{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/drm/drm_kunit_helpers.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c9d8be0e533738b744abb669263c4750d4830009",
              "status": "affected",
              "version": "d98780310719bf4076d975c2ff65c44c7c0d929e",
              "versionType": "git"
            },
            {
              "lessThan": "139a27854bf5ce93ff9805f9f7683b88c13074dc",
              "status": "affected",
              "version": "d98780310719bf4076d975c2ff65c44c7c0d929e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/drm/drm_kunit_helpers.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: helpers: Avoid a driver uaf\n\nwhen using __drm_kunit_helper_alloc_drm_device() the driver may be\ndereferenced by device-managed resources up until the device is\nfreed, which is typically later than the kunit-managed resource code\nfrees it. Fix this by simply make the driver device-managed as well.\n\nIn short, the sequence leading to the UAF is as follows:\n\nINIT:\nCode allocates a struct device as a kunit-managed resource.\nCode allocates a drm driver as a kunit-managed resource.\nCode allocates a drm device as a device-managed resource.\n\nEXIT:\nKunit resource cleanup frees the drm driver\nKunit resource cleanup puts the struct device, which starts a\n      device-managed resource cleanup\ndevice-managed cleanup calls drm_dev_put()\ndrm_dev_put() dereferences the (now freed) drm driver -\u003e Boom.\n\nRelated KASAN message:\n[55272.551542] ==================================================================\n[55272.551551] BUG: KASAN: slab-use-after-free in drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551603] Read of size 8 at addr ffff888127502828 by task kunit_try_catch/10353\n\n[55272.551612] CPU: 4 PID: 10353 Comm: kunit_try_catch Tainted: G     U           N 6.5.0-rc7+ #155\n[55272.551620] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 0403 01/26/2021\n[55272.551626] Call Trace:\n[55272.551629]  \u003cTASK\u003e\n[55272.551633]  dump_stack_lvl+0x57/0x90\n[55272.551639]  print_report+0xcf/0x630\n[55272.551645]  ? _raw_spin_lock_irqsave+0x5f/0x70\n[55272.551652]  ? drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551694]  kasan_report+0xd7/0x110\n[55272.551699]  ? drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551742]  drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551783]  devres_release_all+0x15d/0x1f0\n[55272.551790]  ? __pfx_devres_release_all+0x10/0x10\n[55272.551797]  device_unbind_cleanup+0x16/0x1a0\n[55272.551802]  device_release_driver_internal+0x3e5/0x540\n[55272.551808]  ? kobject_put+0x5d/0x4b0\n[55272.551814]  bus_remove_device+0x1f1/0x3f0\n[55272.551819]  device_del+0x342/0x910\n[55272.551826]  ? __pfx_device_del+0x10/0x10\n[55272.551830]  ? lock_release+0x339/0x5e0\n[55272.551836]  ? kunit_remove_resource+0x128/0x290 [kunit]\n[55272.551845]  ? __pfx_lock_release+0x10/0x10\n[55272.551851]  platform_device_del.part.0+0x1f/0x1e0\n[55272.551856]  ? _raw_spin_unlock_irqrestore+0x30/0x60\n[55272.551863]  kunit_remove_resource+0x195/0x290 [kunit]\n[55272.551871]  ? _raw_spin_unlock_irqrestore+0x30/0x60\n[55272.551877]  kunit_cleanup+0x78/0x120 [kunit]\n[55272.551885]  ? __kthread_parkme+0xc1/0x1f0\n[55272.551891]  ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [kunit]\n[55272.551900]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [kunit]\n[55272.551909]  kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit]\n[55272.551919]  kthread+0x2e7/0x3c0\n[55272.551924]  ? __pfx_kthread+0x10/0x10\n[55272.551929]  ret_from_fork+0x2d/0x70\n[55272.551935]  ? __pfx_kthread+0x10/0x10\n[55272.551940]  ret_from_fork_asm+0x1b/0x30\n[55272.551948]  \u003c/TASK\u003e\n\n[55272.551953] Allocated by task 10351:\n[55272.551956]  kasan_save_stack+0x1c/0x40\n[55272.551962]  kasan_set_track+0x21/0x30\n[55272.551966]  __kasan_kmalloc+0x8b/0x90\n[55272.551970]  __kmalloc+0x5e/0x160\n[55272.551976]  kunit_kmalloc_array+0x1c/0x50 [kunit]\n[55272.551984]  drm_exec_test_init+0xfa/0x2c0 [drm_exec_test]\n[55272.551991]  kunit_try_run_case+0xdd/0x250 [kunit]\n[55272.551999]  kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit]\n[55272.552008]  kthread+0x2e7/0x3c0\n[55272.552012]  ret_from_fork+0x2d/0x70\n[55272.552017]  ret_from_fork_asm+0x1b/0x30\n\n[55272.552024] Freed by task 10353:\n[55272.552027]  kasan_save_stack+0x1c/0x40\n[55272.552032]  kasan_set_track+0x21/0x30\n[55272.552036]  kasan_save_free_info+0x27/0x40\n[55272.552041]  __kasan_slab_free+0x106/0x180\n[55272.552046]  slab_free_freelist_hook+0xb3/0x160\n[55272.552051]  __kmem_cache_free+0xb2/0x290\n[55272.552056]  kunit_remove_resource+0x195/0x290 [kunit]\n[55272.552064]  kunit_cleanup+0x7\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:22:08.322Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c9d8be0e533738b744abb669263c4750d4830009"
        },
        {
          "url": "https://git.kernel.org/stable/c/139a27854bf5ce93ff9805f9f7683b88c13074dc"
        }
      ],
      "title": "drm/tests: helpers: Avoid a driver uaf",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53235",
    "datePublished": "2025-09-15T14:22:08.322Z",
    "dateReserved": "2025-09-15T14:19:21.847Z",
    "dateUpdated": "2025-09-15T14:22:08.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/raid5-cache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "711fb92606208a8626b785da4f9f23d648a5b6c8",
              "status": "affected",
              "version": "0dd00cba99c352dc9afd62979f350d808c215cb9",
              "versionType": "git"
            },
            {
              "lessThan": "7a8b6d93991bf4b72b3f959baea35397c6c8e521",
              "status": "affected",
              "version": "0dd00cba99c352dc9afd62979f350d808c215cb9",
              "versionType": "git"
            },
            {
              "lessThan": "e46b2e7be8059d156af8c011dd8d665229b65886",
              "status": "affected",
              "version": "0dd00cba99c352dc9afd62979f350d808c215cb9",
              "versionType": "git"
            },
            {
              "lessThan": "0d0bd28c500173bfca78aa840f8f36d261ef1765",
              "status": "affected",
              "version": "0dd00cba99c352dc9afd62979f350d808c215cb9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/raid5-cache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.53",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.16",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.3",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()\n\nr5l_flush_stripe_to_raid() will check if the list \u0027flushing_ios\u0027 is\nempty, and then submit \u0027flush_bio\u0027, however, r5l_log_flush_endio()\nis clearing the list first and then clear the bio, which will cause\nnull-ptr-deref:\n\nT1: submit flush io\nraid5d\n handle_active_stripes\n  r5l_flush_stripe_to_raid\n   // list is empty\n   // add \u0027io_end_ios\u0027 to the list\n   bio_init\n   submit_bio\n   // io1\n\nT2: io1 is done\nr5l_log_flush_endio\n list_splice_tail_init\n // clear the list\n\t\t\tT3: submit new flush io\n\t\t\t...\n\t\t\tr5l_flush_stripe_to_raid\n\t\t\t // list is empty\n\t\t\t // add \u0027io_end_ios\u0027 to the list\n\t\t\t bio_init\n bio_uninit\n // clear bio-\u003ebi_blkg\n\t\t\t submit_bio\n\t\t\t // null-ptr-deref\n\nFix this problem by clearing bio before clearing the list in\nr5l_log_flush_endio()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:38.534Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/711fb92606208a8626b785da4f9f23d648a5b6c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a8b6d93991bf4b72b3f959baea35397c6c8e521"
        },
        {
          "url": "https://git.kernel.org/stable/c/e46b2e7be8059d156af8c011dd8d665229b65886"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d0bd28c500173bfca78aa840f8f36d261ef1765"
        }
      ],
      "title": "md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53210",
    "datePublished": "2025-09-15T14:21:38.534Z",
    "dateReserved": "2025-09-15T13:59:19.069Z",
    "dateUpdated": "2025-09-15T14:21:38.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/crypto/arm64/poly1305-glue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ef74efa598b7bbc5c24509f7f56af2806f81c339",
              "status": "affected",
              "version": "a59e5468a921937cb7317892779c67046ad9f5cc",
              "versionType": "git"
            },
            {
              "lessThan": "eec76ea5a7213c48529a46eed1b343e5cee3aaab",
              "status": "affected",
              "version": "a59e5468a921937cb7317892779c67046ad9f5cc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/crypto/arm64/poly1305-glue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.16"
            },
            {
              "lessThan": "6.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc1",
                  "versionStartIncluding": "6.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts\n\nRestore the SIMD usability check that was removed by commit a59e5468a921\n(\"crypto: arm64/poly1305 - Add block-only interface\").\n\nThis safety check is cheap and is well worth eliminating a footgun.\nWhile the Poly1305 functions should not be called when SIMD registers\nare unusable, if they are anyway, they should just do the right thing\ninstead of corrupting random tasks\u0027 registers and/or computing incorrect\nMACs.  Fixing this is also needed for poly1305_kunit to pass.\n\nJust use may_use_simd() instead of the original crypto_simd_usable(),\nsince poly1305_kunit won\u0027t rely on crypto_simd_disabled_for_test."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T12:36:46.483Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ef74efa598b7bbc5c24509f7f56af2806f81c339"
        },
        {
          "url": "https://git.kernel.org/stable/c/eec76ea5a7213c48529a46eed1b343e5cee3aaab"
        }
      ],
      "title": "lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39804",
    "datePublished": "2025-09-15T12:36:46.483Z",
    "dateReserved": "2025-04-16T07:20:57.135Z",
    "dateUpdated": "2025-09-15T12:36:46.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/cpufreq/qcom-cpufreq-nvmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "794ded0bc461287a268bed21fea2eebb6e5d232c",
              "status": "affected",
              "version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b",
              "versionType": "git"
            },
            {
              "lessThan": "14d260f94ff89543597ffea13db8b277a810e08e",
              "status": "affected",
              "version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b",
              "versionType": "git"
            },
            {
              "lessThan": "b74ee4e301ca01e431e240c046173332966e2431",
              "status": "affected",
              "version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b",
              "versionType": "git"
            },
            {
              "lessThan": "01039fb8e90c9cb684430414bff70cea9eb168c5",
              "status": "affected",
              "version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/cpufreq/qcom-cpufreq-nvmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.152",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.152",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.76",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.6",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: qcom: fix writes in read-only memory region\n\nThis commit fixes a kernel oops because of a write in some read-only memory:\n\n\t[    9.068287] Unable to handle kernel write to read-only memory at virtual address ffff800009240ad8\n\t..snip..\n\t[    9.138790] Internal error: Oops: 9600004f [#1] PREEMPT SMP\n\t..snip..\n\t[    9.269161] Call trace:\n\t[    9.276271]  __memcpy+0x5c/0x230\n\t[    9.278531]  snprintf+0x58/0x80\n\t[    9.282002]  qcom_cpufreq_msm8939_name_version+0xb4/0x190\n\t[    9.284869]  qcom_cpufreq_probe+0xc8/0x39c\n\t..snip..\n\nThe following line defines a pointer that point to a char buffer stored\nin read-only memory:\n\n\tchar *pvs_name = \"speedXX-pvsXX-vXX\";\n\nThis pointer is meant to hold a template \"speedXX-pvsXX-vXX\" where the\nXX values get overridden by the qcom_cpufreq_krait_name_version function. Since\nthe template is actually stored in read-only memory, when the function\nexecutes the following call we get an oops:\n\n\tsnprintf(*pvs_name, sizeof(\"speedXX-pvsXX-vXX\"), \"speed%d-pvs%d-v%d\",\n\t\t speed, pvs, pvs_ver);\n\nTo fix this issue, we instead store the template name onto the stack by\nusing the following syntax:\n\n\tchar pvs_name_buffer[] = \"speedXX-pvsXX-vXX\";\n\nBecause the `pvs_name` needs to be able to be assigned to NULL, the\ntemplate buffer is stored in the pvs_name_buffer and not under the\npvs_name variable."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:01:43.916Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/794ded0bc461287a268bed21fea2eebb6e5d232c"
        },
        {
          "url": "https://git.kernel.org/stable/c/14d260f94ff89543597ffea13db8b277a810e08e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b74ee4e301ca01e431e240c046173332966e2431"
        },
        {
          "url": "https://git.kernel.org/stable/c/01039fb8e90c9cb684430414bff70cea9eb168c5"
        }
      ],
      "title": "cpufreq: qcom: fix writes in read-only memory region",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50239",
    "datePublished": "2025-09-15T14:01:43.916Z",
    "dateReserved": "2025-09-15T13:58:00.971Z",
    "dateUpdated": "2025-09-15T14:01:43.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/9p/client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1cabce56626a61f4f02452cba61ad4332a4b73f8",
              "status": "affected",
              "version": "728356dedeff8ef999cb436c71333ef4ac51a81c",
              "versionType": "git"
            },
            {
              "lessThan": "73c47b3123b351de2d3714a72a336c0f72f203af",
              "status": "affected",
              "version": "728356dedeff8ef999cb436c71333ef4ac51a81c",
              "versionType": "git"
            },
            {
              "lessThan": "967fc34f297e40fd2e068cf6b0c3eb4916228539",
              "status": "affected",
              "version": "728356dedeff8ef999cb436c71333ef4ac51a81c",
              "versionType": "git"
            },
            {
              "lessThan": "26273ade77f54716e30dfd40ac6e85ceb54ac0f9",
              "status": "affected",
              "version": "728356dedeff8ef999cb436c71333ef4ac51a81c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3665a4d9dca1bd06bc34afb72e637fe01b2776ee",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/9p/client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.57",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: set req refcount to zero to avoid uninitialized usage\n\nWhen a new request is allocated, the refcount will be zero if it is\nreused, but if the request is newly allocated from slab, it is not fully\ninitialized before being added to idr.\n\nIf the p9_read_work got a response before the refcount initiated. It will\nuse a uninitialized req, which will result in a bad request data struct.\n\nHere is the logs from syzbot.\n\nCorrupted memory at 0xffff88807eade00b [ 0xff 0x07 0x00 0x00 0x00 0x00\n0x00 0x00 . . . . . . . . ] (in kfence-#110):\n p9_fcall_fini net/9p/client.c:248 [inline]\n p9_req_put net/9p/client.c:396 [inline]\n p9_req_put+0x208/0x250 net/9p/client.c:390\n p9_client_walk+0x247/0x540 net/9p/client.c:1165\n clone_fid fs/9p/fid.h:21 [inline]\n v9fs_fid_xattr_set+0xe4/0x2b0 fs/9p/xattr.c:118\n v9fs_xattr_set fs/9p/xattr.c:100 [inline]\n v9fs_xattr_handler_set+0x6f/0x120 fs/9p/xattr.c:159\n __vfs_setxattr+0x119/0x180 fs/xattr.c:182\n __vfs_setxattr_noperm+0x129/0x5f0 fs/xattr.c:216\n __vfs_setxattr_locked+0x1d3/0x260 fs/xattr.c:277\n vfs_setxattr+0x143/0x340 fs/xattr.c:309\n setxattr+0x146/0x160 fs/xattr.c:617\n path_setxattr+0x197/0x1c0 fs/xattr.c:636\n __do_sys_setxattr fs/xattr.c:652 [inline]\n __se_sys_setxattr fs/xattr.c:648 [inline]\n __ia32_sys_setxattr+0xc0/0x160 fs/xattr.c:648\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nBelow is a similar scenario, the scenario in the syzbot log looks more\ncomplicated than this one, but this patch can fix it.\n\n     T21124                   p9_read_work\n======================== second trans =================================\np9_client_walk\n  p9_client_rpc\n    p9_client_prepare_req\n      p9_tag_alloc\n        req = kmem_cache_alloc(p9_req_cache, GFP_NOFS);\n        tag = idr_alloc\n        \u003c\u003c preempted \u003e\u003e\n        req-\u003etc.tag = tag;\n                            /* req-\u003e[refcount/tag] == uninitialized */\n                            m-\u003erreq = p9_tag_lookup(m-\u003eclient, m-\u003erc.tag);\n                              /* increments uninitalized refcount */\n\n        refcount_set(\u0026req-\u003erefcount, 2);\n                            /* cb drops one ref */\n                            p9_client_cb(req)\n                            /* reader thread drops its ref:\n                               request is incorrectly freed */\n                            p9_req_put(req)\n    /* use after free and ref underflow */\n    p9_req_put(req)\n\nTo fix it, we can initialize the refcount to zero before add to idr."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:49:50.150Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1cabce56626a61f4f02452cba61ad4332a4b73f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/73c47b3123b351de2d3714a72a336c0f72f203af"
        },
        {
          "url": "https://git.kernel.org/stable/c/967fc34f297e40fd2e068cf6b0c3eb4916228539"
        },
        {
          "url": "https://git.kernel.org/stable/c/26273ade77f54716e30dfd40ac6e85ceb54ac0f9"
        }
      ],
      "title": "9p: set req refcount to zero to avoid uninitialized usage",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50335",
    "datePublished": "2025-09-15T14:49:50.150Z",
    "dateReserved": "2025-09-15T14:18:36.816Z",
    "dateUpdated": "2025-09-15T14:49:50.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/sgi-ip27/ip27-xtalk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "da2aecef866b476438d02c662507a0e4e818da9d",
              "status": "affected",
              "version": "5dc76a96e95ae041c1d8e52714bd77576b35919b",
              "versionType": "git"
            },
            {
              "lessThan": "93296e7ab774230b7c36541dead10b6da39b650f",
              "status": "affected",
              "version": "5dc76a96e95ae041c1d8e52714bd77576b35919b",
              "versionType": "git"
            },
            {
              "lessThan": "d7ac29e60d0ff71e9e414af595b8c92800f7fa90",
              "status": "affected",
              "version": "5dc76a96e95ae041c1d8e52714bd77576b35919b",
              "versionType": "git"
            },
            {
              "lessThan": "48025893b3e31b917ad654d28d23fff66681cac4",
              "status": "affected",
              "version": "5dc76a96e95ae041c1d8e52714bd77576b35919b",
              "versionType": "git"
            },
            {
              "lessThan": "11bec9cba4de06b3c0e9e4041453c2caaa1cbec1",
              "status": "affected",
              "version": "5dc76a96e95ae041c1d8e52714bd77576b35919b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/sgi-ip27/ip27-xtalk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.150",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()\n\nIn error case in bridge_platform_create after calling\nplatform_device_add()/platform_device_add_data()/\nplatform_device_add_resources(), release the failed\n\u0027pdev\u0027 or it will be leak, call platform_device_put()\nto fix this problem.\n\nBesides, \u0027pdev\u0027 is divided into \u0027pdev_wd\u0027 and \u0027pdev_bd\u0027,\nuse platform_device_unregister() to release sgi_w1\nresources when xtalk-bridge registration fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:17.759Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/da2aecef866b476438d02c662507a0e4e818da9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/93296e7ab774230b7c36541dead10b6da39b650f"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7ac29e60d0ff71e9e414af595b8c92800f7fa90"
        },
        {
          "url": "https://git.kernel.org/stable/c/48025893b3e31b917ad654d28d23fff66681cac4"
        },
        {
          "url": "https://git.kernel.org/stable/c/11bec9cba4de06b3c0e9e4041453c2caaa1cbec1"
        }
      ],
      "title": "MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50281",
    "datePublished": "2025-09-15T14:21:17.759Z",
    "dateReserved": "2025-09-15T13:58:00.976Z",
