083790000 x0 : ffff00000d5e5c80\n Call trace:\n usbhs_sys_function_pullup+0x10/0x40 [renesas_usbhs] (P)\n usbhsg_pullup+0x4c/0x7c [renesas_usbhs]\n usb_gadget_disconnect_locked+0x48/0xd4\n gadget_unbind_driver+0x44/0x114\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1c8/0x224\n device_release_driver+0x18/0x24\n bus_remove_device+0xcc/0x10c\n device_del+0x14c/0x404\n usb_del_gadget+0x88/0xc0\n usb_del_gadget_udc+0x18/0x30\n usbhs_mod_gadget_remove+0x24/0x44 [renesas_usbhs]\n usbhs_mod_remove+0x20/0x30 [renesas_usbhs]\n usbhs_remove+0x98/0xdc [renesas_usbhs]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1c8/0x224\n device_driver_detach+0x18/0x24\n unbind_store+0xb4/0xb8\n drv_attr_store+0x24/0x38\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x128/0x1b8\n vfs_write+0x2ac/0x350\n ksys_write+0x68/0xfc\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xf0\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\n Code: 7100003f 1a9f07e1 531c6c22 f9400001 (79400021)\n ---[ end trace 0000000000000000 ]---\n note: sh[188] exited with irqs disabled\n note: sh[188] exited with preempt_count 1\n\nThe issue occurs because usbhs_sys_function_pullup(), which accesses the IP\nregisters, is executed after the USBHS clocks have been disabled. The\nproblem is reproducible on the Renesas RZ/G3S SoC starting with the\naddition of module stop in the clock enable/disable APIs. With module stop\nfunctionality enabled, a bus error is expected if a master accesses a\nmodule whose clock has been stopped and module stop activated.\n\nDisable the IP clocks at the end of remove."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-22T16:13:58.409Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fd1a7bf3a8cac13f6d2d52d8c7570ba41621db9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd5e86e34c66a831b5cb9b720ad411a006962cc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/230b1bc1310edcd5c1b71dcd6b77ccba43139cb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d86bc8b188a77c8d6f7252280ec2bd24ad6fbc1"
        },
        {
          "url": "https://git.kernel.org/stable/c/26838f147aeaa8f820ff799d72815fba5e209bd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa658a6d5ac21c7cde54c6d015f2d4daff32e02d"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb9ac779830b2235847b72cb15cf07c7e3333c5e"
        }
      ],
      "title": "usb: renesas_usbhs: Fix synchronous external abort on unbind",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68327",
    "datePublished": "2025-12-22T16:12:21.402Z",
    "dateReserved": "2025-12-16T14:48:05.296Z",
    "dateUpdated": "2025-12-22T16:13:58.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hidraw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "879e79c3aead41b8aa2e91164354b30bd1c4ef3b",
              "status": "affected",
              "version": "8590222e4b021054a7167a4dd35b152a8ed7018e",
              "versionType": "git"
            },
            {
              "lessThan": "ff348eabd97577da974d3db7038857f28c61d2bd",
              "status": "affected",
              "version": "8590222e4b021054a7167a4dd35b152a8ed7018e",
              "versionType": "git"
            },
            {
              "lessThan": "05b47034e2488c2924e5c032e20a1979d012b5b5",
              "status": "affected",
              "version": "8590222e4b021054a7167a4dd35b152a8ed7018e",
              "versionType": "git"
            },
            {
              "lessThan": "944ee77dc6ec7b0afd8ec70ffc418b238c92f12b",
              "status": "affected",
              "version": "8590222e4b021054a7167a4dd35b152a8ed7018e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hidraw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.37",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.11",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.1",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hidraw: fix data race on device refcount\n\nThe hidraw_open() function increments the hidraw device reference\ncounter. The counter has no dedicated synchronization mechanism,\nresulting in a potential data race when concurrently opening a device.\n\nThe race is a regression introduced by commit 8590222e4b02 (\"HID:\nhidraw: Replace hidraw device table mutex with a rwsem\"). While\nminors_rwsem is intended to protect the hidraw_table itself, by instead\nacquiring the lock for writing, the reference counter is also protected.\nThis is symmetrical to hidraw_release()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-08T01:19:20.432Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/879e79c3aead41b8aa2e91164354b30bd1c4ef3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff348eabd97577da974d3db7038857f28c61d2bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/05b47034e2488c2924e5c032e20a1979d012b5b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/944ee77dc6ec7b0afd8ec70ffc418b238c92f12b"
        }
      ],
      "title": "HID: hidraw: fix data race on device refcount",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53759",
    "datePublished": "2025-12-08T01:19:20.432Z",
    "dateReserved": "2025-12-08T01:18:04.280Z",
    "dateUpdated": "2025-12-08T01:19:20.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_objref.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0028e0134c64d9ed21728341a74fcfc59cd0f944",
              "status": "affected",
              "version": "ee394f96ad7517fbc0de9106dcc7ce9efb14f264",
              "versionType": "git"
            },
            {
              "lessThan": "7ea55a44493a5a36c3b3293b88bbe4841f9dbaf0",
              "status": "affected",
              "version": "ee394f96ad7517fbc0de9106dcc7ce9efb14f264",
              "versionType": "git"
            },
            {
              "lessThan": "4c1cf72ec10be5a9ad264650cadffa1fbce6fabd",
              "status": "affected",
              "version": "ee394f96ad7517fbc0de9106dcc7ce9efb14f264",
              "versionType": "git"
            },
            {
