Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/195352?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/195352?format=api", "purl": "pkg:deb/debian/linux@5.10.223-1", "type": "deb", "namespace": "debian", "name": "linux", "version": "5.10.223-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.1.4-1", "latest_non_vulnerable_version": "6.12.88-1~bpo12+1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86321?format=api", "vulnerability_id": "VCID-11fa-rzjz-nqbk", "summary": "kernel: mm/slub: Avoid list corruption when removing a slab from the full list", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56566.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56566.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334463", "reference_id": "2334463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-56566" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11fa-rzjz-nqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61489?format=api", "vulnerability_id": "VCID-161a-dxha-yydc", "summary": "kernel: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31697.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464427", "reference_id": "2464427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464427" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31697" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-161a-dxha-yydc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77807?format=api", "vulnerability_id": "VCID-167j-v3qy-xfc9", "summary": "kernel: drm/amd/display: Add null pointer check for get_first_active_display()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38362.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38362.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383396", "reference_id": "2383396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383396" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38362" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-167j-v3qy-xfc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88251?format=api", "vulnerability_id": "VCID-178d-sayh-2fbh", "summary": "kernel: io_uring: check if we need to reschedule during overflow flush", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50060.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "reference_id": "2320616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320616" }, { "reference_url": "https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c", "reference_id": "a2493904e95ce94bbec819d8f7f03b99976eb25c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:22:59Z/" } ], "url": "https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c" }, { "reference_url": "https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0", "reference_id": "c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:22:59Z/" } ], "url": "https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0" }, { "reference_url": "https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53", "reference_id": "eac2ca2d682f94f46b1973bdf5e77d85d77b8e53", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:22:59Z/" } ], "url": "https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53" }, { "reference_url": "https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e", "reference_id": "f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:22:59Z/" } ], "url": "https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-50060" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-178d-sayh-2fbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64413?format=api", "vulnerability_id": "VCID-178p-eb5m-pqc4", "summary": "kernel: netfilter: nf_tables: release flowtable after rcu grace period on error", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23392.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23392.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451218", "reference_id": "2451218", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21556", "reference_id": "RHSA-2026:21556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21557", "reference_id": "RHSA-2026:21557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23224", "reference_id": "RHSA-2026:23224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23237", "reference_id": "RHSA-2026:23237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23237" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-23392" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-178p-eb5m-pqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62091?format=api", "vulnerability_id": "VCID-1bux-ujdf-g7ct", "summary": "kernel: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31577.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31577.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461561", "reference_id": "2461561", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461561" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31577" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bux-ujdf-g7ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86277?format=api", "vulnerability_id": "VCID-1etx-xbxk-qucx", "summary": "kernel: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56611.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/091c1dd2d4df6edd1beebe0e5863d4034ade9572", "reference_id": "091c1dd2d4df6edd1beebe0e5863d4034ade9572", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:01:24Z/" } ], "url": "https://git.kernel.org/stable/c/091c1dd2d4df6edd1beebe0e5863d4034ade9572" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334432", "reference_id": "2334432", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334432" }, { "reference_url": "https://git.kernel.org/stable/c/42d9fe2adf8613f9eea1f0c2619c9e2611eae0ea", "reference_id": "42d9fe2adf8613f9eea1f0c2619c9e2611eae0ea", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:01:24Z/" } ], "url": "https://git.kernel.org/stable/c/42d9fe2adf8613f9eea1f0c2619c9e2611eae0ea" }, { "reference_url": "https://git.kernel.org/stable/c/a13b2b9b0b0b04612c7d81e3b3dfb485c5f7abc3", "reference_id": "a13b2b9b0b0b04612c7d81e3b3dfb485c5f7abc3", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:01:24Z/" } ], "url": "https://git.kernel.org/stable/c/a13b2b9b0b0b04612c7d81e3b3dfb485c5f7abc3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-56611" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1etx-xbxk-qucx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88916?format=api", "vulnerability_id": "VCID-1fan-53ze-auf7", "summary": "In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46774.