    "dateUpdated": "2025-09-15T14:21:17.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/acpica/dswstate.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a2d0dcb47b16f84880a59571eab8a004e3236d7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "35465c7a91c6b46e7c14d0c01d0084349a38ce51",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "710e09fd116e2fa53e319a416ad4e4f8027682b6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "16359bc02c093b0862e31739c07673340a2106a6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3a7a4aa3958ce0c4938a443d65001debe9a9af9c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8c4a7163b7f1495e3cc58bec7a4100de6612cde9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3048c6b84a51e4ba4a89385ed218d19a670edd47",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "05bb0167c80b8f93c6a4e0451b7da9b96db990c2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/acpica/dswstate.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.244",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.316",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.284",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.244",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.181",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.113",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Avoid undefined behavior: applying zero offset to null pointer\n\nACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e\n\nBefore this change we see the following UBSAN stack trace in Fuchsia:\n\n  #0    0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682 \u003cplatform-bus-x86.so\u003e+0x233302\n  #1.2  0x000020d0f660777f in ubsan_get_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:41 \u003clibclang_rt.asan.so\u003e+0x3d77f\n  #1.1  0x000020d0f660777f in maybe_print_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:51 \u003clibclang_rt.asan.so\u003e+0x3d77f\n  #1    0x000020d0f660777f in ~scoped_report() compiler-rt/lib/ubsan/ubsan_diag.cpp:387 \u003clibclang_rt.asan.so\u003e+0x3d77f\n  #2    0x000020d0f660b96d in handlepointer_overflow_impl() compiler-rt/lib/ubsan/ubsan_handlers.cpp:809 \u003clibclang_rt.asan.so\u003e+0x4196d\n  #3    0x000020d0f660b50d in compiler-rt/lib/ubsan/ubsan_handlers.cpp:815 \u003clibclang_rt.asan.so\u003e+0x4150d\n  #4    0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682 \u003cplatform-bus-x86.so\u003e+0x233302\n  #5    0x000021e4213e2369 in acpi_ds_call_control_method(struct acpi_thread_state*, struct acpi_walk_state*, union acpi_parse_object*) ../../third_party/acpica/source/components/dispatcher/dsmethod.c:605 \u003cplatform-bus-x86.so\u003e+0x262369\n  #6    0x000021e421437fac in acpi_ps_parse_aml(struct acpi_walk_state*) ../../third_party/acpica/source/components/parser/psparse.c:550 \u003cplatform-bus-x86.so\u003e+0x2b7fac\n  #7    0x000021e4214464d2 in acpi_ps_execute_method(struct acpi_evaluate_info*) ../../third_party/acpica/source/components/parser/psxface.c:244 \u003cplatform-bus-x86.so\u003e+0x2c64d2\n  #8    0x000021e4213aa052 in acpi_ns_evaluate(struct acpi_evaluate_info*) ../../third_party/acpica/source/components/namespace/nseval.c:250 \u003cplatform-bus-x86.so\u003e+0x22a052\n  #9    0x000021e421413dd8 in acpi_ns_init_one_device(acpi_handle, u32, void*, void**) ../../third_party/acpica/source/components/namespace/nsinit.c:735 \u003cplatform-bus-x86.so\u003e+0x293dd8\n  #10   0x000021e421429e98 in acpi_ns_walk_namespace(acpi_object_type, acpi_handle, u32, u32, acpi_walk_callback, acpi_walk_callback, void*, void**) ../../third_party/acpica/source/components/namespace/nswalk.c:298 \u003cplatform-bus-x86.so\u003e+0x2a9e98\n  #11   0x000021e4214131ac in acpi_ns_initialize_devices(u32) ../../third_party/acpica/source/components/namespace/nsinit.c:268 \u003cplatform-bus-x86.so\u003e+0x2931ac\n  #12   0x000021e42147c40d in acpi_initialize_objects(u32) ../../third_party/acpica/source/components/utilities/utxfinit.c:304 \u003cplatform-bus-x86.so\u003e+0x2fc40d\n  #13   0x000021e42126d603 in acpi::acpi_impl::initialize_acpi(acpi::acpi_impl*) ../../src/devices/board/lib/acpi/acpi-impl.cc:224 \u003cplatform-bus-x86.so\u003e+0xed603\n\nAdd a simple check that avoids incrementing a pointer by zero, but\notherwise behaves as before. Note that our findings are against ACPICA\n20221020, but the same code exists on master."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:04:33.101Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a2d0dcb47b16f84880a59571eab8a004e3236d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/35465c7a91c6b46e7c14d0c01d0084349a38ce51"
        },
        {
          "url": "https://git.kernel.org/stable/c/710e09fd116e2fa53e319a416ad4e4f8027682b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/16359bc02c093b0862e31739c07673340a2106a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a7a4aa3958ce0c4938a443d65001debe9a9af9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c4a7163b7f1495e3cc58bec7a4100de6612cde9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3048c6b84a51e4ba4a89385ed218d19a670edd47"
        },
        {
          "url": "https://git.kernel.org/stable/c/05bb0167c80b8f93c6a4e0451b7da9b96db990c2"
        }
      ],
      "title": "ACPICA: Avoid undefined behavior: applying zero offset to null pointer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53182",
    "datePublished": "2025-09-15T14:04:33.101Z",
    "dateReserved": "2025-09-15T13:59:19.065Z",
    "dateUpdated": "2025-09-15T14:04:33.101Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/ublk_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84415f934ad4e96f3507fd09b831953d60fb04ec",
              "status": "affected",
              "version": "c732a852b419fa057b53657e2daaf9433940391c",
              "versionType": "git"
            },
            {
              "lessThan": "b3a1e243a74632f88b22e713f1c7256754017d58",
              "status": "affected",
              "version": "c732a852b419fa057b53657e2daaf9433940391c",
              "versionType": "git"
            },
            {
              "lessThan": "0c0cbd4ebc375ceebc75c89df04b74f215fab23a",
              "status": "affected",
              "version": "c732a852b419fa057b53657e2daaf9433940391c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/ublk_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.43",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.8",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fail to recover device if queue setup is interrupted\n\nIn ublk_ctrl_end_recovery(), if wait_for_completion_interruptible() is\ninterrupted by signal, queues aren\u0027t setup successfully yet, so we\nhave to fail UBLK_CMD_END_USER_RECOVERY, otherwise kernel oops can be\ntriggered."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:35.378Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84415f934ad4e96f3507fd09b831953d60fb04ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3a1e243a74632f88b22e713f1c7256754017d58"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c0cbd4ebc375ceebc75c89df04b74f215fab23a"
        }
      ],
      "title": "ublk: fail to recover device if queue setup is interrupted",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53207",
    "datePublished": "2025-09-15T14:21:35.378Z",
    "dateReserved": "2025-09-15T13:59:19.068Z",
    "dateUpdated": "2025-09-15T14:21:35.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_sli.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "51ab4eb1a25e73c7fc2ad9026520c4d8369c93cc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8dfefa8f424ab208e552df1bfd008b732f3d0ad1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8becb97918f04bb177bc9c4e00c2bdb302e00944",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "21681b81b9ae548c5dae7ae00d931197a27f480c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_sli.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write\n\nDuring the sysfs firmware write process, a use-after-free read warning is\nlogged from the lpfc_wr_object() routine:\n\n  BUG: KFENCE: use-after-free read in lpfc_wr_object+0x235/0x310 [lpfc]\n  Use-after-free read at 0x0000000000cf164d (in kfence-#111):\n  lpfc_wr_object+0x235/0x310 [lpfc]\n  lpfc_write_firmware.cold+0x206/0x30d [lpfc]\n  lpfc_sli4_request_firmware_update+0xa6/0x100 [lpfc]\n  lpfc_request_firmware_upgrade_store+0x66/0xb0 [lpfc]\n  kernfs_fop_write_iter+0x121/0x1b0\n  new_sync_write+0x11c/0x1b0\n  vfs_write+0x1ef/0x280\n  ksys_write+0x5f/0xe0\n  do_syscall_64+0x59/0x90\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe driver accessed wr_object pointer data, which was initialized into\nmailbox payload memory, after the mailbox object was released back to the\nmailbox pool.\n\nFix by moving the mailbox free calls to the end of the routine ensuring\nthat we don\u0027t reference internal mailbox memory after release."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:11:16.083Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/51ab4eb1a25e73c7fc2ad9026520c4d8369c93cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/8dfefa8f424ab208e552df1bfd008b732f3d0ad1"
        },
        {
          "url": "https://git.kernel.org/stable/c/8becb97918f04bb177bc9c4e00c2bdb302e00944"
        },
        {
          "url": "https://git.kernel.org/stable/c/21681b81b9ae548c5dae7ae00d931197a27f480c"
        }
      ],
      "title": "scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53282",
    "datePublished": "2025-09-16T08:11:16.083Z",
    "dateReserved": "2025-09-16T08:09:37.991Z",
    "dateUpdated": "2025-09-16T08:11:16.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/acpi_fpdt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "30eca146c89d216dda95868ce00a2d35cf73d5a4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "90bfc9ae875dfbed2e6089516520204cd431dba3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "16046a716c8e1f447909bec9b478d58e6e25e513",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "211391bf04b3c74e250c566eeff9cf808156c693",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/acpi_fpdt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: tables: FPDT: Don\u0027t call acpi_os_map_memory() on invalid phys address\n\nOn a Packard Bell Dot SC (Intel Atom N2600 model) there is a FPDT table\nwhich contains invalid physical addresses, with high bits set which fall\noutside the range of the CPU-s supported physical address range.\n\nCalling acpi_os_map_memory() on such an invalid phys address leads to\nthe below WARN_ON in ioremap triggering resulting in an oops/stacktrace.\n\nAdd code to verify the physical address before calling acpi_os_map_memory()\nto fix / avoid the oops.\n\n[    1.226900] ioremap: invalid physical address 3001000000000000\n[    1.226949] ------------[ cut here ]------------\n[    1.226962] WARNING: CPU: 1 PID: 1 at arch/x86/mm/ioremap.c:200 __ioremap_caller.cold+0x43/0x5f\n[    1.226996] Modules linked in:\n[    1.227016] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc3+ #490\n[    1.227029] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[    1.227038] RIP: 0010:__ioremap_caller.cold+0x43/0x5f\n[    1.227054] Code: 96 00 00 e9 f8 af 24 ff 89 c6 48 c7 c7 d8 0c 84 99 e8 6a 96 00 00 e9 76 af 24 ff 48 89 fe 48 c7 c7 a8 0c 84 99 e8 56 96 00 00 \u003c0f\u003e 0b e9 60 af 24 ff 48 8b 34 24 48 c7 c7 40 0d 84 99 e8 3f 96 00\n[    1.227067] RSP: 0000:ffffb18c40033d60 EFLAGS: 00010286\n[    1.227084] RAX: 0000000000000032 RBX: 3001000000000000 RCX: 0000000000000000\n[    1.227095] RDX: 0000000000000001 RSI: 00000000ffffdfff RDI: 00000000ffffffff\n[    1.227105] RBP: 3001000000000000 R08: 0000000000000000 R09: ffffb18c40033c18\n[    1.227115] R10: 0000000000000003 R11: ffffffff99d62fe8 R12: 0000000000000008\n[    1.227124] R13: 0003001000000000 R14: 0000000000001000 R15: 3001000000000000\n[    1.227135] FS:  0000000000000000(0000) GS:ffff913a3c080000(0000) knlGS:0000000000000000\n[    1.227146] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    1.227156] CR2: 0000000000000000 CR3: 0000000018c26000 CR4: 00000000000006e0\n[    1.227167] Call Trace:\n[    1.227176]  \u003cTASK\u003e\n[    1.227185]  ? acpi_os_map_iomem+0x1c9/0x1e0\n[    1.227215]  ? kmem_cache_alloc_trace+0x187/0x370\n[    1.227254]  acpi_os_map_iomem+0x1c9/0x1e0\n[    1.227288]  acpi_init_fpdt+0xa8/0x253\n[    1.227308]  ? acpi_debugfs_init+0x1f/0x1f\n[    1.227339]  do_one_initcall+0x5a/0x300\n[    1.227406]  ? rcu_read_lock_sched_held+0x3f/0x80\n[    1.227442]  kernel_init_freeable+0x28b/0x2cc\n[    1.227512]  ? rest_init+0x170/0x170\n[    1.227538]  kernel_init+0x16/0x140\n[    1.227552]  ret_from_fork+0x1f/0x30\n[    1.227639]  \u003c/TASK\u003e\n[    1.227647] irq event stamp: 186819\n[    1.227656] hardirqs last  enabled at (186825): [\u003cffffffff98184a6e\u003e] __up_console_sem+0x5e/0x70\n[    1.227672] hardirqs last disabled at (186830): [\u003cffffffff98184a53\u003e] __up_console_sem+0x43/0x70\n[    1.227686] softirqs last  enabled at (186576): [\u003cffffffff980fbc9d\u003e] __irq_exit_rcu+0xed/0x160\n[    1.227701] softirqs last disabled at (186569): [\u003cffffffff980fbc9d\u003e] __irq_exit_rcu+0xed/0x160\n[    1.227715] ---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:48:53.475Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/30eca146c89d216dda95868ce00a2d35cf73d5a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/90bfc9ae875dfbed2e6089516520204cd431dba3"
        },
        {
          "url": "https://git.kernel.org/stable/c/16046a716c8e1f447909bec9b478d58e6e25e513"
        },
        {
          "url": "https://git.kernel.org/stable/c/211391bf04b3c74e250c566eeff9cf808156c693"
        }
      ],
      "title": "ACPI: tables: FPDT: Don\u0027t call acpi_os_map_memory() on invalid phys address",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50320",
    "datePublished": "2025-09-15T14:48:53.475Z",
    "dateReserved": "2025-09-15T14:18:36.814Z",
    "dateUpdated": "2025-09-15T14:48:53.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
            "drivers/gpu/drm/amd/amdkfd/kfd_process.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "89f0d766c9e3fdeafbed6f855d433c2768cde862",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "a02c07b619899179384fde06f951530438a3512d",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h",
            "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
            "drivers/gpu/drm/amd/amdkfd/kfd_process.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.19",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.5",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix double release compute pasid\n\nIf kfd_process_device_init_vm returns failure after vm is converted to\ncompute vm and vm-\u003epasid set to compute pasid, KFD will not take\npdd-\u003edrm_file reference. As a result, drm close file handler maybe\ncalled to release the compute pasid before KFD process destroy worker to\nrelease the same pasid and set vm-\u003epasid to zero, this generates below\nWARNING backtrace and NULL pointer access.\n\nAdd helper amdgpu_amdkfd_gpuvm_set_vm_pasid and call it at the last step\nof kfd_process_device_init_vm, to ensure vm pasid is the original pasid\nif acquiring vm failed or is the compute pasid with pdd-\u003edrm_file\nreference taken to avoid double release same pasid.\n\n amdgpu: Failed to create process VM object\n ida_free called for id=32770 which is not allocated.\n WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 ida_free+0x96/0x140\n RIP: 0010:ida_free+0x96/0x140\n Call Trace:\n  amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n  amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n  drm_file_free.part.13+0x216/0x270 [drm]\n  drm_close_helper.isra.14+0x60/0x70 [drm]\n  drm_release+0x6e/0xf0 [drm]\n  __fput+0xcc/0x280\n  ____fput+0xe/0x20\n  task_work_run+0x96/0xc0\n  do_exit+0x3d0/0xc10\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n RIP: 0010:ida_free+0x76/0x140\n Call Trace:\n  amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n  amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n  drm_file_free.part.13+0x216/0x270 [drm]\n  drm_close_helper.isra.14+0x60/0x70 [drm]\n  drm_release+0x6e/0xf0 [drm]\n  __fput+0xcc/0x280\n  ____fput+0xe/0x20\n  task_work_run+0x96/0xc0\n  do_exit+0x3d0/0xc10"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:05.373Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/89f0d766c9e3fdeafbed6f855d433c2768cde862"
        },
        {
          "url": "https://git.kernel.org/stable/c/a02c07b619899179384fde06f951530438a3512d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"
        }
      ],
      "title": "drm/amdkfd: Fix double release compute pasid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50303",
    "datePublished": "2025-09-15T14:45:58.735Z",
    "dateReserved": "2025-09-15T14:18:36.812Z",
    "dateUpdated": "2025-09-16T08:02:05.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/zdata.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "597fb60c75132719687e173b75cab8f6eb1ca657",
              "status": "affected",
              "version": "aea1286dcbbb87cf33595c2ac8b153c29a4611cb",
              "versionType": "git"
            },
            {
              "lessThan": "12d0a24afd9ea58e581ea64d64e066f2027b28d9",
              "status": "affected",
              "version": "aea1286dcbbb87cf33595c2ac8b153c29a4611cb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/zdata.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.7",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: Fix detection of atomic context\n\nCurrent check for atomic context is not sufficient as\nz_erofs_decompressqueue_endio can be called under rcu lock\nfrom blk_mq_flush_plug_list(). See the stacktrace [1]\n\nIn such case we should hand off the decompression work for async\nprocessing rather than trying to do sync decompression in current\ncontext. Patch fixes the detection by checking for\nrcu_read_lock_any_held() and while at it use more appropriate\n!in_task() check than in_atomic().\n\nBackground: Historically erofs would always schedule a kworker for\ndecompression which would incur the scheduling cost regardless of\nthe context. But z_erofs_decompressqueue_endio() may not always\nbe in atomic context and we could actually benefit from doing the\ndecompression in z_erofs_decompressqueue_endio() if we are in\nthread context, for example when running with dm-verity.\nThis optimization was later added in patch [2] which has shown\nimprovement in performance benchmarks.\n\n==============================================\n[1] Problem stacktrace\n[name:core\u0026]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291\n[name:core\u0026]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi\n[name:core\u0026]preempt_count: 0, expected: 0\n[name:core\u0026]RCU nest depth: 1, expected: 0\nCPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S      W  OE      6.1.25-android14-5-maybe-dirty-mainline #1\nHardware name: MT6897 (DT)\nCall trace:\n dump_backtrace+0x108/0x15c\n show_stack+0x20/0x30\n dump_stack_lvl+0x6c/0x8c\n dump_stack+0x20/0x48\n __might_resched+0x1fc/0x308\n __might_sleep+0x50/0x88\n mutex_lock+0x2c/0x110\n z_erofs_decompress_queue+0x11c/0xc10\n z_erofs_decompress_kickoff+0x110/0x1a4\n z_erofs_decompressqueue_endio+0x154/0x180\n bio_endio+0x1b0/0x1d8\n __dm_io_complete+0x22c/0x280\n clone_endio+0xe4/0x280\n bio_endio+0x1b0/0x1d8\n blk_update_request+0x138/0x3a4\n blk_mq_plug_issue_direct+0xd4/0x19c\n blk_mq_flush_plug_list+0x2b0/0x354\n __blk_flush_plug+0x110/0x160\n blk_finish_plug+0x30/0x4c\n read_pages+0x2fc/0x370\n page_cache_ra_unbounded+0xa4/0x23c\n page_cache_ra_order+0x290/0x320\n do_sync_mmap_readahead+0x108/0x2c0\n filemap_fault+0x19c/0x52c\n __do_fault+0xc4/0x114\n handle_mm_fault+0x5b4/0x1168\n do_page_fault+0x338/0x4b4\n do_translation_fault+0x40/0x60\n do_mem_abort+0x60/0xc8\n el0_da+0x4c/0xe0\n el0t_64_sync_handler+0xd4/0xfc\n el0t_64_sync+0x1a0/0x1a4\n\n[2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:24.954Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/597fb60c75132719687e173b75cab8f6eb1ca657"
        },
        {
          "url": "https://git.kernel.org/stable/c/12d0a24afd9ea58e581ea64d64e066f2027b28d9"
        }
      ],
      "title": "erofs: Fix detection of atomic context",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53231",
    "datePublished": "2025-09-15T14:22:03.599Z",
    "dateReserved": "2025-09-15T14:19:21.847Z",
    "dateUpdated": "2025-09-16T08:02:24.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/hugetlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3e50a07b6a5fcd39df1534d3fdaca4292a65efe6",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "lessThan": "629c986e19fe9481227c7cdfd9a105bbc104d245",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "lessThan": "2b35432d324898ec41beb27031d2a1a864a4d40e",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "lessThan": "11993652d0b49e27272db0a37aa828d8a3a4b92b",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "lessThan": "568e3812b1778b4c0c229649b59977d88f400ece",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "lessThan": "112a005d1ded04a4b41b6d01833cc0bda90625cc",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "lessThan": "c828fab903725279aa9dc6ae3d44bb7e4778f92c",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "lessThan": "12df140f0bdfae5dcfc81800970dd7f6f632e00c",
              "status": "affected",
              "version": "a88c769548047b21f76fd71e04b6a3300ff17160",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3f5fae4d1a3189d95b02b4b45e1218df147122bc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/hugetlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "lessThan": "4.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.332",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.298",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.264",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.332",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.298",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.264",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.223",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.153",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.76",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.6",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm,hugetlb: take hugetlb_lock before decrementing h-\u003eresv_huge_pages\n\nThe h-\u003e*_huge_pages counters are protected by the hugetlb_lock, but\nalloc_huge_page has a corner case where it can decrement the counter\noutside of the lock.\n\nThis could lead to a corrupted value of h-\u003eresv_huge_pages, which we have\nobserved on our systems.\n\nTake the hugetlb_lock before decrementing h-\u003eresv_huge_pages to avoid a\npotential race."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:21.504Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3e50a07b6a5fcd39df1534d3fdaca4292a65efe6"
        },
        {
          "url": "https://git.kernel.org/stable/c/629c986e19fe9481227c7cdfd9a105bbc104d245"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b35432d324898ec41beb27031d2a1a864a4d40e"
        },
        {
          "url": "https://git.kernel.org/stable/c/11993652d0b49e27272db0a37aa828d8a3a4b92b"
        },
        {
          "url": "https://git.kernel.org/stable/c/568e3812b1778b4c0c229649b59977d88f400ece"
        },
        {
          "url": "https://git.kernel.org/stable/c/112a005d1ded04a4b41b6d01833cc0bda90625cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/c828fab903725279aa9dc6ae3d44bb7e4778f92c"
        },
        {
          "url": "https://git.kernel.org/stable/c/12df140f0bdfae5dcfc81800970dd7f6f632e00c"
        }
      ],
      "title": "mm,hugetlb: take hugetlb_lock before decrementing h-\u003eresv_huge_pages",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50285",
    "datePublished": "2025-09-15T14:21:21.504Z",
    "dateReserved": "2025-09-15T13:58:00.977Z",
    "dateUpdated": "2025-09-15T14:21:21.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/memory/of_memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a4d0bd4388e1a39df47e8aaa044ef6a7ee626e48",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "a4f7eb83852a65b6f8dea7dcc42b7c76d4d9b0a3",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "68c9c4e6495b825be3a8946df1a0148399555fe4",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "85a40bfb8e7a170abcf9dae2c0898a1983e48daa",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "daaec4b3fe2297b022c6b2d6bf48b6e5265a60b9",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "2680690f9ce4e6abbb4f559e97271c15b7eeda97",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "62ccab6e3376f8a22167c3b81468ae4f3e7d25f1",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "1c6cac6fa4d08aea161f83d38117d733b3c3a000",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            },