              "lessThan": "f359b809d54c6e3dd1d039b97e0b68390b0e53e4",
              "status": "affected",
              "version": "ee394f96ad7517fbc0de9106dcc7ce9efb14f264",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_objref.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.113",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.54",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.4",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_objref: validate objref and objrefmap expressions\n\nReferencing a synproxy stateful object from OUTPUT hook causes kernel\ncrash due to infinite recursive calls:\n\nBUG: TASK stack guard page was hit at 000000008bda5b8c (stack is 000000003ab1c4a5..00000000494d8b12)\n[...]\nCall Trace:\n __find_rr_leaf+0x99/0x230\n fib6_table_lookup+0x13b/0x2d0\n ip6_pol_route+0xa4/0x400\n fib6_rule_lookup+0x156/0x240\n ip6_route_output_flags+0xc6/0x150\n __nf_ip6_route+0x23/0x50\n synproxy_send_tcp_ipv6+0x106/0x200\n synproxy_send_client_synack_ipv6+0x1aa/0x1f0\n nft_synproxy_do_eval+0x263/0x310\n nft_do_chain+0x5a8/0x5f0 [nf_tables\n nft_do_chain_inet+0x98/0x110\n nf_hook_slow+0x43/0xc0\n __ip6_local_out+0xf0/0x170\n ip6_local_out+0x17/0x70\n synproxy_send_tcp_ipv6+0x1a2/0x200\n synproxy_send_client_synack_ipv6+0x1aa/0x1f0\n[...]\n\nImplement objref and objrefmap expression validate functions.\n\nCurrently, only NFT_OBJECT_SYNPROXY object type requires validation.\nThis will also handle a jump to a chain using a synproxy object from the\nOUTPUT hook.\n\nNow when trying to reference a synproxy object in the OUTPUT hook, nft\nwill produce the following error:\n\nsynproxy_crash.nft: Error: Could not process rule: Operation not supported\n  synproxy name mysynproxy\n  ^^^^^^^^^^^^^^^^^^^^^^^^"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:20:10.143Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0028e0134c64d9ed21728341a74fcfc59cd0f944"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ea55a44493a5a36c3b3293b88bbe4841f9dbaf0"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c1cf72ec10be5a9ad264650cadffa1fbce6fabd"
        },
        {
          "url": "https://git.kernel.org/stable/c/f359b809d54c6e3dd1d039b97e0b68390b0e53e4"
        }
      ],
      "title": "netfilter: nft_objref: validate objref and objrefmap expressions",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40206",
    "datePublished": "2025-11-12T21:56:35.675Z",
    "dateReserved": "2025-04-16T07:20:57.179Z",
    "dateUpdated": "2025-12-01T06:20:10.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/pstore/ram_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8430a8e8e85420d4cb51dcb08b0278ab194ea82f",
              "status": "affected",
              "version": "c617a3b777b92a0e80ceff2dffaae9350d4c3850",
              "versionType": "git"
            },
            {
              "lessThan": "a14cb307267ba7a1715403e071bdc4deda77eef5",
              "status": "affected",
              "version": "e163fdb3f7f8c62dccf194f3f37a7bcb3c333aa8",
              "versionType": "git"
            },
            {
              "lessThan": "38a9d7dac3ad25323145b4aaea3b5f434f50011d",
              "status": "affected",
              "version": "e163fdb3f7f8c62dccf194f3f37a7bcb3c333aa8",
              "versionType": "git"
            },
            {
              "lessThan": "f57ba91a46d3fc52bfdac9cca5cf5572ec7afd6d",
              "status": "affected",
              "version": "e163fdb3f7f8c62dccf194f3f37a7bcb3c333aa8",
              "versionType": "git"
            },
            {
              "lessThan": "2a764a2facd9dd88a69777200f65dfd0182765dc",
              "status": "affected",
              "version": "e163fdb3f7f8c62dccf194f3f37a7bcb3c333aa8",
              "versionType": "git"
            },
            {
              "lessThan": "065c81ae5817b245bb9feb6d54e027702740b49a",
              "status": "affected",
              "version": "e163fdb3f7f8c62dccf194f3f37a7bcb3c333aa8",
              "versionType": "git"
            },
            {
              "lessThan": "d97038d5ec2062733c1e016caf9baaf68cf64ea1",
              "status": "affected",
              "version": "e163fdb3f7f8c62dccf194f3f37a7bcb3c333aa8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/pstore/ram_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "5.4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.39",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.13",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:08:57.915Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8430a8e8e85420d4cb51dcb08b0278ab194ea82f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a14cb307267ba7a1715403e071bdc4deda77eef5"
        },
        {
          "url": "https://git.kernel.org/stable/c/38a9d7dac3ad25323145b4aaea3b5f434f50011d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f57ba91a46d3fc52bfdac9cca5cf5572ec7afd6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a764a2facd9dd88a69777200f65dfd0182765dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/065c81ae5817b245bb9feb6d54e027702740b49a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d97038d5ec2062733c1e016caf9baaf68cf64ea1"
        }
      ],
      "title": "pstore/ram: Add check for kstrdup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54189",
    "datePublished": "2025-12-30T12:08:57.915Z",
    "dateReserved": "2025-12-30T12:06:44.498Z",
    "dateUpdated": "2025-12-30T12:08:57.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ceph/mon_client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "77229551f2cf72f3e35636db68e6a825b912cf16",
              "status": "affected",
              "version": "cd1a677cad994021b19665ed476aea63f5d54f31",
              "versionType": "git"
            },
            {
              "lessThan": "33908769248b38a5e77cf9292817bb28e641992d",
              "status": "affected",
              "version": "cd1a677cad994021b19665ed476aea63f5d54f31",
              "versionType": "git"
            },
            {
