Common Weakness Enumeration

CWE-672

Allowed-with-Review

Operation on a Resource after Expiration or Release

Abstraction: Class · Status: Draft

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

118 vulnerabilities reference this CWE, most recent first.

GHSA-5R25-M2H9-W299

Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-22 21:31
VLAI
Details

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T14:15:51Z",
    "severity": "HIGH"
  },
  "details": "When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-5r25-m2h9-w299",
  "modified": "2025-10-22T21:31:18Z",
  "published": "2025-10-15T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55669"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000150752"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-655H-HG88-5QMF

Vulnerability from github – Published: 2025-08-22 17:34 – Updated: 2025-08-22 17:34
VLAI
Summary
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety
Details

The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd (such as a UnixStream) as the file descriptor can close the file descriptor and continue to attempt using it or close an already-closed file descriptor, violating I/O safety.

Starting in version 1.6.0, xcb provides Connection::connect_with_fd and Connection::connect_with_fd_and_extensions as safe alternatives and deprecates the problematic functions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "xcb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-666",
      "CWE-672"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-22T17:34:45Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "The API of `xcb::Connection` has constructors which allow an arbitrary `RawFd` to be used as a socket connection. On either failure of these constructors or on the drop of `Connection`, it closes the associated file descriptor. Thus, a program which uses an `OwnedFd` (such as a `UnixStream`) as the file descriptor can close the file descriptor and continue to attempt using it or close an already-closed file descriptor, violating I/O safety.\n\nStarting in version 1.6.0, `xcb` provides `Connection::connect_with_fd` and `Connection::connect_with_fd_and_extensions` as safe alternatives and deprecates the problematic functions.",
  "id": "GHSA-655h-hg88-5qmf",
  "modified": "2025-08-22T17:34:45Z",
  "published": "2025-08-22T17:34:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rust-x-bindings/rust-xcb/issues/167"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-x-bindings/rust-xcb/issues/282"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-x-bindings/rust-xcb/pull/283"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustsec/advisory-db/pull/2355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-x-bindings/rust-xcb/commit/da830976870c1174e3b33eb0643177be3991c002"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-x-bindings/rust-xcb"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0051.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety"
}

GHSA-675F-RQ2R-JW82

Vulnerability from github – Published: 2025-01-09 17:23 – Updated: 2025-01-09 18:57
VLAI
Summary
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Details

Impact

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation.

Example attack scenario: 1. An attacker has stolen the private key for a key published in JWK Set. 2. The publishers of that JWK Set remove that key from the JWK Set. 3. Enough time has passed that the program using the auto-caching HTTP client found in github.com/MicahParks/jwkset v0.5.0-v0.5.21 has elapsed its HTTPClientStorageOptions.RefreshInterval duration, causing a refresh of the remote JWK Set. 4. The attacker is signing content (such as JWTs) with the stolen private key and the system has no other forms of revocation.

Patches

The affected auto-caching HTTP client was added in version v0.5.0 and fixed in v0.6.0. Upgrade to v0.6.0 or later.

Workarounds

The only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the HTTPClientStorageOptions.RefreshInterval to zero (or not specifying the value). Upgrade to v0.6.0 is advised.

References

Please see the tracking issue on GitHub for additional details: https://github.com/MicahParks/jwkset/issues/40

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.5.21"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/MicahParks/jwkset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.5.0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-22149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-09T17:23:43Z",
    "nvd_published_at": "2025-01-09T18:15:30Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe project\u0027s provided HTTP client\u0027s local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation.\n\nExample attack scenario:\n1. An attacker has stolen the private key for a key published in JWK Set.\n2. The publishers of that JWK Set remove that key from the JWK Set.\n3. Enough time has passed that the program using the auto-caching HTTP client found in `github.com/MicahParks/jwkset` v0.5.0-v0.5.21 has elapsed its `HTTPClientStorageOptions.RefreshInterval` duration, causing a refresh of the remote JWK Set.\n4. The attacker is signing content (such as JWTs) with the stolen private key and the system has no other forms of revocation.\n\n### Patches\nThe affected auto-caching HTTP client was added in version `v0.5.0` and fixed in `v0.6.0`. Upgrade to `v0.6.0` or later.\n\n### Workarounds\nThe only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the `HTTPClientStorageOptions.RefreshInterval` to zero (or not specifying the value). Upgrade to `v0.6.0` is advised.\n\n### References\nPlease see the tracking issue on GitHub for additional details: https://github.com/MicahParks/jwkset/issues/40\n",
  "id": "GHSA-675f-rq2r-jw82",
  "modified": "2025-01-09T18:57:32Z",
  "published": "2025-01-09T17:23:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MicahParks/jwkset/issues/40"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MicahParks/jwkset/pull/41"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MicahParks/jwkset/commit/01db49a90f7f20c7fb39a699a2f19a7a5f379ed3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MicahParks/jwkset"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "JWK Set\u0027s HTTP client only overwrites and appends JWK to local cache during refresh"
}