            {
              "lessThan": "05215fb32010d4afb68fbdbb4d237df6e2d4567b",
              "status": "affected",
              "version": "e6b42eb6a66c188642aeb447312938c6f6ebee86",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/memory/of_memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.331",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.331",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.296",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.262",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.220",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.150",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: of: Fix refcount leak bug in of_get_ddr_timings()\n\nWe should add the of_node_put() when breaking out of\nfor_each_child_of_node() as it will automatically increase\nand decrease the refcount."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:02:09.213Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a4d0bd4388e1a39df47e8aaa044ef6a7ee626e48"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4f7eb83852a65b6f8dea7dcc42b7c76d4d9b0a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/68c9c4e6495b825be3a8946df1a0148399555fe4"
        },
        {
          "url": "https://git.kernel.org/stable/c/85a40bfb8e7a170abcf9dae2c0898a1983e48daa"
        },
        {
          "url": "https://git.kernel.org/stable/c/daaec4b3fe2297b022c6b2d6bf48b6e5265a60b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/2680690f9ce4e6abbb4f559e97271c15b7eeda97"
        },
        {
          "url": "https://git.kernel.org/stable/c/62ccab6e3376f8a22167c3b81468ae4f3e7d25f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c6cac6fa4d08aea161f83d38117d733b3c3a000"
        },
        {
          "url": "https://git.kernel.org/stable/c/05215fb32010d4afb68fbdbb4d237df6e2d4567b"
        }
      ],
      "title": "memory: of: Fix refcount leak bug in of_get_ddr_timings()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50249",
    "datePublished": "2025-09-15T14:02:09.213Z",
    "dateReserved": "2025-09-15T13:58:00.972Z",
    "dateUpdated": "2025-09-15T14:02:09.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skbuff.h",
            "io_uring/rsrc.c",
            "net/unix/garbage.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "04df9719df1865f6770af9bc7880874af0e594b2",
              "status": "affected",
              "version": "6b06314c47e141031be043539900d80d2c7ba10f",
              "versionType": "git"
            },
            {
              "lessThan": "c378c479c5175833bb22ff71974cda47d7b05401",
              "status": "affected",
              "version": "6b06314c47e141031be043539900d80d2c7ba10f",
              "versionType": "git"
            },
            {
              "lessThan": "813d8fe5d30388f73a21d3a2bf46b0a1fd72498c",
              "status": "affected",
              "version": "6b06314c47e141031be043539900d80d2c7ba10f",
              "versionType": "git"
            },
            {
              "lessThan": "b4293c01ee0d0ecdd3cb5801e13f62271144667a",
              "status": "affected",
              "version": "6b06314c47e141031be043539900d80d2c7ba10f",
              "versionType": "git"
            },
            {
              "lessThan": "75e94c7e8859e58aadc15a98cc9704edff47d4f2",
              "status": "affected",
              "version": "6b06314c47e141031be043539900d80d2c7ba10f",
              "versionType": "git"
            },
            {
              "lessThan": "0091bfc81741b8d3aeb3b7ab8636f911b2de6e80",
              "status": "affected",
              "version": "6b06314c47e141031be043539900d80d2c7ba10f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skbuff.h",
            "io_uring/rsrc.c",
            "net/unix/garbage.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.220",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.150",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/af_unix: defer registered files gc to io_uring release\n\nInstead of putting io_uring\u0027s registered files in unix_gc() we want it\nto be done by io_uring itself. The trick here is to consider io_uring\nregistered files for cycle detection but not actually putting them down.\nBecause io_uring can\u0027t register other ring instances, this will remove\nall refs to the ring file triggering the -\u003erelease path and clean up\nwith io_ring_ctx_free().\n\n[axboe: add kerneldoc comment to skb, fold in skb leak fix]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:01:38.199Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/04df9719df1865f6770af9bc7880874af0e594b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/c378c479c5175833bb22ff71974cda47d7b05401"
        },
        {
          "url": "https://git.kernel.org/stable/c/813d8fe5d30388f73a21d3a2bf46b0a1fd72498c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4293c01ee0d0ecdd3cb5801e13f62271144667a"
        },
        {
          "url": "https://git.kernel.org/stable/c/75e94c7e8859e58aadc15a98cc9704edff47d4f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80"
        }
      ],
      "title": "io_uring/af_unix: defer registered files gc to io_uring release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50234",
    "datePublished": "2025-09-15T14:01:38.199Z",
    "dateReserved": "2025-06-18T10:57:27.432Z",
    "dateUpdated": "2025-09-15T14:01:38.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/iostat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "aa4d726af72a21732ce120484e0b1240674a13b3",
              "status": "affected",
              "version": "a4b6817625e71d5d4aee16cacf7a7fec077c6dbe",
              "versionType": "git"
            },
            {
              "lessThan": "22ddbbff116ee7dce5431feb1c0f36a507d2d68d",
              "status": "affected",
              "version": "a4b6817625e71d5d4aee16cacf7a7fec077c6dbe",
              "versionType": "git"
            },
            {
              "lessThan": "20b4f3de0f3932f71b4a8daf0671e517a8d98022",
              "status": "affected",
              "version": "a4b6817625e71d5d4aee16cacf7a7fec077c6dbe",
              "versionType": "git"
            },
            {
              "lessThan": "0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592",
              "status": "affected",
              "version": "a4b6817625e71d5d4aee16cacf7a7fec077c6dbe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/iostat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.100",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.18",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.5",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential memory corruption in __update_iostat_latency()\n\nAdd iotype sanity check to avoid potential memory corruption.\nThis is to fix the compile error below:\n\nfs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow\n\u0027io_lat-\u003epeak_lat[type]\u0027 3 \u003c= 3\n\nvim +228 fs/f2fs/iostat.c\n\n  211  static inline void __update_iostat_latency(struct bio_iostat_ctx\n\t*iostat_ctx,\n  212\t\t\t\t\tenum iostat_lat_type type)\n  213  {\n  214\t\tunsigned long ts_diff;\n  215\t\tunsigned int page_type = iostat_ctx-\u003etype;\n  216\t\tstruct f2fs_sb_info *sbi = iostat_ctx-\u003esbi;\n  217\t\tstruct iostat_lat_info *io_lat = sbi-\u003eiostat_io_lat;\n  218\t\tunsigned long flags;\n  219\n  220\t\tif (!sbi-\u003eiostat_enable)\n  221\t\t\treturn;\n  222\n  223\t\tts_diff = jiffies - iostat_ctx-\u003esubmit_ts;\n  224\t\tif (page_type \u003e= META_FLUSH)\n                                 ^^^^^^^^^^\n\n  225\t\t\tpage_type = META;\n  226\n  227\t\tspin_lock_irqsave(\u0026sbi-\u003eiostat_lat_lock, flags);\n @228\t\tio_lat-\u003esum_lat[type][page_type] += ts_diff;\n                                      ^^^^^^^^^\nMixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:42.331Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/aa4d726af72a21732ce120484e0b1240674a13b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/22ddbbff116ee7dce5431feb1c0f36a507d2d68d"
        },
        {
          "url": "https://git.kernel.org/stable/c/20b4f3de0f3932f71b4a8daf0671e517a8d98022"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592"
        }
      ],
      "title": "f2fs: fix to avoid potential memory corruption in __update_iostat_latency()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53214",
    "datePublished": "2025-09-15T14:21:42.331Z",
    "dateReserved": "2025-09-15T14:19:21.845Z",
    "dateUpdated": "2025-09-15T14:21:42.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/dev.c",
            "net/openvswitch/actions.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9b0dd09c1ceb35950d2884848099fccc9ec9a123",
              "status": "affected",
              "version": "7f8a436eaa2c3ddd8e1ff2fbca267e6275085536",
              "versionType": "git"
            },
            {
              "lessThan": "284be5db6c8d06d247ed056cfc448c4f79bbb16c",
              "status": "affected",
              "version": "7f8a436eaa2c3ddd8e1ff2fbca267e6275085536",
              "versionType": "git"
            },
            {
              "lessThan": "5efcb301523baacd98a47553d4996e924923114d",
              "status": "affected",
              "version": "7f8a436eaa2c3ddd8e1ff2fbca267e6275085536",
              "versionType": "git"
            },
            {
              "lessThan": "644b3051b06ba465bc7401bfae9b14963cbc8c1c",
              "status": "affected",
              "version": "7f8a436eaa2c3ddd8e1ff2fbca267e6275085536",
              "versionType": "git"
            },
            {
              "lessThan": "56252da41426f3d01957456f13caf46ce670ea29",
              "status": "affected",
              "version": "7f8a436eaa2c3ddd8e1ff2fbca267e6275085536",
              "versionType": "git"
            },
            {
              "lessThan": "066b86787fa3d97b7aefb5ac0a99a22dad2d15f8",
              "status": "affected",
              "version": "7f8a436eaa2c3ddd8e1ff2fbca267e6275085536",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/dev.c",
            "net/openvswitch/actions.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.25",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.293",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.25",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.12",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix race on port output\n\nassume the following setup on a single machine:\n1. An openvswitch instance with one bridge and default flows\n2. two network namespaces \"server\" and \"client\"\n3. two ovs interfaces \"server\" and \"client\" on the bridge\n4. for each ovs interface a veth pair with a matching name and 32 rx and\n   tx queues\n5. move the ends of the veth pairs to the respective network namespaces\n6. assign ip addresses to each of the veth ends in the namespaces (needs\n   to be the same subnet)\n7. start some http server on the server network namespace\n8. test if a client in the client namespace can reach the http server\n\nwhen following the actions below the host has a chance of getting a cpu\nstuck in a infinite loop:\n1. send a large amount of parallel requests to the http server (around\n   3000 curls should work)\n2. in parallel delete the network namespace (do not delete interfaces or\n   stop the server, just kill the namespace)\n\nthere is a low chance that this will cause the below kernel cpu stuck\nmessage. If this does not happen just retry.\nBelow there is also the output of bpftrace for the functions mentioned\nin the output.\n\nThe series of events happening here is:\n1. the network namespace is deleted calling\n   `unregister_netdevice_many_notify` somewhere in the process\n2. this sets first `NETREG_UNREGISTERING` on both ends of the veth and\n   then runs `synchronize_net`\n3. it then calls `call_netdevice_notifiers` with `NETDEV_UNREGISTER`\n4. this is then handled by `dp_device_event` which calls\n   `ovs_netdev_detach_dev` (if a vport is found, which is the case for\n   the veth interface attached to ovs)\n5. this removes the rx_handlers of the device but does not prevent\n   packages to be sent to the device\n6. `dp_device_event` then queues the vport deletion to work in\n   background as a ovs_lock is needed that we do not hold in the\n   unregistration path\n7. `unregister_netdevice_many_notify` continues to call\n   `netdev_unregister_kobject` which sets `real_num_tx_queues` to 0\n8. port deletion continues (but details are not relevant for this issue)\n9. at some future point the background task deletes the vport\n\nIf after 7. but before 9. a packet is send to the ovs vport (which is\nnot deleted at this point in time) which forwards it to the\n`dev_queue_xmit` flow even though the device is unregistering.\nIn `skb_tx_hash` (which is called in the `dev_queue_xmit`) path there is\na while loop (if the packet has a rx_queue recorded) that is infinite if\n`dev-\u003ereal_num_tx_queues` is zero.\n\nTo prevent this from happening we update `do_output` to handle devices\nwithout carrier the same as if the device is not found (which would\nbe the code path after 9. is done).\n\nAdditionally we now produce a warning in `skb_tx_hash` if we will hit\nthe infinite loop.\n\nbpftrace (first word is function name):\n\n__dev_queue_xmit server: real_num_tx_queues: 1, cpu: 2, pid: 28024, tid: 28024, skb_addr: 0xffff9edb6f207000, reg_state: 1\nnetdev_core_pick_tx server: addr: 0xffff9f0a46d4a000 real_num_tx_queues: 1, cpu: 2, pid: 28024, tid: 28024, skb_addr: 0xffff9edb6f207000, reg_state: 1\ndp_device_event server: real_num_tx_queues: 1 cpu 9, pid: 21024, tid: 21024, event 2, reg_state: 1\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\ndp_device_event server: real_num_tx_queues: 1 cpu 9, pid: 21024, tid: 21024, event 6, reg_state: 2\novs_netdev_detach_dev server: real_num_tx_queues: 1 cpu 9, pid: 21024, tid: 21024, reg_state: 2\nnetdev_rx_handler_unregister server: real_num_tx_queues: 1, cpu: 9, pid: 21024, tid: 21024, reg_state: 2\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nnetdev_rx_handler_unregister ret server: real_num_tx_queues: 1, cpu: 9, pid: 21024, tid: 21024, reg_state: 2\ndp_\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:04:52.248Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9b0dd09c1ceb35950d2884848099fccc9ec9a123"
        },
        {
          "url": "https://git.kernel.org/stable/c/284be5db6c8d06d247ed056cfc448c4f79bbb16c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5efcb301523baacd98a47553d4996e924923114d"
        },
        {
          "url": "https://git.kernel.org/stable/c/644b3051b06ba465bc7401bfae9b14963cbc8c1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/56252da41426f3d01957456f13caf46ce670ea29"
        },
        {
          "url": "https://git.kernel.org/stable/c/066b86787fa3d97b7aefb5ac0a99a22dad2d15f8"
        }
      ],
      "title": "net: openvswitch: fix race on port output",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53188",
    "datePublished": "2025-09-15T14:04:52.248Z",
    "dateReserved": "2025-09-15T13:59:19.066Z",
    "dateUpdated": "2025-09-15T14:04:52.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cifs/cifsfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8cd7dbc9c46d51e00a0a8372e07cc1cbb8d24a77",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8afb1fabcec1929db46977e84baeee0cc0e79242",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "657d7c215ca974d366ab1808213f716e1e3aa950",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "26a32a212bc540f4773cd6af8cf73e967d72569c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b64305185b76f1d5145ce594ff48f3f0e70695bd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b7d854c33ab48e55fc233699bbefe39ec9bb5c05",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1e144b68208e98fd4602c842a7149ba5f41d87fb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "179a88a8558bbf42991d361595281f3e45d7edfc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cifs/cifsfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.240",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.177",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.106",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.312",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.280",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.240",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.177",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.106",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL\n\nWhen compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount\nis NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to\nS_AUTOMOUNT and corresponding dentry flags is retained regardless of\nCONFIG_CIFS_DFS_UPCALL, leading to a NULL pointer dereference in\nVFS follow_automount() when traversing a DFS referral link:\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\n  ...\n  Call Trace:\n   \u003cTASK\u003e\n   __traverse_mounts+0xb5/0x220\n   ? cifs_revalidate_mapping+0x65/0xc0 [cifs]\n   step_into+0x195/0x610\n   ? lookup_fast+0xe2/0xf0\n   path_lookupat+0x64/0x140\n   filename_lookup+0xc2/0x140\n   ? __create_object+0x299/0x380\n   ? kmem_cache_alloc+0x119/0x220\n   ? user_path_at_empty+0x31/0x50\n   user_path_at_empty+0x31/0x50\n   __x64_sys_chdir+0x2a/0xd0\n   ? exit_to_user_mode_prepare+0xca/0x100\n   do_syscall_64+0x42/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThis fix adds an inline cifs_dfs_d_automount() {return -EREMOTE} handler\nwhen CONFIG_CIFS_DFS_UPCALL is disabled. An alternative would be to\navoid flagging S_AUTOMOUNT, etc. without CONFIG_CIFS_DFS_UPCALL. This\napproach was chosen as it provides more control over the error path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:46:15.977Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8cd7dbc9c46d51e00a0a8372e07cc1cbb8d24a77"
        },
        {
          "url": "https://git.kernel.org/stable/c/8afb1fabcec1929db46977e84baeee0cc0e79242"
        },
        {
          "url": "https://git.kernel.org/stable/c/657d7c215ca974d366ab1808213f716e1e3aa950"
        },
        {
          "url": "https://git.kernel.org/stable/c/26a32a212bc540f4773cd6af8cf73e967d72569c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b64305185b76f1d5145ce594ff48f3f0e70695bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7d854c33ab48e55fc233699bbefe39ec9bb5c05"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e144b68208e98fd4602c842a7149ba5f41d87fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/179a88a8558bbf42991d361595281f3e45d7edfc"
        }
      ],
      "title": "cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53246",
    "datePublished": "2025-09-15T14:46:15.977Z",
    "dateReserved": "2025-09-15T14:19:21.848Z",
    "dateUpdated": "2025-09-15T14:46:15.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/block-group.c",
            "fs/btrfs/block-group.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6297644db23f77c02ae7961cc542d162629ae2c4",
              "status": "affected",
              "version": "01eca70ef8cf499d0cb6d1bbd691558e7792cf17",
              "versionType": "git"
            },
            {
              "lessThan": "7569c4294ba6ff9f194635b14876198f8a687c4a",
              "status": "affected",
              "version": "5d19abcffd8404078dfa7d7118cec357b5e7bc58",
              "versionType": "git"
            },
            {
              "lessThan": "0657b20c5a76c938612f8409735a8830d257866e",
              "status": "affected",
              "version": "a9f189716cf15913c453299d72f69c51a9b0f86b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "edf3b5aadb2515c808200b904baa5b70a727f0ac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/block-group.c",
            "fs/btrfs/block-group.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux"
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.128",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of new block group that became unused\n\nIf a task creates a new block group and that block group becomes unused\nbefore we finish its creation, at btrfs_create_pending_block_groups(),\nthen when btrfs_mark_bg_unused() is called against the block group, we\nassume that the block group is currently in the list of block groups to\nreclaim, and we move it out of the list of new block groups and into the\nlist of unused block groups. This has two consequences:\n\n1) We move it out of the list of new block groups associated to the\n   current transaction. So the block group creation is not finished and\n   if we attempt to delete the bg because it\u0027s unused, we will not find\n   the block group item in the extent tree (or the new block group tree),\n   its device extent items in the device tree etc, resulting in the\n   deletion to fail due to the missing items;\n\n2) We don\u0027t increment the reference count on the block group when we\n   move it to the list of unused block groups, because we assumed the\n   block group was on the list of block groups to reclaim, and in that\n   case it already has the correct reference count. However the block\n   group was on the list of new block groups, in which case no extra\n   reference was taken because it\u0027s local to the current task. This\n   later results in doing an extra reference count decrement when\n   removing the block group from the unused list, eventually leading the\n   reference count to 0.\n\nThis second case was caught when running generic/297 from fstests, which\nproduced the following assertion failure and stack trace:\n\n  [589.559] assertion failed: refcount_read(\u0026block_group-\u003erefs) == 1, in fs/btrfs/block-group.c:4299\n  [589.559] ------------[ cut here ]------------\n  [589.559] kernel BUG at fs/btrfs/block-group.c:4299!\n  [589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n  [589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G        W          6.4.0-rc6-btrfs-next-134+ #1\n  [589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n  [589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n  [589.561] Code: 68 62 da c0 (...)\n  [589.561] RSP: 0018:ffffa55a8c3b3d98 EFLAGS: 00010246\n  [589.561] RAX: 0000000000000058 RBX: ffff8f030d7f2000 RCX: 0000000000000000\n  [589.562] RDX: 0000000000000000 RSI: ffffffff953f0878 RDI: 00000000ffffffff\n  [589.562] RBP: ffff8f030d7f2088 R08: 0000000000000000 R09: ffffa55a8c3b3c50\n  [589.562] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8f05850b4c00\n  [589.562] R13: ffff8f030d7f2090 R14: ffff8f05850b4cd8 R15: dead000000000100\n  [589.563] FS:  00007f497fd2e840(0000) GS:ffff8f09dfc00000(0000) knlGS:0000000000000000\n  [589.563] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [589.563] CR2: 00007f497ff8ec10 CR3: 0000000271472006 CR4: 0000000000370ee0\n  [589.563] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  [589.564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  [589.564] Call Trace:\n  [589.564]  \u003cTASK\u003e\n  [589.565]  ? __die_body+0x1b/0x60\n  [589.565]  ? die+0x39/0x60\n  [589.565]  ? do_trap+0xeb/0x110\n  [589.565]  ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n  [589.566]  ? do_error_trap+0x6a/0x90\n  [589.566]  ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n  [589.566]  ? exc_invalid_op+0x4e/0x70\n  [589.566]  ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n  [589.567]  ? asm_exc_invalid_op+0x16/0x20\n  [589.567]  ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n  [589.567]  ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n  [589.567]  close_ctree+0x35d/0x560 [btrfs]\n  [589.568]  ? fsnotify_sb_delete+0x13e/0x1d0\n  [589.568]  ? dispose_list+0x3a/0x50\n  [589.568]  ? evict_inodes+0x151/0x1a0\n  [589.568]  generic_shutdown_super+0x73/0x1a0\n  [589.569]  kill_anon_super+0x14/0x30\n  [589.569]  btrfs_kill_super+0x12/0x20 [btrfs]\n  [589.569]  deactivate_locked\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:04:40.019Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6297644db23f77c02ae7961cc542d162629ae2c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/7569c4294ba6ff9f194635b14876198f8a687c4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0657b20c5a76c938612f8409735a8830d257866e"