              "lessThan": "e097cd858196b1914309e7e3d79b4fa79383754d",
              "status": "affected",
              "version": "cd1a677cad994021b19665ed476aea63f5d54f31",
              "versionType": "git"
            },
            {
              "lessThan": "d2c4a5f6996683f287f3851ef5412797042de7f1",
              "status": "affected",
              "version": "cd1a677cad994021b19665ed476aea63f5d54f31",
              "versionType": "git"
            },
            {
              "lessThan": "9e0101e57534ef0e7578dd09608a6106736b82e5",
              "status": "affected",
              "version": "cd1a677cad994021b19665ed476aea63f5d54f31",
              "versionType": "git"
            },
            {
              "lessThan": "e84b48d31b5008932c0a0902982809fbaa1d3b70",
              "status": "affected",
              "version": "cd1a677cad994021b19665ed476aea63f5d54f31",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ceph/mon_client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.198",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.161",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.121",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.66",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.6",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: return the handler error from mon_handle_auth_done()\n\nCurrently any error from ceph_auth_handle_reply_done() is propagated\nvia finish_auth() but isn\u0027t returned from mon_handle_auth_done().  This\nresults in higher layers learning that (despite the monitor considering\nus to be successfully authenticated) something went wrong in the\nauthentication phase and reacting accordingly, but msgr2 still trying\nto proceed with establishing the session in the background.  In the\ncase of secure mode this can trigger a WARN in setup_crypto() and later\nlead to a NULL pointer dereference inside of prepare_auth_signature()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T08:36:43.404Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/77229551f2cf72f3e35636db68e6a825b912cf16"
        },
        {
          "url": "https://git.kernel.org/stable/c/33908769248b38a5e77cf9292817bb28e641992d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e097cd858196b1914309e7e3d79b4fa79383754d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2c4a5f6996683f287f3851ef5412797042de7f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e0101e57534ef0e7578dd09608a6106736b82e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e84b48d31b5008932c0a0902982809fbaa1d3b70"
        }
      ],
      "title": "libceph: return the handler error from mon_handle_auth_done()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-22992",
    "datePublished": "2026-01-23T15:24:12.993Z",
    "dateReserved": "2026-01-13T15:37:45.937Z",
    "dateUpdated": "2026-02-09T08:36:43.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/dp/dp_display.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e09ed06938807cb113cddd0708ed74bd8cdaff33",
              "status": "affected",
              "version": "2b57f726611e294dc4297dd48eb8c98ef1938e82",
              "versionType": "git"
            },
            {
              "lessThan": "2fde37445807e6e6d7981402d0bf1be0e5d81291",
              "status": "affected",
              "version": "2b57f726611e294dc4297dd48eb8c98ef1938e82",
              "versionType": "git"
            },
            {
              "lessThan": "a7bfb2ad2184a1fba78be35209b6019aa8cc8d4d",
              "status": "affected",
              "version": "2b57f726611e294dc4297dd48eb8c98ef1938e82",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "8768663188e4169333f66583e4d2432e65c421df",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/dp/dp_display.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.13",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.0.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: Drop aux devices together with DP controller\n\nUsing devres to depopulate the aux bus made sure that upon a probe\ndeferral the EDP panel device would be destroyed and recreated upon next\nattempt.\n\nBut the struct device which the devres is tied to is the DPUs\n(drm_dev-\u003edev), which may be happen after the DP controller is torn\ndown.\n\nIndications of this can be seen in the commonly seen EDID-hexdump full\nof zeros in the log, or the occasional/rare KASAN fault where the\npanel\u0027s attempt to read the EDID information causes a use after free on\nDP resources.\n\nIt\u0027s tempting to move the devres to the DP controller\u0027s struct device,\nbut the resources used by the device(s) on the aux bus are explicitly\ntorn down in the error path. The KASAN-reported use-after-free also\nremains, as the DP aux \"module\" explicitly frees its devres-allocated\nmemory in this code path.\n\nAs such, explicitly depopulate the aux bus in the error path, and in the\ncomponent unbind path, to avoid these issues.\n\nPatchwork: https://patchwork.freedesktop.org/patch/542163/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T01:30:16.081Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e09ed06938807cb113cddd0708ed74bd8cdaff33"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fde37445807e6e6d7981402d0bf1be0e5d81291"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7bfb2ad2184a1fba78be35209b6019aa8cc8d4d"
        }
      ],
      "title": "drm/msm/dp: Drop aux devices together with DP controller",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53851",
    "datePublished": "2025-12-09T01:30:16.081Z",
    "dateReserved": "2025-12-09T01:27:17.827Z",
    "dateUpdated": "2025-12-09T01:30:16.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e70113b741ba253886cd71dbadfe3ea444bb2f5c",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "1243e396148a65bb6c42a2b70fe43e50c16c494f",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "43aa61c18a3a45042b098b7a1186ffb29364002c",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "070bdce18fb12a49eb9c421e57df17d2ad29bf5f",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            },