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7", "reference_id": "0974d03eb479384466d828d65637814bee6b26d7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:39:52Z/" } ], "url": "https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7" }, { "reference_url": "https://git.kernel.org/stable/c/1f1feff02e9da0dd0cdb195c428c42b5f9b6c771", "reference_id": "1f1feff02e9da0dd0cdb195c428c42b5f9b6c771", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:39:52Z/" } ], "url": "https://git.kernel.org/stable/c/1f1feff02e9da0dd0cdb195c428c42b5f9b6c771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313122", "reference_id": "2313122", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313122" }, { "reference_url": "https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8", "reference_id": "68d8156480940b79227d58865ec5d2947b9384a8", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:39:52Z/" } ], "url": "https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8" }, { "reference_url": "https://git.kernel.org/stable/c/a262c2dc833f2fe1bd5c53a4d899e7077d3b1da9", "reference_id": "a262c2dc833f2fe1bd5c53a4d899e7077d3b1da9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:39:52Z/" } ], "url": "https://git.kernel.org/stable/c/a262c2dc833f2fe1bd5c53a4d899e7077d3b1da9" }, { "reference_url": "https://git.kernel.org/stable/c/b137af795399d8b657bad1646c18561530f35ed1", "reference_id": "b137af795399d8b657bad1646c18561530f35ed1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:39:52Z/" } ], "url": "https://git.kernel.org/stable/c/b137af795399d8b657bad1646c18561530f35ed1" }, { "reference_url": "https://git.kernel.org/stable/c/d2834ff1d9641a8695a09ea79cd901c7b6d4d05f", "reference_id": "d2834ff1d9641a8695a09ea79cd901c7b6d4d05f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:39:52Z/" } ], "url": "https://git.kernel.org/stable/c/d2834ff1d9641a8695a09ea79cd901c7b6d4d05f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-46774" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fan-53ze-auf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76608?format=api", "vulnerability_id": "VCID-1fvw-tgan-77c8", "summary": "kernel: loop: Avoid updating block size under exclusive owner", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38709.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38709.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393170", "reference_id": "2393170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393170" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38709" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fvw-tgan-77c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64788?format=api", "vulnerability_id": "VCID-1gz6-5jgt-8ube", "summary": "kernel: netfilter: nf_tables: unconditionally bump set->nelems before insertion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23272.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23272.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449571", "reference_id": "2449571", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449571" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-23272" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gz6-5jgt-8ube" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88060?format=api", "vulnerability_id": "VCID-1qkb-bkts-a3hg", "summary": "kernel: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49919.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/16ce8fd94da8599bb6f0496895d392a69aead1c0", "reference_id": "16ce8fd94da8599bb6f0496895d392a69aead1c0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:36Z/" } ], "url": "https://git.kernel.org/stable/c/16ce8fd94da8599bb6f0496895d392a69aead1c0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320470", "reference_id": "2320470", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320470" }, { "reference_url": "https://git.kernel.org/stable/c/390d757621f5f35d11a63ed7d9d3262ead240064", "reference_id": "390d757621f5f35d11a63ed7d9d3262ead240064", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:36Z/" } ], "url": "https://git.kernel.org/stable/c/390d757621f5f35d11a63ed7d9d3262ead240064" }, { "reference_url": "https://git.kernel.org/stable/c/8a1b1655a490a492a5a6987254c935ecce4eb9de", "reference_id": "8a1b1655a490a492a5a6987254c935ecce4eb9de", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:36Z/" } ], "url": "https://git.kernel.org/stable/c/8a1b1655a490a492a5a6987254c935ecce4eb9de" }, { "reference_url": "https://git.kernel.org/stable/c/f22f4754aaa47d8c59f166ba3042182859e5dff7", "reference_id": "f22f4754aaa47d8c59f166ba3042182859e5dff7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:36Z/" } ], "url": "https://git.kernel.org/stable/c/f22f4754aaa47d8c59f166ba3042182859e5dff7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-49919" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qkb-bkts-a3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84761?format=api", "vulnerability_id": "VCID-1rfn-bwf4-cbhj", "summary": "In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_t)4G -> (u32)0. Once virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX instead.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52762.