        }
      ],
      "title": "btrfs: fix use-after-free of new block group that became unused",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53187",
    "datePublished": "2025-09-15T14:04:40.019Z",
    "dateReserved": "2025-09-15T13:59:19.066Z",
    "dateUpdated": "2025-09-15T14:04:40.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/mediatek/clk-mt8183.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "45d69917a4af6c869193f95932dc6d6f15d5ef86",
              "status": "affected",
              "version": "3f37ba7cc385ba07762ffcd7ac38af8c0f84dd3e",
              "versionType": "git"
            },
            {
              "lessThan": "1eb8d61ac5c9c7ec56bb96d433532807509b9288",
              "status": "affected",
              "version": "3f37ba7cc385ba07762ffcd7ac38af8c0f84dd3e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/mediatek/clk-mt8183.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.10",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt8183: Add back SSPM related clocks\n\nThis reverts commit 860690a93ef23b567f781c1b631623e27190f101.\n\nOn the MT8183, the SSPM related clocks were removed claiming a lack of\nusage. This however causes some issues when the driver was converted to\nthe new simple-probe mechanism. This mechanism allocates enough space\nfor all the clocks defined in the clock driver, not the highest index\nin the DT binding. This leads to out-of-bound writes if their are holes\nin the DT binding or the driver (due to deprecated or unimplemented\nclocks). These errors can go unnoticed and cause memory corruption,\nleading to crashes in unrelated areas, or nothing at all. KASAN will\ndetect them.\n\nAdd the SSPM related clocks back to the MT8183 clock driver to fully\nimplement the DT binding. The SSPM clocks are for the power management\nco-processor, and should never be turned off. They are marked as such."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:11:09.549Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/45d69917a4af6c869193f95932dc6d6f15d5ef86"
        },
        {
          "url": "https://git.kernel.org/stable/c/1eb8d61ac5c9c7ec56bb96d433532807509b9288"
        }
      ],
      "title": "clk: mediatek: mt8183: Add back SSPM related clocks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53274",
    "datePublished": "2025-09-16T08:11:09.549Z",
    "dateReserved": "2025-09-16T08:09:37.990Z",
    "dateUpdated": "2025-09-16T08:11:09.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/meson/meson_drv.c",
            "drivers/gpu/drm/meson/meson_drv.h",
            "drivers/gpu/drm/meson/meson_encoder_cvbs.c",
            "drivers/gpu/drm/meson/meson_encoder_cvbs.h",
            "drivers/gpu/drm/meson/meson_encoder_hdmi.c",
            "drivers/gpu/drm/meson/meson_encoder_hdmi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "de2b6ebe0cb7746b5b6b35d79e150d934392b958",
              "status": "affected",
              "version": "bbbe775ec5b5dace43a35886da9924837da09ddd",
              "versionType": "git"
            },
            {
              "lessThan": "fc1fd114dde3d2623ac37676df3d74ffeedb0da8",
              "status": "affected",
              "version": "bbbe775ec5b5dace43a35886da9924837da09ddd",
              "versionType": "git"
            },
            {
              "lessThan": "09847723c12fc2753749cec3939a02ee92dac468",
              "status": "affected",
              "version": "bbbe775ec5b5dace43a35886da9924837da09ddd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/meson/meson_drv.c",
            "drivers/gpu/drm/meson/meson_drv.h",
            "drivers/gpu/drm/meson/meson_encoder_cvbs.c",
            "drivers/gpu/drm/meson/meson_encoder_cvbs.h",
            "drivers/gpu/drm/meson/meson_encoder_hdmi.c",
            "drivers/gpu/drm/meson/meson_encoder_hdmi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: remove drm bridges at aggregate driver unbind time\n\ndrm bridges added by meson_encoder_hdmi_init and meson_encoder_cvbs_init\nwere not manually removed at module unload time, which caused dangling\nreferences to freed memory to remain linked in the global bridge_list.\n\nWhen loading the driver modules back in, the same functions would again\ncall drm_bridge_add, and when traversing the global bridge_list, would\nend up peeking into freed memory.\n\nOnce again KASAN revealed the problem:\n\n[  +0.000095] =============================================================\n[  +0.000008] BUG: KASAN: use-after-free in __list_add_valid+0x9c/0x120\n[  +0.000018] Read of size 8 at addr ffff00003da291f0 by task modprobe/2483\n\n[  +0.000018] CPU: 3 PID: 2483 Comm: modprobe Tainted: G         C O      5.19.0-rc6-lrmbkasan+ #1\n[  +0.000011] Hardware name: Hardkernel ODROID-N2Plus (DT)\n[  +0.000008] Call trace:\n[  +0.000006]  dump_backtrace+0x1ec/0x280\n[  +0.000012]  show_stack+0x24/0x80\n[  +0.000008]  dump_stack_lvl+0x98/0xd4\n[  +0.000011]  print_address_description.constprop.0+0x80/0x520\n[  +0.000011]  print_report+0x128/0x260\n[  +0.000008]  kasan_report+0xb8/0xfc\n[  +0.000008]  __asan_report_load8_noabort+0x3c/0x50\n[  +0.000009]  __list_add_valid+0x9c/0x120\n[  +0.000009]  drm_bridge_add+0x6c/0x104 [drm]\n[  +0.000165]  dw_hdmi_probe+0x1900/0x2360 [dw_hdmi]\n[  +0.000022]  meson_dw_hdmi_bind+0x520/0x814 [meson_dw_hdmi]\n[  +0.000014]  component_bind+0x174/0x520\n[  +0.000012]  component_bind_all+0x1a8/0x38c\n[  +0.000010]  meson_drv_bind_master+0x5e8/0xb74 [meson_drm]\n[  +0.000032]  meson_drv_bind+0x20/0x2c [meson_drm]\n[  +0.000027]  try_to_bring_up_aggregate_device+0x19c/0x390\n[  +0.000010]  component_master_add_with_match+0x1c8/0x284\n[  +0.000009]  meson_drv_probe+0x274/0x280 [meson_drm]\n[  +0.000026]  platform_probe+0xd0/0x220\n[  +0.000009]  really_probe+0x3ac/0xa80\n[  +0.000009]  __driver_probe_device+0x1f8/0x400\n[  +0.000009]  driver_probe_device+0x68/0x1b0\n[  +0.000009]  __driver_attach+0x20c/0x480\n[  +0.000008]  bus_for_each_dev+0x114/0x1b0\n[  +0.000009]  driver_attach+0x48/0x64\n[  +0.000008]  bus_add_driver+0x390/0x564\n[  +0.000009]  driver_register+0x1a8/0x3e4\n[  +0.000009]  __platform_driver_register+0x6c/0x94\n[  +0.000008]  meson_drm_platform_driver_init+0x3c/0x1000 [meson_drm]\n[  +0.000027]  do_one_initcall+0xc4/0x2b0\n[  +0.000011]  do_init_module+0x154/0x570\n[  +0.000011]  load_module+0x1a78/0x1ea4\n[  +0.000008]  __do_sys_init_module+0x184/0x1cc\n[  +0.000009]  __arm64_sys_init_module+0x78/0xb0\n[  +0.000009]  invoke_syscall+0x74/0x260\n[  +0.000009]  el0_svc_common.constprop.0+0xcc/0x260\n[  +0.000008]  do_el0_svc+0x50/0x70\n[  +0.000007]  el0_svc+0x68/0x1a0\n[  +0.000012]  el0t_64_sync_handler+0x11c/0x150\n[  +0.000008]  el0t_64_sync+0x18c/0x190\n\n[  +0.000016] Allocated by task 879:\n[  +0.000008]  kasan_save_stack+0x2c/0x5c\n[  +0.000011]  __kasan_kmalloc+0x90/0xd0\n[  +0.000007]  __kmalloc+0x278/0x4a0\n[  +0.000011]  mpi_resize+0x13c/0x1d0\n[  +0.000011]  mpi_powm+0xd24/0x1570\n[  +0.000009]  rsa_enc+0x1a4/0x30c\n[  +0.000009]  pkcs1pad_verify+0x3f0/0x580\n[  +0.000009]  public_key_verify_signature+0x7a8/0xba4\n[  +0.000010]  public_key_verify_signature_2+0x40/0x60\n[  +0.000008]  verify_signature+0xb4/0x114\n[  +0.000008]  pkcs7_validate_trust_one.constprop.0+0x3b8/0x574\n[  +0.000009]  pkcs7_validate_trust+0xb8/0x15c\n[  +0.000008]  verify_pkcs7_message_sig+0xec/0x1b0\n[  +0.000012]  verify_pkcs7_signature+0x78/0xac\n[  +0.000007]  mod_verify_sig+0x110/0x190\n[  +0.000009]  module_sig_check+0x114/0x1e0\n[  +0.000009]  load_module+0xa0/0x1ea4\n[  +0.000008]  __do_sys_init_module+0x184/0x1cc\n[  +0.000008]  __arm64_sys_init_module+0x78/0xb0\n[  +0.000008]  invoke_syscall+0x74/0x260\n[  +0.000009]  el0_svc_common.constprop.0+0x1a8/0x260\n[  +0.000008]  do_el0_svc+0x50/0x70\n[  +0.000007]  el0_svc+0x68/0x1a0\n[  +0.000009]  el0t_64_sync_handler+0x11c/0x150\n[  +0.000009]  el0t_64\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:02.484Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/de2b6ebe0cb7746b5b6b35d79e150d934392b958"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc1fd114dde3d2623ac37676df3d74ffeedb0da8"
        },
        {
          "url": "https://git.kernel.org/stable/c/09847723c12fc2753749cec3939a02ee92dac468"
        }
      ],
      "title": "drm/meson: remove drm bridges at aggregate driver unbind time",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50256",
    "datePublished": "2025-09-15T14:02:39.052Z",
    "dateReserved": "2025-09-15T13:58:00.973Z",
    "dateUpdated": "2025-09-16T08:02:02.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt76_connac.h",
            "drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c",
            "drivers/net/wireless/mediatek/mt76/mt7996/mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0765b5b4719f0435bb019370b317d2fb8138eb34",
              "status": "affected",
              "version": "98686cd21624c75a043e96812beadddf4f6f48e5",
              "versionType": "git"
            },
            {
              "lessThan": "0b8e2d69467f78a7c9d87b452220e87012435e33",
              "status": "affected",
              "version": "98686cd21624c75a043e96812beadddf4f6f48e5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt76_connac.h",
            "drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c",
            "drivers/net/wireless/mediatek/mt76/mt7996/mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val\n\nIn order to fix a possible NULL pointer dereference in\nmt7996_mac_write_txwi() of vif pointer, export\nmt76_connac2_mac_tx_rate_val utility routine and reuse it\nin mt7996 driver."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:31.843Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0765b5b4719f0435bb019370b317d2fb8138eb34"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b8e2d69467f78a7c9d87b452220e87012435e33"
        }
      ],
      "title": "wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53203",
    "datePublished": "2025-09-15T14:21:31.843Z",
    "dateReserved": "2025-09-15T13:59:19.068Z",
    "dateUpdated": "2025-09-15T14:21:31.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/inline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a229d21b98d132673096710e8281ef522dab1d1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3d7b8fbcd2273e2b9f4c6de5ce2f4c0cd3cb1205",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "486efbbc9445dca7890a1b86adbccb88b91284b0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4597554b4f7b29e7fd78aa449bab648f8da4ee2c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f22b274429e88d3dc7e79d375b56ce4f2f59f0b4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1d2caddbeeee56fbbc36b428c5b909c3ad88eb7f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e780058bd75614b66882bc02620ddbd884171560",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "88a06a94942c5c0a896e9da1113a6bb29e36cbef",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2220eaf90992c11d888fe771055d4de330385f01",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/inline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.315",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.243",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.315",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.283",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.243",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.180",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.112",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add bounds checking in get_max_inline_xattr_value_size()\n\nNormally the extended attributes in the inode body would have been\nchecked when the inode is first opened, but if someone is writing to\nthe block device while the file system is mounted, it\u0027s possible for\nthe inode table to get corrupted.  Add bounds checking to avoid\nreading beyond the end of allocated memory if this happens."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:11:18.585Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a229d21b98d132673096710e8281ef522dab1d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d7b8fbcd2273e2b9f4c6de5ce2f4c0cd3cb1205"
        },
        {
          "url": "https://git.kernel.org/stable/c/486efbbc9445dca7890a1b86adbccb88b91284b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/4597554b4f7b29e7fd78aa449bab648f8da4ee2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f22b274429e88d3dc7e79d375b56ce4f2f59f0b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d2caddbeeee56fbbc36b428c5b909c3ad88eb7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e780058bd75614b66882bc02620ddbd884171560"
        },
        {
          "url": "https://git.kernel.org/stable/c/88a06a94942c5c0a896e9da1113a6bb29e36cbef"
        },
        {
          "url": "https://git.kernel.org/stable/c/2220eaf90992c11d888fe771055d4de330385f01"
        }
      ],
      "title": "ext4: add bounds checking in get_max_inline_xattr_value_size()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53285",
    "datePublished": "2025-09-16T08:11:18.585Z",
    "dateReserved": "2025-09-16T08:09:37.991Z",
    "dateUpdated": "2025-09-16T08:11:18.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c1564d4b105ae535eb3183ecaaa987685b20a888",
              "status": "affected",
              "version": "f7d66fb2ea43a3016e78a700a2ca6c77a74579f9",
              "versionType": "git"
            },
            {
              "lessThan": "ec02a29c3c2ef8ad3e15a0e3f96b99a00e5d97b4",
              "status": "affected",
              "version": "f7d66fb2ea43a3016e78a700a2ca6c77a74579f9",
              "versionType": "git"
            },
            {
              "lessThan": "1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8",
              "status": "affected",
              "version": "f7d66fb2ea43a3016e78a700a2ca6c77a74579f9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.16",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.3",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: drop redundant sched job cleanup when cs is aborted\n\nOnce command submission failed due to userptr invalidation in\namdgpu_cs_submit, legacy code will perform cleanup of scheduler\njob. However, it\u0027s not needed at all, as former commit has integrated\njob cleanup stuff into amdgpu_job_free. Otherwise, because of double\nfree, a NULL pointer dereference will occur in such scenario.\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/2457"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:59.550Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c1564d4b105ae535eb3183ecaaa987685b20a888"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec02a29c3c2ef8ad3e15a0e3f96b99a00e5d97b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8"
        }
      ],
      "title": "drm/amdgpu: drop redundant sched job cleanup when cs is aborted",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53228",
    "datePublished": "2025-09-15T14:21:59.550Z",
    "dateReserved": "2025-09-15T14:19:21.846Z",
    "dateUpdated": "2025-09-15T14:21:59.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/tw68/tw68-video.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dcf632bca424e6ff8c8eb89c96694e7f05cd29b6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3c67f49a6643d973e83968ea35806c7b5ae68b56",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3715c5e9a8f96b6ed0dcbea06da443efccac1ecc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1634b7adcc5bef645b3666fdd564e5952a9e24e0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/tw68/tw68-video.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.113",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish\n\nWhen the driver calls tw68_risc_buffer() to prepare the buffer, the\nfunction call dma_alloc_coherent may fail, resulting in a empty buffer\nbuf-\u003ecpu. Later when we free the buffer or access the buffer, null ptr\nderef is triggered.\n\nThis bug is similar to the following one:\nhttps://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71.\n\nWe believe the bug can be also dynamically triggered from user side.\nSimilarly, we fix this by checking the return value of tw68_risc_buffer()\nand the value of buf-\u003ecpu before buffer free."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:46:12.951Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dcf632bca424e6ff8c8eb89c96694e7f05cd29b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c67f49a6643d973e83968ea35806c7b5ae68b56"
        },
        {
          "url": "https://git.kernel.org/stable/c/3715c5e9a8f96b6ed0dcbea06da443efccac1ecc"
        },
        {
          "url": "https://git.kernel.org/stable/c/1634b7adcc5bef645b3666fdd564e5952a9e24e0"
        }
      ],
      "title": "media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53244",
    "datePublished": "2025-09-15T14:46:12.951Z",
    "dateReserved": "2025-09-15T14:19:21.848Z",
    "dateUpdated": "2025-09-15T14:46:12.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/watchdog/watchdog_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bf26b0e430ce34261f45959989edaf680b64d538",
              "status": "affected",
              "version": "450caf1faa0d7bbbd1da93d3ee8c5edea7bc51a8",
              "versionType": "git"
            },
            {
              "lessThan": "8c1655600f4f2839fb844fe8c70b2b65fadc7a56",
              "status": "affected",
              "version": "f4c36f1999745c2160422fe2f362deadbe3a136b",
              "versionType": "git"
            },
            {
              "lessThan": "59e391b3fc507a15b7e8e9d9f4de87cae177c366",
              "status": "affected",
              "version": "ca7851d46de8a8d69022c4e5feed0820483b5f46",
              "versionType": "git"
            },
            {
              "lessThan": "c5a21a5501508ae3afa2fe6d5a3e74a37fa48df3",
              "status": "affected",
              "version": "72139dfa2464e43957d330266994740bb7be2535",
              "versionType": "git"
            },
            {
              "lessThan": "23cc41c3f19c4d858c3708f1c0a06e94958e6c3b",
              "status": "affected",
              "version": "72139dfa2464e43957d330266994740bb7be2535",
              "versionType": "git"
            },
            {
              "lessThan": "ac099d94e0480c937aa9172ab64074981ca1a4d3",
              "status": "affected",
              "version": "72139dfa2464e43957d330266994740bb7be2535",
              "versionType": "git"
            },
            {
              "lessThan": "50808d034e199fe3ff7a9d2068a4eebeb6b4098a",
              "status": "affected",
              "version": "72139dfa2464e43957d330266994740bb7be2535",
              "versionType": "git"
            },
            {
              "lessThan": "13721a2ac66b246f5802ba1b75ad8637e53eeecc",
              "status": "affected",
              "version": "72139dfa2464e43957d330266994740bb7be2535",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f76905ce52653e8a821963c35d9013cff19b1399",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/watchdog/watchdog_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.308",