            {
              "lessThan": "883f309add55060233bf11c1ea6947140372920f",
              "status": "affected",
              "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.59",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.159",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.117",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.59",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.9",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices\n\nPreviously, APU platforms (and other scenarios with uninitialized VRAM managers)\ntriggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root\ncause is not that the `struct ttm_resource_manager *man` pointer itself is NULL,\nbut that `man-\u003ebdev` (the backing device pointer within the manager) remains\nuninitialized (NULL) on APUs\u2014since APUs lack dedicated VRAM and do not fully\nset up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to\nacquire `man-\u003ebdev-\u003elru_lock`, it dereferences the NULL `man-\u003ebdev`, leading to\na kernel OOPS.\n\n1. **amdgpu_cs.c**: Extend the existing bandwidth control check in\n   `amdgpu_cs_get_threshold_for_moves()` to include a check for\n   `ttm_resource_manager_used()`. If the manager is not used (uninitialized\n   `bdev`), return 0 for migration thresholds immediately\u2014skipping VRAM-specific\n   logic that would trigger the NULL dereference.\n\n2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info\n   reporting to use a conditional: if the manager is used, return the real VRAM\n   usage; otherwise, return 0. This avoids accessing `man-\u003ebdev` when it is\n   NULL.\n\n3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function)\n   data write path. Use `ttm_resource_manager_used()` to check validity: if the\n   manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set\n   `fb_usage` to 0 (APUs have no discrete framebuffer to report).\n\nThis approach is more robust than APU-specific checks because it:\n- Works for all scenarios where the VRAM manager is uninitialized (not just APUs),\n- Aligns with TTM\u0027s design by using its native helper function,\n- Preserves correct behavior for discrete GPUs (which have fully initialized\n  `man-\u003ebdev` and pass the `ttm_resource_manager_used()` check).\n\nv4: use ttm_resource_manager_used(\u0026adev-\u003emman.vram_mgr.manager) instead of checking the adev-\u003egmc.is_app_apu flag (Christian)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-20T08:51:55.021Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e70113b741ba253886cd71dbadfe3ea444bb2f5c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1243e396148a65bb6c42a2b70fe43e50c16c494f"
        },
        {
          "url": "https://git.kernel.org/stable/c/43aa61c18a3a45042b098b7a1186ffb29364002c"
        },
        {
          "url": "https://git.kernel.org/stable/c/070bdce18fb12a49eb9c421e57df17d2ad29bf5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/883f309add55060233bf11c1ea6947140372920f"
        }
      ],
      "title": "drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40288",
    "datePublished": "2025-12-06T21:51:14.440Z",
    "dateReserved": "2025-04-16T07:20:57.184Z",
    "dateUpdated": "2025-12-20T08:51:55.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/namespace.c",
            "fs/nfs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a3dc6c40bcab1a888d5c0d134ccc0746b4c98929",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            },
            {
              "lessThan": "ba1495aefd22fcf0746a2a3025c95d766d7cde4d",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            },
            {
              "lessThan": "c09070b4def1b34e473a746c6a5331ccb80902c1",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            },
            {
              "lessThan": "dce10c59211e5cd763a62ea01e79b82a629811e3",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            },
            {
              "lessThan": "612cc98698d667df804792f0c47d4e501e66da29",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            },
            {
              "lessThan": "4b296944e632cf4c6a4cc8e2585c6451eae47b1b",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            },
            {
              "lessThan": "df9b003a2ecacc7218486fbb31fe008c93097d5f",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            },
            {
              "lessThan": "8675c69816e4276b979ff475ee5fac4688f80125",
              "status": "affected",
              "version": "f2aedb713c284429987dc66c7aaf38decfc8da2a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/namespace.c",
            "fs/nfs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.248",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.248",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.198",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.160",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.120",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.63",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.13",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.2",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags\n\nWhen a filesystem is being automounted, it needs to preserve the\nuser-set superblock mount options, such as the \"ro\" flag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T08:33:09.041Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a3dc6c40bcab1a888d5c0d134ccc0746b4c98929"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba1495aefd22fcf0746a2a3025c95d766d7cde4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c09070b4def1b34e473a746c6a5331ccb80902c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/dce10c59211e5cd763a62ea01e79b82a629811e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/612cc98698d667df804792f0c47d4e501e66da29"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b296944e632cf4c6a4cc8e2585c6451eae47b1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/df9b003a2ecacc7218486fbb31fe008c93097d5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8675c69816e4276b979ff475ee5fac4688f80125"