GHSA-67R5-RQWV-9P9Q

Vulnerability from github – Published: 2025-03-31 16:13 – Updated: 2025-03-31 16:13
VLAI
Summary
array-init-cursor is unsound when used with types that implement `Drop`
Details

The Drop implementation will get run twice when using the cursor.

This issue does not affect you, if you are using only using the crate with types that are Copy such as u8.

This issue also does not affect you, if you are only depending on it through the crate planus.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "array-init-cursor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-31T16:13:34Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "The `Drop` implementation will get run twice when using the cursor.\n\nThis issue does not affect you, if you are using only using the crate with types that are `Copy` such as `u8`.\n\nThis issue also does not affect you, if you are only depending on it through the crate `planus`.",
  "id": "GHSA-67r5-rqwv-9p9q",
  "modified": "2025-03-31T16:13:34Z",
  "published": "2025-03-31T16:13:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/planus-org/planus/issues/293"
    },
    {
      "type": "WEB",
      "url": "https://github.com/planus-org/planus/pull/294"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/planus-org/planus"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0019.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "array-init-cursor is unsound when used with types that implement `Drop`"
}

GHSA-6FVH-VVX6-69V5

Vulnerability from github – Published: 2025-01-08 03:30 – Updated: 2025-01-08 03:30
VLAI
Details

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-672"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-08T02:15:25Z",
    "severity": "MODERATE"
  },
  "details": "UAF vulnerability in the device node access module\nImpact: Successful exploitation of this vulnerability may cause service exceptions of the device.",
  "id": "GHSA-6fvh-vvx6-69v5",
  "modified": "2025-01-08T03:30:23Z",
  "published": "2025-01-08T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56434"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XMX-4966-5MWP

Vulnerability from github – Published: 2025-06-12 21:30 – Updated: 2025-06-12 21:30
VLAI
Details

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.

When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.

We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-12T20:15:22Z",
    "severity": "HIGH"
  },
  "details": "Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. \n\nWhen a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.\n\nWe recommend customers discontinue usage of any remaining Amazon Cloud Cams.",
  "id": "GHSA-6xmx-4966-5mwp",
  "modified": "2025-06-12T21:30:31Z",
  "published": "2025-06-12T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6031"
    },
    {
      "type": "WEB",
      "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-86J3-8QQW-575J

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2026-04-24 15:32
VLAI
Details

An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-20022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-27T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.",
  "id": "GHSA-86j3-8qqw-575j",
  "modified": "2026-04-24T15:32:16Z",
  "published": "2022-05-24T17:05:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20022"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saitoha/libsixel/issues/108"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H6Q-7WVM-5W36

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: battery: Fix possible crash when unregistering a battery hook

When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash.

Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: battery: Fix possible crash when unregistering a battery hook\n\nWhen a battery hook returns an error when adding a new battery, then\nthe battery hook is automatically unregistered.\nHowever the battery hook provider cannot know that, so it will later\ncall battery_hook_unregister() on the already unregistered battery\nhook, resulting in a crash.\n\nFix this by using the list head to mark already unregistered battery\nhooks as already being unregistered so that they can be ignored by\nbattery_hook_unregister().",
  "id": "GHSA-8h6q-7wvm-5w36",
  "modified": "2026-05-12T12:32:11Z",
  "published": "2024-10-21T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49955"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07b98400cb0285a6348188aa8c5ec6a2ae0551f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76959aff14a0012ad6b984ec7686d163deccdc16"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76fb2cbf01571926da8ecf6876cc8cb07d3f5183"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f469ef1c79dac7f9ac1518643a33703918f7e13"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c47843a831e0eae007ad7e848d208e675ba4c132"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca1fb7942a287b40659cc79551a1de54a2c2e7d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca26e8eed9c1c6651f51f7fa38fe444f8573cd1b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce31847f109c3a5b2abdd19d7bcaafaacfde53de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da964de4c18199e14b961b5b2e5e6570552a313c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QRG-FXFF-9FCM

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-11-07 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice

The km.state is not checked in driver's delayed work. When xfrm_state_check_expire() is called, the state can be reset to XFRM_STATE_EXPIRED, even if it is XFRM_STATE_DEAD already. This happens when xfrm state is deleted, but not freed yet. As __xfrm_state_delete() is called again in xfrm timer, the following crash occurs.