                  "versionStartIncluding": "4.14.182",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "4.19.93",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "5.4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.100",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.18",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.5",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.225",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: Fix kmemleak in watchdog_cdev_register\n\nkmemleak reports memory leaks in watchdog_dev_register, as follows:\nunreferenced object 0xffff888116233000 (size 2048):\n  comm \"\"modprobe\"\", pid 28147, jiffies 4353426116 (age 61.741s)\n  hex dump (first 32 bytes):\n    80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff  .........0#.....\n    08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00  .0#.............\n  backtrace:\n    [\u003c000000007f001ffd\u003e] __kmem_cache_alloc_node+0x157/0x220\n    [\u003c000000006a389304\u003e] kmalloc_trace+0x21/0x110\n    [\u003c000000008d640eea\u003e] watchdog_dev_register+0x4e/0x780 [watchdog]\n    [\u003c0000000053c9f248\u003e] __watchdog_register_device+0x4f0/0x680 [watchdog]\n    [\u003c00000000b2979824\u003e] watchdog_register_device+0xd2/0x110 [watchdog]\n    [\u003c000000001f730178\u003e] 0xffffffffc10880ae\n    [\u003c000000007a1a8bcc\u003e] do_one_initcall+0xcb/0x4d0\n    [\u003c00000000b98be325\u003e] do_init_module+0x1ca/0x5f0\n    [\u003c0000000046d08e7c\u003e] load_module+0x6133/0x70f0\n    ...\n\nunreferenced object 0xffff888105b9fa80 (size 16):\n  comm \"\"modprobe\"\", pid 28147, jiffies 4353426116 (age 61.741s)\n  hex dump (first 16 bytes):\n    77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff  watchdog1.......\n  backtrace:\n    [\u003c000000007f001ffd\u003e] __kmem_cache_alloc_node+0x157/0x220\n    [\u003c00000000486ab89b\u003e] __kmalloc_node_track_caller+0x44/0x1b0\n    [\u003c000000005a39aab0\u003e] kvasprintf+0xb5/0x140\n    [\u003c0000000024806f85\u003e] kvasprintf_const+0x55/0x180\n    [\u003c000000009276cb7f\u003e] kobject_set_name_vargs+0x56/0x150\n    [\u003c00000000a92e820b\u003e] dev_set_name+0xab/0xe0\n    [\u003c00000000cec812c6\u003e] watchdog_dev_register+0x285/0x780 [watchdog]\n    [\u003c0000000053c9f248\u003e] __watchdog_register_device+0x4f0/0x680 [watchdog]\n    [\u003c00000000b2979824\u003e] watchdog_register_device+0xd2/0x110 [watchdog]\n    [\u003c000000001f730178\u003e] 0xffffffffc10880ae\n    [\u003c000000007a1a8bcc\u003e] do_one_initcall+0xcb/0x4d0\n    [\u003c00000000b98be325\u003e] do_init_module+0x1ca/0x5f0\n    [\u003c0000000046d08e7c\u003e] load_module+0x6133/0x70f0\n    ...\n\nThe reason is that put_device is not be called if cdev_device_add fails\nand wdd-\u003eid != 0.\n\nwatchdog_cdev_register\n  wd_data = kzalloc                             [1]\n  err = dev_set_name                            [2]\n  ..\n  err = cdev_device_add\n  if (err) {\n    if (wdd-\u003eid == 0) {  // wdd-\u003eid != 0\n      ..\n    }\n    return err;  // [1],[2] would be leaked\n\nTo fix it, call put_device in all wdd-\u003eid cases."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:22:07.219Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bf26b0e430ce34261f45959989edaf680b64d538"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c1655600f4f2839fb844fe8c70b2b65fadc7a56"
        },
        {
          "url": "https://git.kernel.org/stable/c/59e391b3fc507a15b7e8e9d9f4de87cae177c366"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5a21a5501508ae3afa2fe6d5a3e74a37fa48df3"
        },
        {
          "url": "https://git.kernel.org/stable/c/23cc41c3f19c4d858c3708f1c0a06e94958e6c3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac099d94e0480c937aa9172ab64074981ca1a4d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/50808d034e199fe3ff7a9d2068a4eebeb6b4098a"
        },
        {
          "url": "https://git.kernel.org/stable/c/13721a2ac66b246f5802ba1b75ad8637e53eeecc"
        }
      ],
      "title": "watchdog: Fix kmemleak in watchdog_cdev_register",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53234",
    "datePublished": "2025-09-15T14:22:07.219Z",
    "dateReserved": "2025-09-15T14:19:21.847Z",
    "dateUpdated": "2025-09-15T14:22:07.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/fair.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "32d937f94b7805d4c9028b8727a7d6241547da54",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a5286f4655ce2fa28f477c0b957ea7f323fe2fab",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cec1857b1ea5cc3ea2b600564f1c95d1a6f27ad1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6b0c79aa33075b34c3cdcea4132c0afb3fc42d68",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3cb43222bab8ab328fc91ed30899b3df2efbccfd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "78a5f711efceb37e32c48cd6b40addb671fea9cc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "34eb902050d473bb2befa15714fb1d30a0991c15",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0dd37d6dd33a9c23351e6115ae8cdac7863bc7de",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/fair.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.322",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Don\u0027t balance task to its current running CPU\n\nWe\u0027ve run into the case that the balancer tries to balance a migration\ndisabled task and trigger the warning in set_task_cpu() like below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240\n Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 \u003c...snip\u003e\n CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G           O       6.1.0-rc4+ #1\n Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V5.B221.01 12/09/2021\n pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : set_task_cpu+0x188/0x240\n lr : load_balance+0x5d0/0xc60\n sp : ffff80000803bc70\n x29: ffff80000803bc70 x28: ffff004089e190e8 x27: ffff004089e19040\n x26: ffff007effcabc38 x25: 0000000000000000 x24: 0000000000000001\n x23: ffff80000803be84 x22: 000000000000000c x21: ffffb093e79e2a78\n x20: 000000000000000c x19: ffff004089e19040 x18: 0000000000000000\n x17: 0000000000001fad x16: 0000000000000030 x15: 0000000000000000\n x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000001 x10: 0000000000000400 x9 : ffffb093e4cee530\n x8 : 00000000fffffffe x7 : 0000000000ce168a x6 : 000000000000013e\n x5 : 00000000ffffffe1 x4 : 0000000000000001 x3 : 0000000000000b2a\n x2 : 0000000000000b2a x1 : ffffb093e6d6c510 x0 : 0000000000000001\n Call trace:\n  set_task_cpu+0x188/0x240\n  load_balance+0x5d0/0xc60\n  rebalance_domains+0x26c/0x380\n  _nohz_idle_balance.isra.0+0x1e0/0x370\n  run_rebalance_domains+0x6c/0x80\n  __do_softirq+0x128/0x3d8\n  ____do_softirq+0x18/0x24\n  call_on_irq_stack+0x2c/0x38\n  do_softirq_own_stack+0x24/0x3c\n  __irq_exit_rcu+0xcc/0xf4\n  irq_exit_rcu+0x18/0x24\n  el1_interrupt+0x4c/0xe4\n  el1h_64_irq_handler+0x18/0x2c\n  el1h_64_irq+0x74/0x78\n  arch_cpu_idle+0x18/0x4c\n  default_idle_call+0x58/0x194\n  do_idle+0x244/0x2b0\n  cpu_startup_entry+0x30/0x3c\n  secondary_start_kernel+0x14c/0x190\n  __secondary_switched+0xb0/0xb4\n ---[ end trace 0000000000000000 ]---\n\nFurther investigation shows that the warning is superfluous, the migration\ndisabled task is just going to be migrated to its current running CPU.\nThis is because that on load balance if the dst_cpu is not allowed by the\ntask, we\u0027ll re-select a new_dst_cpu as a candidate. If no task can be\nbalanced to dst_cpu we\u0027ll try to balance the task to the new_dst_cpu\ninstead. In this case when the migration disabled task is not on CPU it\nonly allows to run on its current CPU, load balance will select its\ncurrent CPU as new_dst_cpu and later triggers the warning above.\n\nThe new_dst_cpu is chosen from the env-\u003edst_grpmask. Currently it\ncontains CPUs in sched_group_span() and if we have overlapped groups it\u0027s\npossible to run into this case. This patch makes env-\u003edst_grpmask of\ngroup_balance_mask() which exclude any CPUs from the busiest group and\nsolve the issue. For balancing in a domain with no overlapped groups\nthe behaviour keeps same as before."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:43.107Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/32d937f94b7805d4c9028b8727a7d6241547da54"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5286f4655ce2fa28f477c0b957ea7f323fe2fab"
        },
        {
          "url": "https://git.kernel.org/stable/c/cec1857b1ea5cc3ea2b600564f1c95d1a6f27ad1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b0c79aa33075b34c3cdcea4132c0afb3fc42d68"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cb43222bab8ab328fc91ed30899b3df2efbccfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/78a5f711efceb37e32c48cd6b40addb671fea9cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/34eb902050d473bb2befa15714fb1d30a0991c15"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dd37d6dd33a9c23351e6115ae8cdac7863bc7de"
        }
      ],
      "title": "sched/fair: Don\u0027t balance task to its current running CPU",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53215",
    "datePublished": "2025-09-15T14:21:43.107Z",
    "dateReserved": "2025-09-15T14:19:21.845Z",
    "dateUpdated": "2025-09-15T14:21:43.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vhost/vsock.c",
            "net/vmw_vsock/virtio_transport_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0d720c3f0a03e97867deab7e480ba3d3e19837ba",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            },
            {
              "lessThan": "7aac8c63f604e6a6a46560c0f0188cd0332cf320",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            },
            {
              "lessThan": "e6d0152c95108651f1880c1ddfab47cb9e3e62d0",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            },
            {
              "lessThan": "b4a5905fd2ef841cd61e969ea692c213c2e5c1f7",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            },
            {
              "lessThan": "e28a4e7f0296824c61a81e7fd54ab48bad3e75ad",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            },
            {
              "lessThan": "a99fc6d818161d6f1ff3307de8bf5237f6cc34d8",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            },
            {
              "lessThan": "36c9f340c60413e28f980c0224c4e9d35851526b",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            },
            {
              "lessThan": "0e3f72931fc47bb81686020cc643cde5d9cd0bb8",
              "status": "affected",
              "version": "433fc58e6bf2c8bd97e57153ed28e64fd78207b8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vhost/vsock.c",
            "net/vmw_vsock/virtio_transport_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.296",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.262",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.220",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.150",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: Use kvmalloc/kvfree for larger packets.\n\nWhen copying a large file over sftp over vsock, data size is usually 32kB,\nand kmalloc seems to fail to try to allocate 32 32kB regions.\n\n vhost-5837: page allocation failure: order:4, mode:0x24040c0\n Call Trace:\n  [\u003cffffffffb6a0df64\u003e] dump_stack+0x97/0xdb\n  [\u003cffffffffb68d6aed\u003e] warn_alloc_failed+0x10f/0x138\n  [\u003cffffffffb68d868a\u003e] ? __alloc_pages_direct_compact+0x38/0xc8\n  [\u003cffffffffb664619f\u003e] __alloc_pages_nodemask+0x84c/0x90d\n  [\u003cffffffffb6646e56\u003e] alloc_kmem_pages+0x17/0x19\n  [\u003cffffffffb6653a26\u003e] kmalloc_order_trace+0x2b/0xdb\n  [\u003cffffffffb66682f3\u003e] __kmalloc+0x177/0x1f7\n  [\u003cffffffffb66e0d94\u003e] ? copy_from_iter+0x8d/0x31d\n  [\u003cffffffffc0689ab7\u003e] vhost_vsock_handle_tx_kick+0x1fa/0x301 [vhost_vsock]\n  [\u003cffffffffc06828d9\u003e] vhost_worker+0xf7/0x157 [vhost]\n  [\u003cffffffffb683ddce\u003e] kthread+0xfd/0x105\n  [\u003cffffffffc06827e2\u003e] ? vhost_dev_set_owner+0x22e/0x22e [vhost]\n  [\u003cffffffffb683dcd1\u003e] ? flush_kthread_worker+0xf3/0xf3\n  [\u003cffffffffb6eb332e\u003e] ret_from_fork+0x4e/0x80\n  [\u003cffffffffb683dcd1\u003e] ? flush_kthread_worker+0xf3/0xf3\n\nWork around by doing kvmalloc instead."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:07.563Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0d720c3f0a03e97867deab7e480ba3d3e19837ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/7aac8c63f604e6a6a46560c0f0188cd0332cf320"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6d0152c95108651f1880c1ddfab47cb9e3e62d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4a5905fd2ef841cd61e969ea692c213c2e5c1f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e28a4e7f0296824c61a81e7fd54ab48bad3e75ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/a99fc6d818161d6f1ff3307de8bf5237f6cc34d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/36c9f340c60413e28f980c0224c4e9d35851526b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e3f72931fc47bb81686020cc643cde5d9cd0bb8"
        }
      ],
      "title": "vhost/vsock: Use kvmalloc/kvfree for larger packets.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50271",
    "datePublished": "2025-09-15T14:21:07.563Z",
    "dateReserved": "2025-09-15T13:58:00.975Z",
    "dateUpdated": "2025-09-15T14:21:07.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/hi846.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fd22e8c8c38fb40f130d3a60e52c59996a5bbae9",
              "status": "affected",
              "version": "e8c0882685f9152f0d729664a12bcbe749cb7736",
              "versionType": "git"
            },
            {
              "lessThan": "12a80b1490e398f5ad7157508cf32b73511de5fc",
              "status": "affected",
              "version": "e8c0882685f9152f0d729664a12bcbe749cb7736",
              "versionType": "git"
            },
            {
              "lessThan": "07f0f15e5db60c5b0722049d3251ef4a46dc3b76",
              "status": "affected",
              "version": "e8c0882685f9152f0d729664a12bcbe749cb7736",
              "versionType": "git"
            },
            {
              "lessThan": "2649c1a20e8e399ee955d0e22192f9992662c3d2",
              "status": "affected",
              "version": "e8c0882685f9152f0d729664a12bcbe749cb7736",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/hi846.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hi846: Fix memleak in hi846_init_controls()\n\nhi846_init_controls doesn\u0027t clean the allocated ctrl_hdlr\nin case there is a failure, which causes memleak. Add\nv4l2_ctrl_handler_free to free the resource properly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:11:31.629Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fd22e8c8c38fb40f130d3a60e52c59996a5bbae9"
        },
        {
          "url": "https://git.kernel.org/stable/c/12a80b1490e398f5ad7157508cf32b73511de5fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/07f0f15e5db60c5b0722049d3251ef4a46dc3b76"
        },
        {
          "url": "https://git.kernel.org/stable/c/2649c1a20e8e399ee955d0e22192f9992662c3d2"
        }
      ],
      "title": "media: hi846: Fix memleak in hi846_init_controls()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53300",
    "datePublished": "2025-09-16T08:11:31.629Z",
    "dateReserved": "2025-09-16T08:09:37.993Z",
    "dateUpdated": "2025-09-16T08:11:31.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/pnode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cad0d17fb2b0540180ab59e2cd48ad348cc1ee4c",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "cc997490be65da0af8c75a6244fc80bb66c53ce0",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "7f57df69de7f05302fad584eb8e3f34de39e0311",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "2dae4211b579ce98985876a73a78466e285238ff",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "b591b2919d018ef91b4a9571edca94105bcad3df",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "c24cc476acd8bccb5af54849aac5e779d8223bf5",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "e7c9f10c44a8919cd8bbd51b228c84d0caf7d518",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "784a4f995ee24460aa72e00b085612fad57ebce5",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "11933cf1d91d57da9e5c53822a540bbdc2656c16",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fc7b1646bf29f722277bdd19551e01420ce9da8f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/pnode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.87",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.17",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.3",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.14.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npnode: terminate at peers of source\n\nThe propagate_mnt() function handles mount propagation when creating\nmounts and propagates the source mount tree @source_mnt to all\napplicable nodes of the destination propagation mount tree headed by\n@dest_mnt.\n\nUnfortunately it contains a bug where it fails to terminate at peers of\n@source_mnt when looking up copies of the source mount that become\nmasters for copies of the source mount tree mounted on top of slaves in\nthe destination propagation tree causing a NULL dereference.\n\nOnce the mechanics of the bug are understood it\u0027s easy to trigger.\nBecause of unprivileged user namespaces it is available to unprivileged\nusers.\n\nWhile fixing this bug we\u0027ve gotten confused multiple times due to\nunclear terminology or missing concepts. So let\u0027s start this with some\nclarifications:\n\n* The terms \"master\" or \"peer\" denote a shared mount. A shared mount\n  belongs to a peer group.\n\n* A peer group is a set of shared mounts that propagate to each other.\n  They are identified by a peer group id. The peer group id is available\n  in @shared_mnt-\u003emnt_group_id.\n  Shared mounts within the same peer group have the same peer group id.\n  The peers in a peer group can be reached via @shared_mnt-\u003emnt_share.\n\n* The terms \"slave mount\" or \"dependent mount\" denote a mount that\n  receives propagation from a peer in a peer group. IOW, shared mounts\n  may have slave mounts and slave mounts have shared mounts as their\n  master. Slave mounts of a given peer in a peer group are listed on\n  that peers slave list available at @shared_mnt-\u003emnt_slave_list.\n\n* The term \"master mount\" denotes a mount in a peer group. IOW, it\n  denotes a shared mount or a peer mount in a peer group. The term\n  \"master mount\" - or \"master\" for short - is mostly used when talking\n  in the context of slave mounts that receive propagation from a master\n  mount. A master mount of a slave identifies the closest peer group a\n  slave mount receives propagation from. The master mount of a slave can\n  be identified via @slave_mount-\u003emnt_master. Different slaves may point\n  to different masters in the same peer group.\n\n* Multiple peers in a peer group can have non-empty -\u003emnt_slave_lists.\n  Non-empty -\u003emnt_slave_lists of peers don\u0027t intersect. Consequently, to\n  ensure all slave mounts of a peer group are visited the\n  -\u003emnt_slave_lists of all peers in a peer group have to be walked.\n\n* Slave mounts point to a peer in the closest peer group they receive\n  propagation from via @slave_mnt-\u003emnt_master (see above). Together with\n  these peers they form a propagation group (see below). The closest\n  peer group can thus be identified through the peer group id\n  @slave_mnt-\u003emnt_master-\u003emnt_group_id of the peer/master that a slave\n  mount receives propagation from.\n\n* A shared-slave mount is a slave mount to a peer group pg1 while also\n  a peer in another peer group pg2. IOW, a peer group may receive\n  propagation from another peer group.\n\n  If a peer group pg1 is a slave to another peer group pg2 then all\n  peers in peer group pg1 point to the same peer in peer group pg2 via\n  -\u003emnt_master. IOW, all peers in peer group pg1 appear on the same\n  -\u003emnt_slave_list. IOW, they cannot be slaves to different peer groups.\n\n* A pure slave mount is a slave mount that is a slave to a peer group\n  but is not a peer in another peer group.\n\n* A propagation group denotes the set of mounts consisting of a single\n  peer group pg1 and all slave mounts and shared-slave mounts that point\n  to a peer in that peer group via -\u003emnt_master. IOW, all slave mounts\n  such that @slave_mnt-\u003emnt_master-\u003emnt_group_id is equal to\n  @shared_mnt-\u003emnt_group_id.\n\n  The concept of a propagation group makes it easier to talk about a\n  single propagation level in a propagation tree.\n\n  For example, in propagate_mnt() the immediate peers of @dest_mnt and\n  all slaves of @dest_mnt\u0027s peer group form a propagation group pr\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:16.891Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cad0d17fb2b0540180ab59e2cd48ad348cc1ee4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc997490be65da0af8c75a6244fc80bb66c53ce0"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f57df69de7f05302fad584eb8e3f34de39e0311"
        },
        {
          "url": "https://git.kernel.org/stable/c/2dae4211b579ce98985876a73a78466e285238ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/b591b2919d018ef91b4a9571edca94105bcad3df"
        },
        {
          "url": "https://git.kernel.org/stable/c/c24cc476acd8bccb5af54849aac5e779d8223bf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7c9f10c44a8919cd8bbd51b228c84d0caf7d518"
        },
        {
          "url": "https://git.kernel.org/stable/c/784a4f995ee24460aa72e00b085612fad57ebce5"
        },
        {
          "url": "https://git.kernel.org/stable/c/11933cf1d91d57da9e5c53822a540bbdc2656c16"
        }
      ],
      "title": "pnode: terminate at peers of source",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50280",
    "datePublished": "2025-09-15T14:21:16.891Z",
    "dateReserved": "2025-09-15T13:58:00.976Z",
    "dateUpdated": "2025-09-15T14:21:16.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/kernel/um_arch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8f96aa67c2ccbd7e41b8dc992b8d13cfe206d571",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dbd964a733db015bbb9dff592c259c736398140f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "844748412be03a236dcf4a208b588162a275e189",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cd251d39b13485eb94ee65bb000d024e02c00e45",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6a73e6edcbf3cdd82796dcdf0c0f5fe5d91021af",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7efe61dc6aa45aab8a40e304fa2dae21e33b0db4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5177bdc38eaa1c1ca6302214ab06913540cd00a2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2e3863cc02c156b51b50592d43ffa6a13b680b0d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "16c546e148fa6d14a019431436a6f7b4087dbccd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/kernel/um_arch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.331",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.331",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.296",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.220",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,\ncpu_max_bits_warn() generates a runtime warning similar as below while\nwe show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[    3.052463] ------------[ cut here ]------------\n[    3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[    3.070072] Modules linked in: efivarfs autofs4\n[    3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[    3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[    3.109127]         9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[    3.118774]         90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[    3.128412]         0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[    3.138056]         0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[    3.147711]         ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[    3.157364]         900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[    3.167012]         0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[    3.176641]         9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[    3.186260]         00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[    3.195868]         ...\n[    3.199917] Call Trace:\n[    3.203941] [\u003c90000000002086d8\u003e] show_stack+0x38/0x14c\n[    3.210666] [\u003c9000000000cf846c\u003e] dump_stack_lvl+0x60/0x88\n[    3.217625] [\u003c900000000023d268\u003e] __warn+0xd0/0x100\n[    3.223958] [\u003c9000000000cf3c90\u003e] warn_slowpath_fmt+0x7c/0xcc\n[    3.231150] [\u003c9000000000210220\u003e] show_cpuinfo+0x5e8/0x5f0\n[    3.238080] [\u003c90000000004f578c\u003e] seq_read_iter+0x354/0x4b4\n[    3.245098] [\u003c90000000004c2e90\u003e] new_sync_read+0x17c/0x1c4\n[    3.252114] [\u003c90000000004c5174\u003e] vfs_read+0x138/0x1d0\n[    3.258694] [\u003c90000000004c55f8\u003e] ksys_read+0x70/0x100\n[    3.265265] [\u003c9000000000cfde9c\u003e] do_syscall+0x7c/0x94\n[    3.271820] [\u003c9000000000202fe4\u003e] handle_syscall+0xc4/0x160\n[    3.281824] ---[ end trace 8b484262b4b8c24c ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:45:52.121Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8f96aa67c2ccbd7e41b8dc992b8d13cfe206d571"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbd964a733db015bbb9dff592c259c736398140f"