        }
      ],
      "title": "NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68764",
    "datePublished": "2026-01-05T09:44:12.518Z",
    "dateReserved": "2025-12-24T10:30:51.034Z",
    "dateUpdated": "2026-02-09T08:33:09.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b01e7ceb35dcb7ffad413da657b78c3340a09039",
              "status": "affected",
              "version": "e2142825c120d4317abf7160a0fc34b3de532586",
              "versionType": "git"
            },
            {
              "lessThan": "1dd823a46e25ffde1492c391934f69a9e5eb574f",
              "status": "affected",
              "version": "e2142825c120d4317abf7160a0fc34b3de532586",
              "versionType": "git"
            },
            {
              "lessThan": "b4055e2fe96f4ef101d8af0feb056d78d77514ff",
              "status": "affected",
              "version": "e2142825c120d4317abf7160a0fc34b3de532586",
              "versionType": "git"
            },
            {
              "lessThan": "8c670bdfa58e48abad1d5b6ca1ee843ca91f7303",
              "status": "affected",
              "version": "e2142825c120d4317abf7160a0fc34b3de532586",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.76",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: correct handling of extreme memory squeeze\n\nTesting with iperf3 using the \"pasta\" protocol splicer has revealed\na problem in the way tcp handles window advertising in extreme memory\nsqueeze situations.\n\nUnder memory pressure, a socket endpoint may temporarily advertise\na zero-sized window, but this is not stored as part of the socket data.\nThe reasoning behind this is that it is considered a temporary setting\nwhich shouldn\u0027t influence any further calculations.\n\nHowever, if we happen to stall at an unfortunate value of the current\nwindow size, the algorithm selecting a new value will consistently fail\nto advertise a non-zero window once we have freed up enough memory.\nThis means that this side\u0027s notion of the current window size is\ndifferent from the one last advertised to the peer, causing the latter\nto not send any data to resolve the sitution.\n\nThe problem occurs on the iperf3 server side, and the socket in question\nis a completely regular socket with the default settings for the\nfedora40 kernel. We do not use SO_PEEK or SO_RCVBUF on the socket.\n\nThe following excerpt of a logging session, with own comments added,\nshows more in detail what is happening:\n\n//              tcp_v4_rcv(-\u003e)\n//                tcp_rcv_established(-\u003e)\n[5201\u003c-\u003e39222]:     ==== Activating log @ net/ipv4/tcp_input.c/tcp_data_queue()/5257 ====\n[5201\u003c-\u003e39222]:     tcp_data_queue(-\u003e)\n[5201\u003c-\u003e39222]:        DROPPING skb [265600160..265665640], reason: SKB_DROP_REASON_PROTO_MEM\n                       [rcv_nxt 265600160, rcv_wnd 262144, snt_ack 265469200, win_now 131184]\n                       [copied_seq 259909392-\u003e260034360 (124968), unread 5565800, qlen 85, ofoq 0]\n                       [OFO queue: gap: 65480, len: 0]\n[5201\u003c-\u003e39222]:     tcp_data_queue(\u003c-)\n[5201\u003c-\u003e39222]:     __tcp_transmit_skb(-\u003e)\n                        [tp-\u003ercv_wup: 265469200, tp-\u003ercv_wnd: 262144, tp-\u003ercv_nxt 265600160]\n[5201\u003c-\u003e39222]:       tcp_select_window(-\u003e)\n[5201\u003c-\u003e39222]:         (inet_csk(sk)-\u003eicsk_ack.pending \u0026 ICSK_ACK_NOMEM) ? --\u003e TRUE\n                        [tp-\u003ercv_wup: 265469200, tp-\u003ercv_wnd: 262144, tp-\u003ercv_nxt 265600160]\n                        returning 0\n[5201\u003c-\u003e39222]:       tcp_select_window(\u003c-)\n[5201\u003c-\u003e39222]:       ADVERTISING WIN 0, ACK_SEQ: 265600160\n[5201\u003c-\u003e39222]:     [__tcp_transmit_skb(\u003c-)\n[5201\u003c-\u003e39222]:   tcp_rcv_established(\u003c-)\n[5201\u003c-\u003e39222]: tcp_v4_rcv(\u003c-)\n\n// Receive queue is at 85 buffers and we are out of memory.\n// We drop the incoming buffer, although it is in sequence, and decide\n// to send an advertisement with a window of zero.\n// We don\u0027t update tp-\u003ercv_wnd and tp-\u003ercv_wup accordingly, which means\n// we unconditionally shrink the window.\n\n[5201\u003c-\u003e39222]: tcp_recvmsg_locked(-\u003e)\n[5201\u003c-\u003e39222]:   __tcp_cleanup_rbuf(-\u003e) tp-\u003ercv_wup: 265469200, tp-\u003ercv_wnd: 262144, tp-\u003ercv_nxt 265600160\n[5201\u003c-\u003e39222]:     [new_win = 0, win_now = 131184, 2 * win_now = 262368]\n[5201\u003c-\u003e39222]:     [new_win \u003e= (2 * win_now) ? --\u003e time_to_ack = 0]\n[5201\u003c-\u003e39222]:     NOT calling tcp_send_ack()\n                    [tp-\u003ercv_wup: 265469200, tp-\u003ercv_wnd: 262144, tp-\u003ercv_nxt 265600160]\n[5201\u003c-\u003e39222]:   __tcp_cleanup_rbuf(\u003c-)\n                  [rcv_nxt 265600160, rcv_wnd 262144, snt_ack 265469200, win_now 131184]\n                  [copied_seq 260040464-\u003e260040464 (0), unread 5559696, qlen 85, ofoq 0]\n                  returning 6104 bytes\n[5201\u003c-\u003e39222]: tcp_recvmsg_locked(\u003c-)\n\n// After each read, the algorithm for calculating the new receive\n// window in __tcp_cleanup_rbuf() finds it is too small to advertise\n// or to update tp-\u003ercv_wnd.\n// Meanwhile, the peer thinks the window is zero, and will not send\n// any more data to trigger an update from the interrupt mode side.\n\n[5201\u003c-\u003e39222]: tcp_recvmsg_locked(-\u003e)\n[5201\u003c-\u003e39222]:   __tcp_cleanup_rbuf(-\u003e) tp-\u003ercv_wup: 265469200, tp-\u003ercv_wnd: 262144, tp-\u003ercv_nxt 265600160\n[5201\u003c-\u003e39222]:     [new_win = 262144, win_now = 131184, 2 * win_n\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:19:28.250Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b01e7ceb35dcb7ffad413da657b78c3340a09039"