To fix this issue, skip xfrm_state_check_expire() if km.state is not XFRM_STATE_VALID.

Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP CPU: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 Not tainted 6.11.0-rc2+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core] RIP: 0010:__xfrm_state_delete+0x3d/0x1b0 Code: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 <48> 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48 RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246 RAX: dead000000000122 RBX: ffffffff82afa940 RCX: 0000000000000036 RDX: dead000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980 RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246 R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400 FS: 0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? die_addr+0x33/0x90 ? exc_general_protection+0x1a2/0x390 ? asm_exc_general_protection+0x22/0x30 ? __xfrm_state_delete+0x3d/0x1b0 ? __xfrm_state_delete+0x2f/0x1b0 xfrm_timer_handler+0x174/0x350 ? __xfrm_state_delete+0x1b0/0x1b0 __hrtimer_run_queues+0x121/0x270 hrtimer_run_softirq+0x88/0xd0 handle_softirqs+0xcc/0x270 do_softirq+0x3c/0x50 __local_bh_enable_ip+0x47/0x50 mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core] process_one_work+0x137/0x2d0 worker_thread+0x28d/0x3a0 ? rescuer_thread+0x480/0x480 kthread+0xb8/0xe0 ? kthread_park+0x80/0x80 ret_from_fork+0x2d/0x50 ? kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice\n\nThe km.state is not checked in driver\u0027s delayed work. When\nxfrm_state_check_expire() is called, the state can be reset to\nXFRM_STATE_EXPIRED, even if it is XFRM_STATE_DEAD already. This\nhappens when xfrm state is deleted, but not freed yet. As\n__xfrm_state_delete() is called again in xfrm timer, the following\ncrash occurs.\n\nTo fix this issue, skip xfrm_state_check_expire() if km.state is not\nXFRM_STATE_VALID.\n\n Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n CPU: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 Not tainted 6.11.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core]\n RIP: 0010:__xfrm_state_delete+0x3d/0x1b0\n Code: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 \u003c48\u003e 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48\n RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246\n RAX: dead000000000122 RBX: ffffffff82afa940 RCX: 0000000000000036\n RDX: dead000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980\n RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000\n R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246\n R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400\n FS:  0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  \u003cIRQ\u003e\n  ? die_addr+0x33/0x90\n  ? exc_general_protection+0x1a2/0x390\n  ? asm_exc_general_protection+0x22/0x30\n  ? __xfrm_state_delete+0x3d/0x1b0\n  ? __xfrm_state_delete+0x2f/0x1b0\n  xfrm_timer_handler+0x174/0x350\n  ? __xfrm_state_delete+0x1b0/0x1b0\n  __hrtimer_run_queues+0x121/0x270\n  hrtimer_run_softirq+0x88/0xd0\n  handle_softirqs+0xcc/0x270\n  do_softirq+0x3c/0x50\n  \u003c/IRQ\u003e\n  \u003cTASK\u003e\n  __local_bh_enable_ip+0x47/0x50\n  mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core]\n  process_one_work+0x137/0x2d0\n  worker_thread+0x28d/0x3a0\n  ? rescuer_thread+0x480/0x480\n  kthread+0xb8/0xe0\n  ? kthread_park+0x80/0x80\n  ret_from_fork+0x2d/0x50\n  ? kthread_park+0x80/0x80\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e",
  "id": "GHSA-8qrg-fxff-9fcm",
  "modified": "2024-11-07T18:31:21Z",
  "published": "2024-10-21T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49953"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b1672834634df9ac9cedf856db9fc36d92c50ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/151e7dead1f5399a73c19c4b50307ea48aff1dc0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b124695db40d5c9c5295a94ae928a8d67a01c3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fab615ac9fcb8589222303099975d464d8857527"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-95W4-863F-9MJ3

Vulnerability from github – Published: 2025-09-05 21:32 – Updated: 2025-09-05 21:32
VLAI
Details

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-05T21:15:34Z",
    "severity": "MODERATE"
  },
  "details": "MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management.  This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12",
  "id": "GHSA-95w4-863f-9mj3",
  "modified": "2025-09-05T21:32:38Z",
  "published": "2025-09-05T21:32:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10060"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-95524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.