        },
        {
          "url": "https://git.kernel.org/stable/c/844748412be03a236dcf4a208b588162a275e189"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd251d39b13485eb94ee65bb000d024e02c00e45"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a73e6edcbf3cdd82796dcdf0c0f5fe5d91021af"
        },
        {
          "url": "https://git.kernel.org/stable/c/7efe61dc6aa45aab8a40e304fa2dae21e33b0db4"
        },
        {
          "url": "https://git.kernel.org/stable/c/5177bdc38eaa1c1ca6302214ab06913540cd00a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e3863cc02c156b51b50592d43ffa6a13b680b0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/16c546e148fa6d14a019431436a6f7b4087dbccd"
        }
      ],
      "title": "UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50296",
    "datePublished": "2025-09-15T14:45:52.121Z",
    "dateReserved": "2025-09-15T14:18:36.811Z",
    "dateUpdated": "2025-09-15T14:45:52.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0a5e0bc8e8618e32a6ca64450867628eb0a627bf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a5880e69cf7fe4a0bb1eabae02205352d1b59b7b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "17b17fcd6d446b95904a6929c40012ee7f0afc0c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand\n\nWhile trying to get the subpage blocksize tests running, I hit the\nfollowing panic on generic/476\n\n  assertion failed: PagePrivate(page) \u0026\u0026 page-\u003eprivate, in fs/btrfs/subpage.c:229\n  kernel BUG at fs/btrfs/subpage.c:229!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n  CPU: 1 PID: 1453 Comm: fsstress Not tainted 6.4.0-rc7+ #12\n  Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20230301gitf80f052277c8-26.fc38 03/01/2023\n  pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : btrfs_subpage_assert+0xbc/0xf0\n  lr : btrfs_subpage_assert+0xbc/0xf0\n  Call trace:\n   btrfs_subpage_assert+0xbc/0xf0\n   btrfs_subpage_clear_checked+0x38/0xc0\n   btrfs_page_clear_checked+0x48/0x98\n   btrfs_truncate_block+0x5d0/0x6a8\n   btrfs_cont_expand+0x5c/0x528\n   btrfs_write_check.isra.0+0xf8/0x150\n   btrfs_buffered_write+0xb4/0x760\n   btrfs_do_write_iter+0x2f8/0x4b0\n   btrfs_file_write_iter+0x1c/0x30\n   do_iter_readv_writev+0xc8/0x158\n   do_iter_write+0x9c/0x210\n   vfs_iter_write+0x24/0x40\n   iter_file_splice_write+0x224/0x390\n   direct_splice_actor+0x38/0x68\n   splice_direct_to_actor+0x12c/0x260\n   do_splice_direct+0x90/0xe8\n   generic_copy_file_range+0x50/0x90\n   vfs_copy_file_range+0x29c/0x470\n   __arm64_sys_copy_file_range+0xcc/0x498\n   invoke_syscall.constprop.0+0x80/0xd8\n   do_el0_svc+0x6c/0x168\n   el0_svc+0x50/0x1b0\n   el0t_64_sync_handler+0x114/0x120\n   el0t_64_sync+0x194/0x198\n\nThis happens because during btrfs_cont_expand we\u0027ll get a page, set it\nas mapped, and if it\u0027s not Uptodate we\u0027ll read it.  However between the\nread and re-locking the page we could have called release_folio() on the\npage, but left the page in the file mapping.  release_folio() can clear\nthe page private, and thus further down we blow up when we go to modify\nthe subpage bits.\n\nFix this by putting the set_page_extent_mapped() after the read.  This\nis safe because read_folio() will call set_page_extent_mapped() before\nit does the read, and then if we clear page private but leave it on the\nmapping we\u0027re completely safe re-setting set_page_extent_mapped().  With\nthis patch I can now run generic/476 without panicing."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:46:17.344Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0a5e0bc8e8618e32a6ca64450867628eb0a627bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5880e69cf7fe4a0bb1eabae02205352d1b59b7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/17b17fcd6d446b95904a6929c40012ee7f0afc0c"
        }
      ],
      "title": "btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53247",
    "datePublished": "2025-09-15T14:46:17.344Z",
    "dateReserved": "2025-09-15T14:19:21.848Z",
    "dateUpdated": "2025-09-15T14:46:17.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-mq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3e977386521b71471e66ec2ba82efdfcc456adf2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "245165658e1c9f95c0fecfe02b9b1ebd30a1198a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-mq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none\n\nAfter grabbing q-\u003esysfs_lock, q-\u003eelevator may become NULL because of\nelevator switch.\n\nFix the NULL dereference on q-\u003eelevator by checking it with lock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:11:24.583Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3e977386521b71471e66ec2ba82efdfcc456adf2"
        },
        {
          "url": "https://git.kernel.org/stable/c/245165658e1c9f95c0fecfe02b9b1ebd30a1198a"
        }
      ],
      "title": "blk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53292",
    "datePublished": "2025-09-16T08:11:24.583Z",
    "dateReserved": "2025-09-16T08:09:37.992Z",
    "dateUpdated": "2025-09-16T08:11:24.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/events/intel/uncore_snbep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a96c10a56037db006ba6769307a9731cf6073be",
              "status": "affected",
              "version": "a8e87042482fd2d31c5cee62875b2ae75759ae8b",
              "versionType": "git"
            },
            {
              "lessThan": "e293263248f25c6b8aa1caf7c1103d40aa03311e",
              "status": "affected",
              "version": "319a06e58ed7f1443f7133c05513de470f90628d",
              "versionType": "git"
            },
            {
              "lessThan": "c0539d5d474ee6fa4ebc41f927a0f98f81244f25",
              "status": "affected",
              "version": "6f8315e5d9511ed1cf28ee2afbc9f89ff693de7b",
              "versionType": "git"
            },
            {
              "lessThan": "3485f197518061371568f842405159aa9e4df551",
              "status": "affected",
              "version": "9d480158ee86ad606d3a8baaf81e6b71acbfd7d5",
              "versionType": "git"
            },
            {
              "lessThan": "48f32b9a74e2ac8e854bb87bfefdbc745125a123",
              "status": "affected",
              "version": "9d480158ee86ad606d3a8baaf81e6b71acbfd7d5",
              "versionType": "git"
            },
            {
              "lessThan": "bd66877c0b3b42eed0ecee0bd2a2a505c1e54177",
              "status": "affected",
              "version": "9d480158ee86ad606d3a8baaf81e6b71acbfd7d5",
              "versionType": "git"
            },
            {
              "lessThan": "1ff9dd6e7071a561f803135c1d684b13c7a7d01d",
              "status": "affected",
              "version": "9d480158ee86ad606d3a8baaf81e6b71acbfd7d5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d2c79105a90323a2a93484c85f9ac419ae9b183d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/events/intel/uncore_snbep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "4.19.189",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "5.4.115",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "5.10.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.11.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()\n\npci_get_device() will increase the reference count for the returned\n\u0027dev\u0027. We need to call pci_dev_put() to decrease the reference count.\nSince \u0027dev\u0027 is only used in pci_read_config_dword(), let\u0027s add\npci_dev_put() right after it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:48:51.035Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a96c10a56037db006ba6769307a9731cf6073be"
        },
        {
          "url": "https://git.kernel.org/stable/c/e293263248f25c6b8aa1caf7c1103d40aa03311e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0539d5d474ee6fa4ebc41f927a0f98f81244f25"
        },
        {
          "url": "https://git.kernel.org/stable/c/3485f197518061371568f842405159aa9e4df551"
        },
        {
          "url": "https://git.kernel.org/stable/c/48f32b9a74e2ac8e854bb87bfefdbc745125a123"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd66877c0b3b42eed0ecee0bd2a2a505c1e54177"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ff9dd6e7071a561f803135c1d684b13c7a7d01d"
        }
      ],
      "title": "perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50318",
    "datePublished": "2025-09-15T14:48:51.035Z",
    "dateReserved": "2025-09-15T14:18:36.814Z",
    "dateUpdated": "2025-09-15T14:48:51.035Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "906a6689bb0191ad2a44131a3377006aa098af59",
              "status": "affected",
              "version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
              "versionType": "git"
            },
            {
              "lessThan": "71850b5af92da21b4862a9bc55bda61091247d00",
              "status": "affected",
              "version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
              "versionType": "git"
            },
            {
              "lessThan": "5f692c992a3bb9a8018e3488098b401a4229e7ec",
              "status": "affected",
              "version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
              "versionType": "git"
            },
            {
              "lessThan": "0646dc31ca886693274df5749cd0c8c1eaaeb5ca",
              "status": "affected",
              "version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.25",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.108",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.25",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.12",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: Fix a race between coalescing and releasing SKBs\n\nCommit 1effe8ca4e34 (\"skbuff: fix coalescing for page_pool fragment\nrecycling\") allowed coalescing to proceed with non page pool page and page\npool page when @from is cloned, i.e.\n\nto-\u003epp_recycle    --\u003e false\nfrom-\u003epp_recycle  --\u003e true\nskb_cloned(from)  --\u003e true\n\nHowever, it actually requires skb_cloned(@from) to hold true until\ncoalescing finishes in this situation. If the other cloned SKB is\nreleased while the merging is in process, from_shinfo-\u003enr_frags will be\nset to 0 toward the end of the function, causing the increment of frag\npage _refcount to be unexpectedly skipped resulting in inconsistent\nreference counts. Later when SKB(@to) is released, it frees the page\ndirectly even though the page pool page is still in use, leading to\nuse-after-free or double-free errors. So it should be prohibited.\n\nThe double-free error message below prompted us to investigate:\nBUG: Bad page state in process swapper/1  pfn:0e0d1\npage:00000000c6548b28 refcount:-1 mapcount:0 mapping:0000000000000000\nindex:0x2 pfn:0xe0d1\nflags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)\nraw: 000fffffc0000000 0000000000000000 ffffffff00000101 0000000000000000\nraw: 0000000000000002 0000000000000000 ffffffffffffffff 0000000000000000\npage dumped because: nonzero _refcount\n\nCPU: 1 PID: 0 Comm: swapper/1 Tainted: G            E      6.2.0+\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl+0x32/0x50\nbad_page+0x69/0xf0\nfree_pcp_prepare+0x260/0x2f0\nfree_unref_page+0x20/0x1c0\nskb_release_data+0x10b/0x1a0\nnapi_consume_skb+0x56/0x150\nnet_rx_action+0xf0/0x350\n? __napi_schedule+0x79/0x90\n__do_softirq+0xc8/0x2b1\n__irq_exit_rcu+0xb9/0xf0\ncommon_interrupt+0x82/0xa0\n\u003c/IRQ\u003e\n\u003cTASK\u003e\nasm_common_interrupt+0x22/0x40\nRIP: 0010:default_idle+0xb/0x20"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:04:38.954Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/906a6689bb0191ad2a44131a3377006aa098af59"
        },
        {
          "url": "https://git.kernel.org/stable/c/71850b5af92da21b4862a9bc55bda61091247d00"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f692c992a3bb9a8018e3488098b401a4229e7ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/0646dc31ca886693274df5749cd0c8c1eaaeb5ca"
        }
      ],
      "title": "skbuff: Fix a race between coalescing and releasing SKBs",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53186",
    "datePublished": "2025-09-15T14:04:38.954Z",
    "dateReserved": "2025-09-15T13:59:19.066Z",
    "dateUpdated": "2025-09-15T14:04:38.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:51:46.366Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53212",
    "datePublished": "2025-09-15T14:21:40.587Z",
    "dateRejected": "2025-09-15T14:51:46.366Z",
    "dateReserved": "2025-09-15T13:59:19.069Z",
    "dateUpdated": "2025-09-15T14:51:46.366Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/cacheinfo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2f588d0345d69a35e451077afed428fd057a5e34",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dea49f2993f57d8a2df2cacb0bf649ef49b28879",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "198102c9103fc78d8478495971947af77edb05c1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/cacheinfo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncacheinfo: Fix shared_cpu_map to handle shared caches at different levels\n\nThe cacheinfo sets up the shared_cpu_map by checking whether the caches\nwith the same index are shared between CPUs. However, this will trigger\nslab-out-of-bounds access if the CPUs do not have the same cache hierarchy.\nAnother problem is the mismatched shared_cpu_map when the shared cache does\nnot have the same index between CPUs.\n\nCPU0\tI\tD\tL3\nindex\t0\t1\t2\tx\n\t^\t^\t^\t^\nindex\t0\t1\t2\t3\nCPU1\tI\tD\tL2\tL3\n\nThis patch checks each cache is shared with all caches on other CPUs."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:46:24.670Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2f588d0345d69a35e451077afed428fd057a5e34"
        },
        {
          "url": "https://git.kernel.org/stable/c/dea49f2993f57d8a2df2cacb0bf649ef49b28879"
        },
        {
          "url": "https://git.kernel.org/stable/c/198102c9103fc78d8478495971947af77edb05c1"
        }
      ],
      "title": "cacheinfo: Fix shared_cpu_map to handle shared caches at different levels",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53254",
    "datePublished": "2025-09-15T14:46:24.670Z",
    "dateReserved": "2025-09-15T14:19:21.849Z",
    "dateUpdated": "2025-09-15T14:46:24.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hugetlbfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fa71639873518e3587632ae58e25e4a96b57fa90",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dcd28191be9bbf307ba51a5b485773a55b0037c4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9a8862820cbf1f18dca4f3b4c289d88561b3a384",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "965e8f8ae0f642b5528f5a82b7bcaf15a659d5bd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f2207145693ae5697a7b59e2add4b92f9e5b0e3c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "26215b7ee923b9251f7bb12c4e5f09dc465d35f2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hugetlbfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()\n\nSyzkaller reports a null-ptr-deref bug as follows:\n======================================================\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:hugetlbfs_parse_param+0x1dd/0x8e0 fs/hugetlbfs/inode.c:1380\n[...]\nCall Trace:\n \u003cTASK\u003e\n vfs_parse_fs_param fs/fs_context.c:148 [inline]\n vfs_parse_fs_param+0x1f9/0x3c0 fs/fs_context.c:129\n vfs_parse_fs_string+0xdb/0x170 fs/fs_context.c:191\n generic_parse_monolithic+0x16f/0x1f0 fs/fs_context.c:231\n do_new_mount fs/namespace.c:3036 [inline]\n path_mount+0x12de/0x1e20 fs/namespace.c:3370\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]\n __se_sys_mount fs/namespace.c:3568 [inline]\n __x64_sys_mount+0x27f/0x300 fs/namespace.c:3568\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n \u003c/TASK\u003e\n======================================================\n\nAccording to commit \"vfs: parse: deal with zero length string value\",\nkernel will set the param-\u003estring to null pointer in vfs_parse_fs_string()\nif fs string has zero length.\n\nYet the problem is that, hugetlbfs_parse_param() will dereference the\nparam-\u003estring, without checking whether it is a null pointer.  To be more\nspecific, if hugetlbfs_parse_param() parses an illegal mount parameter,\nsuch as \"size=,\", kernel will constructs struct fs_parameter with null\npointer in vfs_parse_fs_string(), then passes this struct fs_parameter to\nhugetlbfs_parse_param(), which triggers the above null-ptr-deref bug.\n\nThis patch solves it by adding sanity check on param-\u003estring\nin hugetlbfs_parse_param()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:49:48.608Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fa71639873518e3587632ae58e25e4a96b57fa90"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcd28191be9bbf307ba51a5b485773a55b0037c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a8862820cbf1f18dca4f3b4c289d88561b3a384"
        },
        {
          "url": "https://git.kernel.org/stable/c/965e8f8ae0f642b5528f5a82b7bcaf15a659d5bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2207145693ae5697a7b59e2add4b92f9e5b0e3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/26215b7ee923b9251f7bb12c4e5f09dc465d35f2"
        }
      ],
      "title": "hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50334",
    "datePublished": "2025-09-15T14:49:48.608Z",
    "dateReserved": "2025-09-15T14:18:36.816Z",
    "dateUpdated": "2025-09-15T14:49:48.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/ocelot/felix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7ead10b44b79ce8bfcd51e749d54e009de5f511a",
              "status": "affected",
              "version": "de879a016a94a670fafeb3eb03b3d5803d81ab37",
              "versionType": "git"
            },
            {
              "lessThan": "04499f28b40bfc24f20b0e2331008bb90a54a6cf",
              "status": "affected",
              "version": "de879a016a94a670fafeb3eb03b3d5803d81ab37",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/ocelot/felix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.5",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Removed unneeded of_node_put in felix_parse_ports_node\n\nRemove unnecessary of_node_put from the continue path to prevent\nchild node from being released twice, which could avoid resource\nleak or other unexpected issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:04:03.446Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7ead10b44b79ce8bfcd51e749d54e009de5f511a"
        },
        {
          "url": "https://git.kernel.org/stable/c/04499f28b40bfc24f20b0e2331008bb90a54a6cf"
        }
      ],
      "title": "net: dsa: Removed unneeded of_node_put in felix_parse_ports_node",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53170",
    "datePublished": "2025-09-15T14:04:03.446Z",
    "dateReserved": "2025-09-15T13:59:19.064Z",
    "dateUpdated": "2025-09-15T14:04:03.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/char_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5d2146889fad4cb9e6c13e790d4cfd871486eca8",
              "status": "affected",
              "version": "da97a80a657d1b1b50ef633e8ff5dbf0d417fc8d",
              "versionType": "git"
            },
            {
              "lessThan": "6acf8597c5b04f455ee0649e11e5f3bcd28f381e",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "lessThan": "34d17b39bceef25e4cf9805cd59250ae05d0a139",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "lessThan": "d85b5247a79355b8432bfd9ac871f96117f750d4",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "lessThan": "c46db6088bccff5115674d583fef46ede80077a2",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "lessThan": "28dc61cc49c6e995121c6d86bef4b73df78dda80",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "lessThan": "b5de1eac71fec1af7723f1083d23a24789fd795c",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "lessThan": "85a5660491b507d33662b8e81c142e6041e642eb",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "lessThan": "11fa7fefe3d8fac7da56bc9aa3dd5fb3081ca797",
              "status": "affected",
              "version": "233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f78b54e7d83c7879f9a6e49e6724019ca34177cc",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d79d7d5c878809964da537336dad5ff55fa1605e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/char_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "4.9.224",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.83",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.224",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchardev: fix error handling in cdev_device_add()\n\nWhile doing fault injection test, I got the following report:\n\n------------[ cut here ]------------\nkobject: \u0027(null)\u0027 (0000000039956980): is not initialized, yet kobject_put() is being called.\nWARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0\nCPU: 3 PID: 6306 Comm: 283 Tainted: G        W          6.1.0-rc2-00005-g307c1086d7c9 #1253\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:kobject_put+0x23d/0x4e0\nCall Trace:\n \u003cTASK\u003e\n cdev_device_add+0x15e/0x1b0\n __iio_device_register+0x13b4/0x1af0 [industrialio]\n __devm_iio_device_register+0x22/0x90 [industrialio]\n max517_probe+0x3d8/0x6b4 [max517]\n i2c_device_probe+0xa81/0xc00\n\nWhen device_add() is injected fault and returns error, if dev-\u003edevt is not set,\ncdev_add() is not called, cdev_del() is not needed. Fix this by checking dev-\u003edevt\nin error path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:18.658Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5d2146889fad4cb9e6c13e790d4cfd871486eca8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6acf8597c5b04f455ee0649e11e5f3bcd28f381e"