        },
        {
          "url": "https://git.kernel.org/stable/c/1dd823a46e25ffde1492c391934f69a9e5eb574f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4055e2fe96f4ef101d8af0feb056d78d77514ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c670bdfa58e48abad1d5b6ca1ee843ca91f7303"
        }
      ],
      "title": "tcp: correct handling of extreme memory squeeze",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21710",
    "datePublished": "2025-02-27T02:07:23.112Z",
    "dateReserved": "2024-12-29T08:45:45.752Z",
    "dateUpdated": "2025-05-04T07:19:28.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mxsfb/mxsfb_kms.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8bf2d4ca521d3acb57fc1607386e749b3cc92aaf",
              "status": "affected",
              "version": "cb285a5348e768dbc8edfe28cc2be5ec0c7e1a33",
              "versionType": "git"
            },
            {
              "lessThan": "0f98de0a11d29821d9448114178ddc1b1fe32a18",
              "status": "affected",
              "version": "cb285a5348e768dbc8edfe28cc2be5ec0c7e1a33",
              "versionType": "git"
            },
            {
              "lessThan": "aa656d48e871a1b062e1bbf9474d8b831c35074c",
              "status": "affected",
              "version": "cb285a5348e768dbc8edfe28cc2be5ec0c7e1a33",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mxsfb/mxsfb_kms.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.54",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.4",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()\n\nWhen disabling overlay plane in mxsfb_plane_overlay_atomic_update(),\noverlay plane\u0027s framebuffer pointer is NULL.  So, dereferencing it would\ncause a kernel Oops(NULL pointer dereferencing).  Fix the issue by\ndisabling overlay plane in mxsfb_plane_overlay_atomic_disable() instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T01:30:33.263Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8bf2d4ca521d3acb57fc1607386e749b3cc92aaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f98de0a11d29821d9448114178ddc1b1fe32a18"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa656d48e871a1b062e1bbf9474d8b831c35074c"
        }
      ],
      "title": "drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53864",
    "datePublished": "2025-12-09T01:30:33.263Z",
    "dateReserved": "2025-12-09T01:27:17.829Z",
    "dateUpdated": "2025-12-09T01:30:33.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amd/pds_core/auxbus.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b",
              "status": "affected",
              "version": "10659034c622738bc1bfab8a76fc576c52d5acce",
              "versionType": "git"
            },
            {
              "lessThan": "c649b9653ed09196e91d3f4b16b679041b3c42e6",
              "status": "affected",
              "version": "10659034c622738bc1bfab8a76fc576c52d5acce",
              "versionType": "git"
            },
            {
              "lessThan": "26dc701021302f11c8350108321d11763bd81dfe",
              "status": "affected",
              "version": "10659034c622738bc1bfab8a76fc576c52d5acce",
              "versionType": "git"
            },
            {
              "lessThan": "dfd76010f8e821b66116dec3c7d90dd2403d1396",
              "status": "affected",
              "version": "10659034c622738bc1bfab8a76fc576c52d5acce",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amd/pds_core/auxbus.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.90",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.28",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: remove write-after-free of client_id\n\nA use-after-free error popped up in stress testing:\n\n[Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core]\n[Mon Apr 21 21:21:33 2025] Use-after-free write at 0x000000007013ecd1 (in kfence-#47):\n[Mon Apr 21 21:21:33 2025]  pdsc_auxbus_dev_del+0xef/0x160 [pds_core]\n[Mon Apr 21 21:21:33 2025]  pdsc_remove+0xc0/0x1b0 [pds_core]\n[Mon Apr 21 21:21:33 2025]  pci_device_remove+0x24/0x70\n[Mon Apr 21 21:21:33 2025]  device_release_driver_internal+0x11f/0x180\n[Mon Apr 21 21:21:33 2025]  driver_detach+0x45/0x80\n[Mon Apr 21 21:21:33 2025]  bus_remove_driver+0x83/0xe0\n[Mon Apr 21 21:21:33 2025]  pci_unregister_driver+0x1a/0x80\n\nThe actual device uninit usually happens on a separate thread\nscheduled after this code runs, but there is no guarantee of order\nof thread execution, so this could be a problem.  There\u0027s no\nactual need to clear the client_id at this point, so simply\nremove the offending code."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:23:38.953Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9b467c5bcdb45a41d2a49fbb9ffca73d1380e99b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c649b9653ed09196e91d3f4b16b679041b3c42e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/26dc701021302f11c8350108321d11763bd81dfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfd76010f8e821b66116dec3c7d90dd2403d1396"
        }
      ],
      "title": "pds_core: remove write-after-free of client_id",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37916",
    "datePublished": "2025-05-20T15:21:47.088Z",
    "dateReserved": "2025-04-16T04:51:23.967Z",
    "dateUpdated": "2025-05-26T05:23:38.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/hw_random/amd-rng.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f1c97f72ffd504f49882774e2ab689d982dc7afc",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "526c316948819d3ecd2bb20fe5e2580c51a1b760",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "e246f5eff26055bdcb61a2cc99c50af72a19680f",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "1199f8e02941b326c60ab71a63002b7c80e38212",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "5998e5c30e839f73e62cb29e0d9617b0d16ccba3",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "2b79a5e560779b35e1164d57ae35c48b43373082",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "cb348c7908631dd9f60083a0a1542eab055d3edf",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "2e10ecd012ae2b2a374b34f307e9bc1e6096c03d",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            },
            {
              "lessThan": "ecadb5b0111ea19fc7c240bb25d424a94471eb7d",
              "status": "affected",
              "version": "96d63c0297ccfd6d9059c614b3f5555d9441a2b3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/hw_random/amd-rng.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.18"
            },
            {
              "lessThan": "2.6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: amd - Fix PCI device refcount leak\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() for the normal and error path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:15:39.211Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f1c97f72ffd504f49882774e2ab689d982dc7afc"
        },
        {
          "url": "https://git.kernel.org/stable/c/526c316948819d3ecd2bb20fe5e2580c51a1b760"
        },
        {
          "url": "https://git.kernel.org/stable/c/e246f5eff26055bdcb61a2cc99c50af72a19680f"
        },
        {
          "url": "https://git.kernel.org/stable/c/1199f8e02941b326c60ab71a63002b7c80e38212"
        },
        {
          "url": "https://git.kernel.org/stable/c/5998e5c30e839f73e62cb29e0d9617b0d16ccba3"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b79a5e560779b35e1164d57ae35c48b43373082"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb348c7908631dd9f60083a0a1542eab055d3edf"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e10ecd012ae2b2a374b34f307e9bc1e6096c03d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecadb5b0111ea19fc7c240bb25d424a94471eb7d"
        }
      ],
      "title": "hwrng: amd - Fix PCI device refcount leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50868",
    "datePublished": "2025-12-30T12:15:39.211Z",
    "dateReserved": "2025-12-30T12:06:07.136Z",
    "dateUpdated": "2025-12-30T12:15:39.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/sfc/ef10.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb",
              "status": "affected",
              "version": "d3142c193dca9a2f6878f4128ce1aaf221bb3f99",
              "versionType": "git"
            },
            {
              "lessThan": "91f4ef204e731565afdc6c2a7fcf509a3fd6fd67",
              "status": "affected",
              "version": "d3142c193dca9a2f6878f4128ce1aaf221bb3f99",
              "versionType": "git"
            },
            {
              "lessThan": "446f5567934331923d0aec4ce045e4ecb0174aae",
              "status": "affected",
              "version": "d3142c193dca9a2f6878f4128ce1aaf221bb3f99",
              "versionType": "git"
            },
            {
              "lessThan": "470152d76b3ed107d172ea46acc4bfa941f20b4b",
              "status": "affected",
              "version": "d3142c193dca9a2f6878f4128ce1aaf221bb3f99",
              "versionType": "git"
            },
            {
              "lessThan": "aba32b4c58112960c0c708703ca6b44dc8944082",
              "status": "affected",
              "version": "d3142c193dca9a2f6878f4128ce1aaf221bb3f99",
              "versionType": "git"
            },
            {
              "lessThan": "d1b355438b8325a486f087e506d412c4e852f37b",
              "status": "affected",
              "version": "d3142c193dca9a2f6878f4128ce1aaf221bb3f99",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/sfc/ef10.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.39",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.13",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix crash when reading stats while NIC is resetting\n\nefx_net_stats() (.ndo_get_stats64) can be called during an ethtool\n selftest, during which time nic_data-\u003emc_stats is NULL as the NIC has\n been fini\u0027d.  In this case do not attempt to fetch the latest stats\n from the hardware, else we will crash on a NULL dereference:\n    BUG: kernel NULL pointer dereference, address: 0000000000000038\n    RIP efx_nic_update_stats\n    abridged calltrace:\n    efx_ef10_update_stats_pf\n    efx_net_stats\n    dev_get_stats\n    dev_seq_printf_stats\nSkipping the read is safe, we will simply give out stale stats.\nTo ensure that the free in efx_ef10_fini_nic() does not race against\n efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the\n efx-\u003estats_lock in fini_nic (it is already held across update_stats)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T13:07:06.043Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb"
        },
        {
          "url": "https://git.kernel.org/stable/c/91f4ef204e731565afdc6c2a7fcf509a3fd6fd67"
        },
        {
          "url": "https://git.kernel.org/stable/c/446f5567934331923d0aec4ce045e4ecb0174aae"
        },
        {
          "url": "https://git.kernel.org/stable/c/470152d76b3ed107d172ea46acc4bfa941f20b4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/aba32b4c58112960c0c708703ca6b44dc8944082"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1b355438b8325a486f087e506d412c4e852f37b"
        }
      ],
      "title": "sfc: fix crash when reading stats while NIC is resetting",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54156",
    "datePublished": "2025-12-24T13:07:06.043Z",
    "dateReserved": "2025-12-24T13:02:52.530Z",
    "dateUpdated": "2025-12-24T13:07:06.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/cpu/microcode/amd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "763f4d638f71cb45235395790a46e9f9e84227fd",
              "status": "affected",
              "version": "bef830144febedb7de86863ae99d8f53bed76e95",
              "versionType": "git"
            },
            {
              "lessThan": "ada88219d5315fc13f2910fe278c7112d8d68889",
              "status": "affected",
              "version": "3e8653e399e7111a3e87d534ff4533b250ae574f",