        },
        {
          "url": "https://git.kernel.org/stable/c/34d17b39bceef25e4cf9805cd59250ae05d0a139"
        },
        {
          "url": "https://git.kernel.org/stable/c/d85b5247a79355b8432bfd9ac871f96117f750d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c46db6088bccff5115674d583fef46ede80077a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/28dc61cc49c6e995121c6d86bef4b73df78dda80"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5de1eac71fec1af7723f1083d23a24789fd795c"
        },
        {
          "url": "https://git.kernel.org/stable/c/85a5660491b507d33662b8e81c142e6041e642eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/11fa7fefe3d8fac7da56bc9aa3dd5fb3081ca797"
        }
      ],
      "title": "chardev: fix error handling in cdev_device_add()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50282",
    "datePublished": "2025-09-15T14:21:18.658Z",
    "dateReserved": "2025-09-15T13:58:00.976Z",
    "dateUpdated": "2025-09-15T14:21:18.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kernel/acpi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7521da2eb42d65f89f511b7912d3757cf3d9168a",
              "status": "affected",
              "version": "1d280ce099db396e092cac1aa9bf2ea8beee6d76",
              "versionType": "git"
            },
            {
              "lessThan": "1b561d3949f8478c5403c9752b5533211a757226",
              "status": "affected",
              "version": "1d280ce099db396e092cac1aa9bf2ea8beee6d76",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kernel/acpi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Fix possible memory leak of ffh_ctxt\n\nAllocated \u0027ffh_ctxt\u0027 memory leak is possible if the SMCCC version\nand conduit checks fail and -EOPNOTSUPP is returned without freeing the\nallocated memory.\n\nFix the same by moving the allocation after the SMCCC version and\nconduit checks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:06:56.578Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7521da2eb42d65f89f511b7912d3757cf3d9168a"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b561d3949f8478c5403c9752b5533211a757226"
        }
      ],
      "title": "arm64: acpi: Fix possible memory leak of ffh_ctxt",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53266",
    "datePublished": "2025-09-16T08:06:56.578Z",
    "dateReserved": "2025-09-16T08:05:12.515Z",
    "dateUpdated": "2025-09-16T08:06:56.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/ubi/vmt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09780a44093b53f9cbca76246af2e4ff0884e512",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            },
            {
              "lessThan": "26ec2d66aecab8ff997b912c20247fedba4f5740",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            },
            {
              "lessThan": "07b60f7452d2fa731737552937cb81821919f874",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            },
            {
              "lessThan": "31d60afe2cc2b712dbefcaab6b7d6a47036f844e",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            },
            {
              "lessThan": "95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            },
            {
              "lessThan": "27b760b81951d8d5e5c952a696af8574052b0709",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            },
            {
              "lessThan": "5c0c81a313492b83bd0c038b8839b0e04eb87563",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            },
            {
              "lessThan": "1e591ea072df7211f64542a09482b5f81cb3ad27",
              "status": "affected",
              "version": "799dca34ac543485f581bd8464ec9b1c4f0f852a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/ubi/vmt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.308",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.100",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.18",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.5",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()\n\nThere is a memory leaks problem reported by kmemleak:\n\nunreferenced object 0xffff888102007a00 (size 128):\n  comm \"ubirsvol\", pid 32090, jiffies 4298464136 (age 2361.231s)\n  hex dump (first 32 bytes):\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................\n  backtrace:\n[\u003cffffffff8176cecd\u003e] __kmalloc+0x4d/0x150\n[\u003cffffffffa02a9a36\u003e] ubi_eba_create_table+0x76/0x170 [ubi]\n[\u003cffffffffa029764e\u003e] ubi_resize_volume+0x1be/0xbc0 [ubi]\n[\u003cffffffffa02a3321\u003e] ubi_cdev_ioctl+0x701/0x1850 [ubi]\n[\u003cffffffff81975d2d\u003e] __x64_sys_ioctl+0x11d/0x170\n[\u003cffffffff83c142a5\u003e] do_syscall_64+0x35/0x80\n[\u003cffffffff83e0006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis is due to a mismatch between create and destroy interfaces, and\nin detail that \"new_eba_tbl\" created by ubi_eba_create_table() but\ndestroyed by kfree(), while will causing \"new_eba_tbl-\u003eentries\" not\nfreed.\n\nFix it by replacing kfree(new_eba_tbl) with\nubi_eba_destroy_table(new_eba_tbl)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:07:00.565Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09780a44093b53f9cbca76246af2e4ff0884e512"
        },
        {
          "url": "https://git.kernel.org/stable/c/26ec2d66aecab8ff997b912c20247fedba4f5740"
        },
        {
          "url": "https://git.kernel.org/stable/c/07b60f7452d2fa731737552937cb81821919f874"
        },
        {
          "url": "https://git.kernel.org/stable/c/31d60afe2cc2b712dbefcaab6b7d6a47036f844e"
        },
        {
          "url": "https://git.kernel.org/stable/c/95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288"
        },
        {
          "url": "https://git.kernel.org/stable/c/27b760b81951d8d5e5c952a696af8574052b0709"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c0c81a313492b83bd0c038b8839b0e04eb87563"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e591ea072df7211f64542a09482b5f81cb3ad27"
        }
      ],
      "title": "ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53271",
    "datePublished": "2025-09-16T08:07:00.565Z",
    "dateReserved": "2025-09-16T08:05:12.516Z",
    "dateUpdated": "2025-09-16T08:07:00.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "93114cbc7cb169f6f26eeaed5286b91bb86b463b",
              "status": "affected",
              "version": "8a062902be725f647dc8da532b04d836546a369a",
              "versionType": "git"
            },
            {
              "lessThan": "7060e5aac6dc195124c106f49106d653a416323a",
              "status": "affected",
              "version": "8a062902be725f647dc8da532b04d836546a369a",
              "versionType": "git"
            },
            {
              "lessThan": "3b5d9b7b875968a8a8c99dac45cb85b705c44802",
              "status": "affected",
              "version": "8a062902be725f647dc8da532b04d836546a369a",
              "versionType": "git"
            },
            {
              "lessThan": "938d5b7a75e18264887387ddf9169db6d8aeef98",
              "status": "affected",
              "version": "8a062902be725f647dc8da532b04d836546a369a",
              "versionType": "git"
            },
            {
              "lessThan": "1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276",
              "status": "affected",
              "version": "8a062902be725f647dc8da532b04d836546a369a",
              "versionType": "git"
            },
            {
              "lessThan": "02b0095e2fbbc060560c1065f86a211d91e27b26",
              "status": "affected",
              "version": "8a062902be725f647dc8da532b04d836546a369a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.40",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.5",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix null pointer dereference in tracing_err_log_open()\n\nFix an issue in function \u0027tracing_err_log_open\u0027.\nThe function doesn\u0027t call \u0027seq_open\u0027 if the file is opened only with\nwrite permissions, which results in \u0027file-\u003eprivate_data\u0027 being left as null.\nIf we then use \u0027lseek\u0027 on that opened file, \u0027seq_lseek\u0027 dereferences\n\u0027file-\u003eprivate_data\u0027 in \u0027mutex_lock(\u0026m-\u003elock)\u0027, resulting in a kernel panic.\nWriting to this node requires root privileges, therefore this bug\nhas very little security impact.\n\nTracefs node: /sys/kernel/tracing/error_log\n\nExample Kernel panic:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000038\nCall trace:\n mutex_lock+0x30/0x110\n seq_lseek+0x34/0xb8\n __arm64_sys_lseek+0x6c/0xb8\n invoke_syscall+0x58/0x13c\n el0_svc_common+0xc4/0x10c\n do_el0_svc+0x24/0x98\n el0_svc+0x24/0x88\n el0t_64_sync_handler+0x84/0xe4\n el0t_64_sync+0x1b4/0x1b8\nCode: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02)\n---[ end trace 561d1b49c12cf8a5 ]---\nKernel panic - not syncing: Oops: Fatal exception"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:03:56.025Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/93114cbc7cb169f6f26eeaed5286b91bb86b463b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7060e5aac6dc195124c106f49106d653a416323a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b5d9b7b875968a8a8c99dac45cb85b705c44802"
        },
        {
          "url": "https://git.kernel.org/stable/c/938d5b7a75e18264887387ddf9169db6d8aeef98"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276"
        },
        {
          "url": "https://git.kernel.org/stable/c/02b0095e2fbbc060560c1065f86a211d91e27b26"
        }
      ],
      "title": "tracing: Fix null pointer dereference in tracing_err_log_open()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53167",
    "datePublished": "2025-09-15T14:03:56.025Z",
    "dateReserved": "2025-09-15T13:59:19.063Z",
    "dateUpdated": "2025-09-15T14:03:56.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "92b4c5c3fa810212da20088bcc6c0a77fc8607bd",
              "status": "affected",
              "version": "8527c9a6bf8e54fef0a8d3d7d8874a48c725c915",
              "versionType": "git"
            },
            {
              "lessThan": "847a2859814b31392340a2b16604b25afaa92dcc",
              "status": "affected",
              "version": "3261400639463a853ba2b3be8bd009c2a8089775",
              "versionType": "git"
            },
            {
              "lessThan": "228ebc41dfab5b5d34cd76835ddb0ca8ee12f513",
              "status": "affected",
              "version": "3261400639463a853ba2b3be8bd009c2a8089775",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "6730c48ed6b0cd939fc9b30b2d621ce0b89bea83",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/skbuff.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.77",
                  "versionStartIncluding": "5.15.68",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.7",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.19.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not sense pfmemalloc status in skb_append_pagefrags()\n\nskb_append_pagefrags() is used by af_unix and udp sendpage()\nimplementation so far.\n\nIn commit 326140063946 (\"tcp: TX zerocopy should not sense\npfmemalloc status\") we explained why we should not sense\npfmemalloc status for pages owned by user space.\n\nWe should also use skb_fill_page_desc_noacc()\nin skb_append_pagefrags() to avoid following KCSAN report:\n\nBUG: KCSAN: data-race in lru_add_fn / skb_append_pagefrags\n\nwrite to 0xffffea00058fc1c8 of 8 bytes by task 17319 on cpu 0:\n__list_add include/linux/list.h:73 [inline]\nlist_add include/linux/list.h:88 [inline]\nlruvec_add_folio include/linux/mm_inline.h:323 [inline]\nlru_add_fn+0x327/0x410 mm/swap.c:228\nfolio_batch_move_lru+0x1e1/0x2a0 mm/swap.c:246\nlru_add_drain_cpu+0x73/0x250 mm/swap.c:669\nlru_add_drain+0x21/0x60 mm/swap.c:773\nfree_pages_and_swap_cache+0x16/0x70 mm/swap_state.c:311\ntlb_batch_pages_flush mm/mmu_gather.c:59 [inline]\ntlb_flush_mmu_free mm/mmu_gather.c:256 [inline]\ntlb_flush_mmu+0x5b2/0x640 mm/mmu_gather.c:263\ntlb_finish_mmu+0x86/0x100 mm/mmu_gather.c:363\nexit_mmap+0x190/0x4d0 mm/mmap.c:3098\n__mmput+0x27/0x1b0 kernel/fork.c:1185\nmmput+0x3d/0x50 kernel/fork.c:1207\ncopy_process+0x19fc/0x2100 kernel/fork.c:2518\nkernel_clone+0x166/0x550 kernel/fork.c:2671\n__do_sys_clone kernel/fork.c:2812 [inline]\n__se_sys_clone kernel/fork.c:2796 [inline]\n__x64_sys_clone+0xc3/0xf0 kernel/fork.c:2796\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffffea00058fc1c8 of 8 bytes by task 17325 on cpu 1:\npage_is_pfmemalloc include/linux/mm.h:1817 [inline]\n__skb_fill_page_desc include/linux/skbuff.h:2432 [inline]\nskb_fill_page_desc include/linux/skbuff.h:2453 [inline]\nskb_append_pagefrags+0x210/0x600 net/core/skbuff.c:3974\nunix_stream_sendpage+0x45e/0x990 net/unix/af_unix.c:2338\nkernel_sendpage+0x184/0x300 net/socket.c:3561\nsock_sendpage+0x5a/0x70 net/socket.c:1054\npipe_to_sendpage+0x128/0x160 fs/splice.c:361\nsplice_from_pipe_feed fs/splice.c:415 [inline]\n__splice_from_pipe+0x222/0x4d0 fs/splice.c:559\nsplice_from_pipe fs/splice.c:594 [inline]\ngeneric_splice_sendpage+0x89/0xc0 fs/splice.c:743\ndo_splice_from fs/splice.c:764 [inline]\ndirect_splice_actor+0x80/0xa0 fs/splice.c:931\nsplice_direct_to_actor+0x305/0x620 fs/splice.c:886\ndo_splice_direct+0xfb/0x180 fs/splice.c:974\ndo_sendfile+0x3bf/0x910 fs/read_write.c:1255\n__do_sys_sendfile64 fs/read_write.c:1323 [inline]\n__se_sys_sendfile64 fs/read_write.c:1309 [inline]\n__x64_sys_sendfile64+0x10c/0x150 fs/read_write.c:1309\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0x0000000000000000 -\u003e 0xffffea00058fc188\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 17325 Comm: syz-executor.0 Not tainted 6.1.0-rc1-syzkaller-00158-g440b7895c990-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:48:57.418Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/92b4c5c3fa810212da20088bcc6c0a77fc8607bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/847a2859814b31392340a2b16604b25afaa92dcc"
        },
        {
          "url": "https://git.kernel.org/stable/c/228ebc41dfab5b5d34cd76835ddb0ca8ee12f513"
        }
      ],
      "title": "net: do not sense pfmemalloc status in skb_append_pagefrags()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50323",
    "datePublished": "2025-09-15T14:48:57.418Z",
    "dateReserved": "2025-09-15T14:18:36.814Z",
    "dateUpdated": "2025-09-15T14:48:57.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3975ea6eaffe26aec634b5c473e51dc76e73af62",
              "status": "affected",
              "version": "1cff7440a86e04a613665803b42034c467f035fa",
              "versionType": "git"
            },
            {
              "lessThan": "49907c8873826ee771ba0ca1629e809c6479f617",
              "status": "affected",
              "version": "1cff7440a86e04a613665803b42034c467f035fa",
              "versionType": "git"
            },
            {
              "lessThan": "82943a0730e00c14b03e25a4b2a1a9477ae89d7b",
              "status": "affected",
              "version": "1cff7440a86e04a613665803b42034c467f035fa",
              "versionType": "git"
            },
            {
              "lessThan": "bc579a2ee8b2e20c152b24b437d094832d8c9c9e",
              "status": "affected",
              "version": "1cff7440a86e04a613665803b42034c467f035fa",
              "versionType": "git"
            },
            {
              "lessThan": "37ff771ed008b9cbffd0eab77985968364694ce3",
              "status": "affected",
              "version": "1cff7440a86e04a613665803b42034c467f035fa",
              "versionType": "git"
            },
            {
              "lessThan": "13fcfcb2a9a4787fe4e49841d728f6f2e9fa6911",
              "status": "affected",
              "version": "1cff7440a86e04a613665803b42034c467f035fa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Add check for kzalloc\n\nAs kzalloc may fail and return NULL pointer,\nit should be better to check the return value\nin order to avoid the NULL pointer dereference.\n\nPatchwork: https://patchwork.freedesktop.org/patch/514154/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:22:13.289Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3975ea6eaffe26aec634b5c473e51dc76e73af62"
        },
        {
          "url": "https://git.kernel.org/stable/c/49907c8873826ee771ba0ca1629e809c6479f617"
        },
        {
          "url": "https://git.kernel.org/stable/c/82943a0730e00c14b03e25a4b2a1a9477ae89d7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc579a2ee8b2e20c152b24b437d094832d8c9c9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/37ff771ed008b9cbffd0eab77985968364694ce3"
        },
        {
          "url": "https://git.kernel.org/stable/c/13fcfcb2a9a4787fe4e49841d728f6f2e9fa6911"
        }
      ],
      "title": "drm/msm/mdp5: Add check for kzalloc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53239",
    "datePublished": "2025-09-15T14:22:13.289Z",
    "dateReserved": "2025-09-15T14:19:21.848Z",
    "dateUpdated": "2025-09-15T14:22:13.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/rcu/rcuscale.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "604d6a5ff718874904b0fe614878a42b42c0d699",
              "status": "affected",
              "version": "e6e78b004fa7e0ab455d46d27f218bf6ce178a18",
              "versionType": "git"
            },
            {
              "lessThan": "f766d45ab294871a3d588ee76c666852f151cad9",
              "status": "affected",
              "version": "e6e78b004fa7e0ab455d46d27f218bf6ce178a18",
              "versionType": "git"
            },
            {
              "lessThan": "b8a6ba524d41f4da102e65f90498d9a910839621",
              "status": "affected",
              "version": "e6e78b004fa7e0ab455d46d27f218bf6ce178a18",
              "versionType": "git"
            },
            {
              "lessThan": "1dd7547c7610723b2b6afe1a3c4ddb2bde63387c",
              "status": "affected",
              "version": "e6e78b004fa7e0ab455d46d27f218bf6ce178a18",
              "versionType": "git"
            },
            {
              "lessThan": "29b1da4f90fc42c91beb4e400d926194925ad31b",
              "status": "affected",
              "version": "e6e78b004fa7e0ab455d46d27f218bf6ce178a18",
              "versionType": "git"
            },
            {
              "lessThan": "23fc8df26dead16687ae6eb47b0561a4a832e2f6",
              "status": "affected",
              "version": "e6e78b004fa7e0ab455d46d27f218bf6ce178a18",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/rcu/rcuscale.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.39",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.13",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale\n\nRunning the \u0027kfree_rcu_test\u0027 test case [1] results in a splat [2].\nThe root cause is the kfree_scale_thread thread(s) continue running\nafter unloading the rcuscale module.  This commit fixes that isue by\ninvoking kfree_scale_cleanup() from rcu_scale_cleanup() when removing\nthe rcuscale module.\n\n[1] modprobe rcuscale kfree_rcu_test=1\n    // After some time\n    rmmod rcuscale\n    rmmod torture\n\n[2] BUG: unable to handle page fault for address: ffffffffc0601a87\n    #PF: supervisor instruction fetch in kernel mode\n    #PF: error_code(0x0010) - not-present page\n    PGD 11de4f067 P4D 11de4f067 PUD 11de51067 PMD 112f4d067 PTE 0\n    Oops: 0010 [#1] PREEMPT SMP NOPTI\n    CPU: 1 PID: 1798 Comm: kfree_scale_thr Not tainted 6.3.0-rc1-rcu+ #1\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n    RIP: 0010:0xffffffffc0601a87\n    Code: Unable to access opcode bytes at 0xffffffffc0601a5d.\n    RSP: 0018:ffffb25bc2e57e18 EFLAGS: 00010297\n    RAX: 0000000000000000 RBX: ffffffffc061f0b6 RCX: 0000000000000000\n    RDX: 0000000000000000 RSI: ffffffff962fd0de RDI: ffffffff962fd0de\n    RBP: ffffb25bc2e57ea8 R08: 0000000000000000 R09: 0000000000000000\n    R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\n    R13: 0000000000000000 R14: 000000000000000a R15: 00000000001c1dbe\n    FS:  0000000000000000(0000) GS:ffff921fa2200000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: ffffffffc0601a5d CR3: 000000011de4c006 CR4: 0000000000370ee0\n    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n    Call Trace:\n     \u003cTASK\u003e\n     ? kvfree_call_rcu+0xf0/0x3a0\n     ? kthread+0xf3/0x120\n     ? kthread_complete_and_exit+0x20/0x20\n     ? ret_from_fork+0x1f/0x30\n     \u003c/TASK\u003e\n    Modules linked in: rfkill sunrpc ... [last unloaded: torture]\n    CR2: ffffffffc0601a87\n    ---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:11:23.666Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/604d6a5ff718874904b0fe614878a42b42c0d699"
        },
        {
          "url": "https://git.kernel.org/stable/c/f766d45ab294871a3d588ee76c666852f151cad9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8a6ba524d41f4da102e65f90498d9a910839621"
        },
        {
          "url": "https://git.kernel.org/stable/c/1dd7547c7610723b2b6afe1a3c4ddb2bde63387c"
        },
        {
          "url": "https://git.kernel.org/stable/c/29b1da4f90fc42c91beb4e400d926194925ad31b"
        },
        {
          "url": "https://git.kernel.org/stable/c/23fc8df26dead16687ae6eb47b0561a4a832e2f6"
        }
      ],
      "title": "rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53291",
    "datePublished": "2025-09-16T08:11:23.666Z",
    "dateReserved": "2025-09-16T08:09:37.992Z",
    "dateUpdated": "2025-09-16T08:11:23.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/dwc3-qcom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "648a163cff21ea355c8765e882ba8bf66a870a3e",
              "status": "affected",
              "version": "2bc02355f8ba2c1f108ec8b16a673b467a17228c",
              "versionType": "git"