              "versionType": "git"
            },
            {
              "lessThan": "d295c58fad1d5ab987a81f139dd21498732c4f13",
              "status": "affected",
              "version": "c162ba4f45ab6ef3b7114af6fb419f1833f050c0",
              "versionType": "git"
            },
            {
              "lessThan": "7f705a45f130a85fbf31c2abdc999c65644c8307",
              "status": "affected",
              "version": "50cef76d5cb0e199cda19f026842560f6eedc4f7",
              "versionType": "git"
            },
            {
              "lessThan": "31ab12df723543047c3fc19cb8f8c4498ec6267f",
              "status": "affected",
              "version": "50cef76d5cb0e199cda19f026842560f6eedc4f7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/cpu/microcode/amd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.87",
                  "versionStartIncluding": "6.6.81",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.23",
                  "versionStartIncluding": "6.12.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.11",
                  "versionStartIncluding": "6.13.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.2",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix __apply_microcode_amd()\u0027s return value\n\nWhen verify_sha256_digest() fails, __apply_microcode_amd() should propagate\nthe failure by returning false (and not -1 which is promoted to true)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:17:19.094Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/763f4d638f71cb45235395790a46e9f9e84227fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/ada88219d5315fc13f2910fe278c7112d8d68889"
        },
        {
          "url": "https://git.kernel.org/stable/c/d295c58fad1d5ab987a81f139dd21498732c4f13"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f705a45f130a85fbf31c2abdc999c65644c8307"
        },
        {
          "url": "https://git.kernel.org/stable/c/31ab12df723543047c3fc19cb8f8c4498ec6267f"
        }
      ],
      "title": "x86/microcode/AMD: Fix __apply_microcode_amd()\u0027s return value",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-22047",
    "datePublished": "2025-04-16T14:12:07.061Z",
    "dateReserved": "2024-12-29T08:45:45.810Z",
    "dateUpdated": "2025-05-26T05:17:19.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/pcie/drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f6f2d16c77f936041b8ac495fceabded4ec6c83c",
              "status": "affected",
              "version": "809805a820c6445f7a701ded24fdc6bbc841d1e4",
              "versionType": "git"
            },
            {
              "lessThan": "0fc0d287c1e7dcb39a3b9bb0f8679cd68c2156c7",
              "status": "affected",
              "version": "809805a820c6445f7a701ded24fdc6bbc841d1e4",
              "versionType": "git"
            },
            {
              "lessThan": "7545f21eee1356ec98581125c4dba9c4c0cc7397",
              "status": "affected",
              "version": "809805a820c6445f7a701ded24fdc6bbc841d1e4",
              "versionType": "git"
            },
            {
              "lessThan": "0f9a1bcb94016d3a3c455a77b01f6bb06e15f6eb",
              "status": "affected",
              "version": "809805a820c6445f7a701ded24fdc6bbc841d1e4",
              "versionType": "git"
            },
            {
              "lessThan": "dcd23aa6cc0ded7950b60ce1badb80b84045c6c0",
              "status": "affected",
              "version": "809805a820c6445f7a701ded24fdc6bbc841d1e4",
              "versionType": "git"
            },
            {
              "lessThan": "b655b9a9f8467684cfa8906713d33b71ea8c8f54",
              "status": "affected",
              "version": "809805a820c6445f7a701ded24fdc6bbc841d1e4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/pcie/drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.244",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.244",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.181",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.113",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.30",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.4",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: pcie: fix possible NULL pointer dereference\n\nIt is possible that iwl_pci_probe() will fail and free the trans,\nthen afterwards iwl_pci_remove() will be called and crash by trying\nto access trans which is already freed, fix it.\n\niwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2\n\t\t      wfpm id 0xa5a5a5a2\niwlwifi 0000:01:00.0: Can\u0027t find a correct rfid for crf id 0x5a2\n...\nBUG: kernel NULL pointer dereference, address: 0000000000000028\n...\nRIP: 0010:iwl_pci_remove+0x12/0x30 [iwlwifi]\npci_device_remove+0x3e/0xb0\ndevice_release_driver_internal+0x103/0x1f0\ndriver_detach+0x4c/0x90\nbus_remove_driver+0x5c/0xd0\ndriver_unregister+0x31/0x50\npci_unregister_driver+0x40/0x90\niwl_pci_unregister_driver+0x15/0x20 [iwlwifi]\n__exit_compat+0x9/0x98 [iwlwifi]\n__x64_sys_delete_module+0x147/0x260"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:33:35.583Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f6f2d16c77f936041b8ac495fceabded4ec6c83c"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fc0d287c1e7dcb39a3b9bb0f8679cd68c2156c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/7545f21eee1356ec98581125c4dba9c4c0cc7397"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f9a1bcb94016d3a3c455a77b01f6bb06e15f6eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcd23aa6cc0ded7950b60ce1badb80b84045c6c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b655b9a9f8467684cfa8906713d33b71ea8c8f54"
        }
      ],
      "title": "wifi: iwlwifi: pcie: fix possible NULL pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54053",
    "datePublished": "2025-12-24T12:23:02.498Z",
    "dateReserved": "2025-12-24T12:21:05.090Z",
    "dateUpdated": "2026-01-05T10:33:35.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}