            },
            {
              "lessThan": "74f8606ddfa450d2255b4e61472a7632def1e8c4",
              "status": "affected",
              "version": "2bc02355f8ba2c1f108ec8b16a673b467a17228c",
              "versionType": "git"
            },
            {
              "lessThan": "b626cd5e4a87a281629e0c2b07519990077c0fbe",
              "status": "affected",
              "version": "2bc02355f8ba2c1f108ec8b16a673b467a17228c",
              "versionType": "git"
            },
            {
              "lessThan": "c3b322b84ab5dda7eaca9ded763628b7467734f4",
              "status": "affected",
              "version": "2bc02355f8ba2c1f108ec8b16a673b467a17228c",
              "versionType": "git"
            },
            {
              "lessThan": "134a7d4642f11daed6bbc378f930a54dd0322291",
              "status": "affected",
              "version": "2bc02355f8ba2c1f108ec8b16a673b467a17228c",
              "versionType": "git"
            },
            {
              "lessThan": "097fb3ee710d4de83b8d4f5589e8ee13e0f0541e",
              "status": "affected",
              "version": "2bc02355f8ba2c1f108ec8b16a673b467a17228c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/dwc3-qcom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.39",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: qcom: Fix potential memory leak\n\nFunction dwc3_qcom_probe() allocates memory for resource structure\nwhich is pointed by parent_res pointer. This memory is not\nfreed. This leads to memory leak. Use stack memory to prevent\nmemory leak.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:06:43.535Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/648a163cff21ea355c8765e882ba8bf66a870a3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/74f8606ddfa450d2255b4e61472a7632def1e8c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b626cd5e4a87a281629e0c2b07519990077c0fbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3b322b84ab5dda7eaca9ded763628b7467734f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/134a7d4642f11daed6bbc378f930a54dd0322291"
        },
        {
          "url": "https://git.kernel.org/stable/c/097fb3ee710d4de83b8d4f5589e8ee13e0f0541e"
        }
      ],
      "title": "usb: dwc3: qcom: Fix potential memory leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53196",
    "datePublished": "2025-09-15T14:06:43.535Z",
    "dateReserved": "2025-09-15T13:59:19.067Z",
    "dateUpdated": "2025-09-15T14:06:43.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/compress.c",
            "fs/f2fs/f2fs.h",
            "fs/f2fs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "74f74c8b8419a289b85aa9c85e5f4d8c2cc9f5fb",
              "status": "affected",
              "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
              "versionType": "git"
            },
            {
              "lessThan": "977df5c13a4b253a718ec44a4eb957c612bf73f4",
              "status": "affected",
              "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
              "versionType": "git"
            },
            {
              "lessThan": "d2746c56dd2cc47f70cc3931977be556172c246d",
              "status": "affected",
              "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
              "versionType": "git"
            },
            {
              "lessThan": "1aa161e43106d46ca8e9a86f4aa28d420258134b",
              "status": "affected",
              "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/compress.c",
            "fs/f2fs/f2fs.h",
            "fs/f2fs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix scheduling while atomic in decompression path\n\n[   16.945668][    C0] Call trace:\n[   16.945678][    C0]  dump_backtrace+0x110/0x204\n[   16.945706][    C0]  dump_stack_lvl+0x84/0xbc\n[   16.945735][    C0]  __schedule_bug+0xb8/0x1ac\n[   16.945756][    C0]  __schedule+0x724/0xbdc\n[   16.945778][    C0]  schedule+0x154/0x258\n[   16.945793][    C0]  bit_wait_io+0x48/0xa4\n[   16.945808][    C0]  out_of_line_wait_on_bit+0x114/0x198\n[   16.945824][    C0]  __sync_dirty_buffer+0x1f8/0x2e8\n[   16.945853][    C0]  __f2fs_commit_super+0x140/0x1f4\n[   16.945881][    C0]  f2fs_commit_super+0x110/0x28c\n[   16.945898][    C0]  f2fs_handle_error+0x1f4/0x2f4\n[   16.945917][    C0]  f2fs_decompress_cluster+0xc4/0x450\n[   16.945942][    C0]  f2fs_end_read_compressed_page+0xc0/0xfc\n[   16.945959][    C0]  f2fs_handle_step_decompress+0x118/0x1cc\n[   16.945978][    C0]  f2fs_read_end_io+0x168/0x2b0\n[   16.945993][    C0]  bio_endio+0x25c/0x2c8\n[   16.946015][    C0]  dm_io_dec_pending+0x3e8/0x57c\n[   16.946052][    C0]  clone_endio+0x134/0x254\n[   16.946069][    C0]  bio_endio+0x25c/0x2c8\n[   16.946084][    C0]  blk_update_request+0x1d4/0x478\n[   16.946103][    C0]  scsi_end_request+0x38/0x4cc\n[   16.946129][    C0]  scsi_io_completion+0x94/0x184\n[   16.946147][    C0]  scsi_finish_command+0xe8/0x154\n[   16.946164][    C0]  scsi_complete+0x90/0x1d8\n[   16.946181][    C0]  blk_done_softirq+0xa4/0x11c\n[   16.946198][    C0]  _stext+0x184/0x614\n[   16.946214][    C0]  __irq_exit_rcu+0x78/0x144\n[   16.946234][    C0]  handle_domain_irq+0xd4/0x154\n[   16.946260][    C0]  gic_handle_irq.33881+0x5c/0x27c\n[   16.946281][    C0]  call_on_irq_stack+0x40/0x70\n[   16.946298][    C0]  do_interrupt_handler+0x48/0xa4\n[   16.946313][    C0]  el1_interrupt+0x38/0x68\n[   16.946346][    C0]  el1h_64_irq_handler+0x20/0x30\n[   16.946362][    C0]  el1h_64_irq+0x78/0x7c\n[   16.946377][    C0]  finish_task_switch+0xc8/0x3d8\n[   16.946394][    C0]  __schedule+0x600/0xbdc\n[   16.946408][    C0]  preempt_schedule_common+0x34/0x5c\n[   16.946423][    C0]  preempt_schedule+0x44/0x48\n[   16.946438][    C0]  process_one_work+0x30c/0x550\n[   16.946456][    C0]  worker_thread+0x414/0x8bc\n[   16.946472][    C0]  kthread+0x16c/0x1e0\n[   16.946486][    C0]  ret_from_fork+0x10/0x20"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:46:34.842Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/74f74c8b8419a289b85aa9c85e5f4d8c2cc9f5fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/977df5c13a4b253a718ec44a4eb957c612bf73f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2746c56dd2cc47f70cc3931977be556172c246d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1aa161e43106d46ca8e9a86f4aa28d420258134b"
        }
      ],
      "title": "f2fs: fix scheduling while atomic in decompression path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53262",
    "datePublished": "2025-09-15T14:46:34.842Z",
    "dateReserved": "2025-09-15T14:19:21.850Z",
    "dateUpdated": "2025-09-15T14:46:34.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/xilinx/xlnx_event_manager.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d35290addcbac94b076babe0a798a8c043421812",
              "status": "affected",
              "version": "05e5ba40ea7ab6a99bb8d6117c899d0e13ca8700",
              "versionType": "git"
            },
            {
              "lessThan": "9dfb6c784e385f6e61994bb4e16ce12f3e4940be",
              "status": "affected",
              "version": "05e5ba40ea7ab6a99bb8d6117c899d0e13ca8700",
              "versionType": "git"
            },
            {
              "lessThan": "1bea534991b9b35c41848a397666ada436456beb",
              "status": "affected",
              "version": "05e5ba40ea7ab6a99bb8d6117c899d0e13ca8700",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/soc/xilinx/xlnx_event_manager.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.18",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.5",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event()\n\nThe kfree() should be called when memory fails to be allocated for\ncb_data in xlnx_add_cb_for_notify_event(), otherwise there will be\na memory leak, so add kfree() to fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:06:57.439Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d35290addcbac94b076babe0a798a8c043421812"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dfb6c784e385f6e61994bb4e16ce12f3e4940be"
        },
        {
          "url": "https://git.kernel.org/stable/c/1bea534991b9b35c41848a397666ada436456beb"
        }
      ],
      "title": "driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53267",
    "datePublished": "2025-09-16T08:06:57.439Z",
    "dateReserved": "2025-09-16T08:05:12.515Z",
    "dateUpdated": "2025-09-16T08:06:57.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nubus/proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f70407e8e0272e00d133c5e039168ff1bae6bcac",
              "status": "affected",
              "version": "3f3942aca6da351a12543aa776467791b63b3a78",
              "versionType": "git"
            },
            {
              "lessThan": "c06edf13f4cf7f9e8ff4bc6f7e951e4f074dc105",
              "status": "affected",
              "version": "3f3942aca6da351a12543aa776467791b63b3a78",
              "versionType": "git"
            },
            {
              "lessThan": "67e3b5230cefed1eca470c460a2035f02986cebb",
              "status": "affected",
              "version": "3f3942aca6da351a12543aa776467791b63b3a78",
              "versionType": "git"
            },
            {
              "lessThan": "9877533e1401dbbb2c7da8badda05d196aa07623",
              "status": "affected",
              "version": "3f3942aca6da351a12543aa776467791b63b3a78",
              "versionType": "git"
            },
            {
              "lessThan": "a03f2f4bd49030f57849227be9ba38a3eb1edb61",
              "status": "affected",
              "version": "3f3942aca6da351a12543aa776467791b63b3a78",
              "versionType": "git"
            },
            {
              "lessThan": "0e96647cff9224db564a1cee6efccb13dbe11ee2",
              "status": "affected",
              "version": "3f3942aca6da351a12543aa776467791b63b3a78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nubus/proc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.38",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.120",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.38",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.12",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.2",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnubus: Partially revert proc_create_single_data() conversion\n\nThe conversion to proc_create_single_data() introduced a regression\nwhereby reading a file in /proc/bus/nubus results in a seg fault:\n\n    # grep -r . /proc/bus/nubus/e/\n    Data read fault at 0x00000020 in Super Data (pc=0x1074c2)\n    BAD KERNEL BUSERR\n    Oops: 00000000\n    Modules linked in:\n    PC: [\u003c001074c2\u003e] PDE_DATA+0xc/0x16\n    SR: 2010  SP: 38284958  a2: 01152370\n    d0: 00000001    d1: 01013000    d2: 01002790    d3: 00000000\n    d4: 00000001    d5: 0008ce2e    a0: 00000000    a1: 00222a40\n    Process grep (pid: 45, task=142f8727)\n    Frame format=B ssw=074d isc=2008 isb=4e5e daddr=00000020 dobuf=01199e70\n    baddr=001074c8 dibuf=ffffffff ver=f\n    Stack from 01199e48:\n\t    01199e70 00222a58 01002790 00000000 011a3000 01199eb0 015000c0 00000000\n\t    00000000 01199ec0 01199ec0 000d551a 011a3000 00000001 00000000 00018000\n\t    d003f000 00000003 00000001 0002800d 01052840 01199fa8 c01f8000 00000000\n\t    00000029 0b532b80 00000000 00000000 00000029 0b532b80 01199ee4 00103640\n\t    011198c0 d003f000 00018000 01199fa8 00000000 011198c0 00000000 01199f4c\n\t    000b3344 011198c0 d003f000 00018000 01199fa8 00000000 00018000 011198c0\n    Call Trace: [\u003c00222a58\u003e] nubus_proc_rsrc_show+0x18/0xa0\n     [\u003c000d551a\u003e] seq_read+0xc4/0x510\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c0002800d\u003e] __sys_setreuid+0x115/0x1c6\n     [\u003c00103640\u003e] proc_reg_read+0x5c/0xb0\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c000b3344\u003e] __vfs_read+0x2c/0x13c\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c000b8aa2\u003e] sys_statx+0x60/0x7e\n     [\u003c000b34b6\u003e] vfs_read+0x62/0x12a\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c000b39c2\u003e] ksys_read+0x48/0xbe\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c000b3a4e\u003e] sys_read+0x16/0x1a\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c00002b84\u003e] syscall+0x8/0xc\n     [\u003c00018000\u003e] fp_fcos+0x2/0x82\n     [\u003c0000c016\u003e] not_ext+0xa/0x18\n    Code: 4e5e 4e75 4e56 0000 206e 0008 2068 ffe8 \u003c2068\u003e 0020 2008 4e5e 4e75 4e56 0000 2f0b 206e 0008 2068 0004 2668 0020 206b ffe8\n    Disabling lock debugging due to kernel taint\n\n    Segmentation fault\n\nThe proc_create_single_data() conversion does not work because\nsingle_open(file, nubus_proc_rsrc_show, PDE_DATA(inode)) is not\nequivalent to the original code."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:21:44.831Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f70407e8e0272e00d133c5e039168ff1bae6bcac"
        },
        {
          "url": "https://git.kernel.org/stable/c/c06edf13f4cf7f9e8ff4bc6f7e951e4f074dc105"
        },
        {
          "url": "https://git.kernel.org/stable/c/67e3b5230cefed1eca470c460a2035f02986cebb"
        },
        {
          "url": "https://git.kernel.org/stable/c/9877533e1401dbbb2c7da8badda05d196aa07623"
        },
        {
          "url": "https://git.kernel.org/stable/c/a03f2f4bd49030f57849227be9ba38a3eb1edb61"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e96647cff9224db564a1cee6efccb13dbe11ee2"
        }
      ],
      "title": "nubus: Partially revert proc_create_single_data() conversion",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53217",
    "datePublished": "2025-09-15T14:21:44.831Z",
    "dateReserved": "2025-09-15T14:19:21.845Z",
    "dateUpdated": "2025-09-15T14:21:44.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/stratix10-svc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3373e6b6c79aff698442b00d20c9f285d296e46",
              "status": "affected",
              "version": "7ca5ce896524f5292e610b27d168269e5ab74951",
              "versionType": "git"
            },
            {
              "lessThan": "c04ed61ebf01968d7699b121663982493ed577fb",
              "status": "affected",
              "version": "7ca5ce896524f5292e610b27d168269e5ab74951",
              "versionType": "git"
            },
            {
              "lessThan": "974ac045a05ad12a0b4578fb303f00dcc22f3aba",
              "status": "affected",
              "version": "7ca5ce896524f5292e610b27d168269e5ab74951",
              "versionType": "git"
            },
            {
              "lessThan": "cb8a31a56df8492fb0d900959238e1a3ff8b8981",
              "status": "affected",
              "version": "7ca5ce896524f5292e610b27d168269e5ab74951",
              "versionType": "git"
            },
            {
              "lessThan": "7363de081c793e47866cb54ce7cb8a480cffc259",
              "status": "affected",
              "version": "7ca5ce896524f5292e610b27d168269e5ab74951",
              "versionType": "git"
            },
            {
              "lessThan": "1995f15590ca222f91193ed11461862b450abfd6",
              "status": "affected",
              "version": "7ca5ce896524f5292e610b27d168269e5ab74951",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/stratix10-svc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.40",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.5",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()\n\nsvc_create_memory_pool() is only called from stratix10_svc_drv_probe().\nMost of resources in the probe are managed, but not this memremap() call.\n\nThere is also no memunmap() call in the file.\n\nSo switch to devm_memremap() to avoid a resource leak."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:46:27.124Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3373e6b6c79aff698442b00d20c9f285d296e46"
        },
        {
          "url": "https://git.kernel.org/stable/c/c04ed61ebf01968d7699b121663982493ed577fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/974ac045a05ad12a0b4578fb303f00dcc22f3aba"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb8a31a56df8492fb0d900959238e1a3ff8b8981"
        },
        {
          "url": "https://git.kernel.org/stable/c/7363de081c793e47866cb54ce7cb8a480cffc259"
        },
        {
          "url": "https://git.kernel.org/stable/c/1995f15590ca222f91193ed11461862b450abfd6"
        }
      ],
      "title": "firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53255",
    "datePublished": "2025-09-15T14:46:27.124Z",
    "dateReserved": "2025-09-15T14:19:21.849Z",
    "dateUpdated": "2025-09-15T14:46:27.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_connector.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3f27451c9f29d5ed00232968680c7838a44dcac7",
              "status": "affected",
              "version": "95983aea80038539ebc70e41e73e9bb4eabd1a92",
              "versionType": "git"
            },
            {
              "lessThan": "872feeecd08c81d212a52211d212897b8a857544",
              "status": "affected",
              "version": "95983aea80038539ebc70e41e73e9bb4eabd1a92",
              "versionType": "git"
            },
            {
              "lessThan": "1b254b791d7b7dea6e8adc887fbbd51746d8bb27",
              "status": "affected",
              "version": "95983aea80038539ebc70e41e73e9bb4eabd1a92",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_connector.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.47",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.12",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create\n\nWe can\u0027t simply free the connector after calling drm_connector_init on it.\nWe need to clean up the drm side first.\n\nIt might not fix all regressions from commit 2b5d1c29f6c4\n(\"drm/nouveau/disp: PIOR DP uses GPIO for HPD, not PMGR AUX interrupts\"),\nbut at least it fixes a memory corruption in error handling related to\nthat commit."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:06:53.994Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3f27451c9f29d5ed00232968680c7838a44dcac7"
        },
        {
          "url": "https://git.kernel.org/stable/c/872feeecd08c81d212a52211d212897b8a857544"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b254b791d7b7dea6e8adc887fbbd51746d8bb27"
        }
      ],
      "title": "drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53263",
    "datePublished": "2025-09-16T08:06:53.994Z",
    "dateReserved": "2025-09-16T08:05:12.514Z",
    "dateUpdated": "2025-09-16T08:06:53.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amazon/ena/ena_com.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1e760b2d18bf129b3da052c2946c02758e97d15e",
              "status": "affected",
              "version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f",
              "versionType": "git"
            },
            {
              "lessThan": "3e36cc94d6e60a27f27498adf1c71eeba769ab33",
              "status": "affected",
              "version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f",
              "versionType": "git"
            },
            {
              "lessThan": "90947ebf8794e3c229fb2e16e37f1bfea6877f14",
              "status": "affected",
              "version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f",
              "versionType": "git"
            },
            {
              "lessThan": "0939c264729d4a081ff88efce2ffdf85dc5331e0",
              "status": "affected",
              "version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f",
              "versionType": "git"
            },
            {
              "lessThan": "1e9cb763e9bacf0c932aa948f50dcfca6f519a26",
              "status": "affected",
              "version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amazon/ena/ena_com.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.40",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.5",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: fix shift-out-of-bounds in exponential backoff\n\nThe ENA adapters on our instances occasionally reset.  Once recently\nlogged a UBSAN failure to console in the process:\n\n  UBSAN: shift-out-of-bounds in build/linux/drivers/net/ethernet/amazon/ena/ena_com.c:540:13\n  shift exponent 32 is too large for 32-bit type \u0027unsigned int\u0027\n  CPU: 28 PID: 70012 Comm: kworker/u72:2 Kdump: loaded not tainted 5.15.117\n  Hardware name: Amazon EC2 c5d.9xlarge/, BIOS 1.0 10/16/2017\n  Workqueue: ena ena_fw_reset_device [ena]\n  Call Trace:\n  \u003cTASK\u003e\n  dump_stack_lvl+0x4a/0x63\n  dump_stack+0x10/0x16\n  ubsan_epilogue+0x9/0x36\n  __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e\n  ? __const_udelay+0x43/0x50\n  ena_delay_exponential_backoff_us.cold+0x16/0x1e [ena]\n  wait_for_reset_state+0x54/0xa0 [ena]\n  ena_com_dev_reset+0xc8/0x110 [ena]\n  ena_down+0x3fe/0x480 [ena]\n  ena_destroy_device+0xeb/0xf0 [ena]\n  ena_fw_reset_device+0x30/0x50 [ena]\n  process_one_work+0x22b/0x3d0\n  worker_thread+0x4d/0x3f0\n  ? process_one_work+0x3d0/0x3d0\n  kthread+0x12a/0x150\n  ? set_kthread_struct+0x50/0x50\n  ret_from_fork+0x22/0x30\n  \u003c/TASK\u003e\n\nApparently, the reset delays are getting so large they can trigger a\nUBSAN panic.\n\nLooking at the code, the current timeout is capped at 5000us.  Using a\nbase value of 100us, the current code will overflow after (1\u003c\u003c29).  Even\nat values before 32, this function wraps around, perhaps\nunintentionally.\n\nCap the value of the exponent used for this backoff at (1\u003c\u003c16) which is\nlarger than currently necessary, but large enough to support bigger\nvalues in the future."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:07:01.589Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1e760b2d18bf129b3da052c2946c02758e97d15e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e36cc94d6e60a27f27498adf1c71eeba769ab33"
        },
        {
          "url": "https://git.kernel.org/stable/c/90947ebf8794e3c229fb2e16e37f1bfea6877f14"
        },
        {
          "url": "https://git.kernel.org/stable/c/0939c264729d4a081ff88efce2ffdf85dc5331e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e9cb763e9bacf0c932aa948f50dcfca6f519a26"
        }
      ],
      "title": "net: ena: fix shift-out-of-bounds in exponential backoff",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53272",
    "datePublished": "2025-09-16T08:07:01.589Z",
    "dateReserved": "2025-09-16T08:05:12.516Z",
    "dateUpdated": "2025-09-16T08:07:01.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}