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "reference_id": "2282623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5101", "reference_id": "RHSA-2024:5101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5102", "reference_id": "RHSA-2024:5102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3935", "reference_id": "RHSA-2025:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3935" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52762" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rfn-bwf4-cbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82854?format=api", "vulnerability_id": "VCID-1tvs-pf61-sqdp", "summary": "In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume signal. Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440 qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx] Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx] Sep 8 22:26:03 localhost kernel: Call Trace: Sep 8 22:26:03 localhost kernel: ? qla27xx_walk_template+0xb1/0x1b0 [qla2xxx] Sep 8 22:26:03 localhost kernel: ? qla27xx_execute_fwdt_template+0x12a/0x160 [qla2xxx] Sep 8 22:26:03 localhost kernel: ? qla27xx_fwdump+0xa0/0x1c0 [qla2xxx] Sep 8 22:26:03 localhost kernel: ? qla2xxx_pci_mmio_enabled+0xfb/0x120 [qla2xxx] Sep 8 22:26:03 localhost kernel: ? report_mmio_enabled+0x44/0x80 Sep 8 22:26:03 localhost kernel: ? report_slot_reset+0x80/0x80 Sep 8 22:26:03 localhost kernel: ? pci_walk_bus+0x70/0x90 Sep 8 22:26:03 localhost kernel: ? aer_dev_correctable_show+0xc0/0xc0 Sep 8 22:26:03 localhost kernel: ? pcie_do_recovery+0x1bb/0x240 Sep 8 22:26:03 localhost kernel: ? aer_recover_work_func+0xaa/0xd0 Sep 8 22:26:03 localhost kernel: ? process_one_work+0x1a7/0x360 .. Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-8041:22: detected PCI disconnect. Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: qla27xx_fwdt_entry_t262: dump ram MB failed. Area 5h start 198013h end 198013h Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: Unable to capture FW dump Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-1015:22: cmd=0x0, waited 5221 msecs Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-680d:22: mmio enabled returning. Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-d04c:22: MBX Command timeout for cmd 0, iocontrol=ffffffff jiffies=10140f2e5 mb[0-3]=[0xffff 0xffff 0xffff 0xffff]", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49157.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01448", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49157" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348333", "reference_id": "2348333", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348333" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49157" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1tvs-pf61-sqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59547?format=api", "vulnerability_id": "VCID-1ukf-fgp9-uud3", "summary": "kernel: net: qrtr: ns: Limit the maximum number of lookups", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46026.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46026.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482092", "reference_id": "2482092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482092" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46026" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ukf-fgp9-uud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86423?format=api", "vulnerability_id": "VCID-27bb-nmga-s7e3", "summary": "In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger without an error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26920.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26920.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08", "reference_id": "0958b33ef5a04ed91f61cef4760ac412080c4e08", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:45:09Z/" } ], "url": "https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275775", "reference_id": "2275775", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275775" }, { "reference_url": "https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398", "reference_id": "36be97e9eb535fe3008a5cb040b1e56f29f2e398", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:45:09Z/" } ], "url": "https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398" }, { "reference_url": "https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b", "reference_id": "4b001ef14baab16b553a002cb9979e31b8fc0c6b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:45:09Z/" } ], "url": "https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b" }, { "reference_url": "https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b", "reference_id": "6022c065c9ec465d84cebff8f480db083e4ee06b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:45:09Z/" } ], "url": "https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-26920" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27bb-nmga-s7e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59457?format=api", "vulnerability_id": "VCID-2cbk-z139-8fdc", "summary": "kernel: selinux: fix overlayfs mmap() and mprotect() access checks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46054.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46054.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482025", "reference_id": "2482025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482025" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-46054" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2cbk-z139-8fdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87818?format=api", "vulnerability_id": "VCID-2f9k-b76u-wyhx", "summary": "In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start offset of the dup and dep is within the range. So in a crafted image, if last entry is xfs_dir2_data_unused, we can change dup->length to dup->length-1 and leave 1 byte of space. In the next traversal, this space will be considered as dup or dep. We may encounter an out of bound read when accessing the fixed members. In the patch, we make sure that the remaining bytes large enough to hold an unused entry before accessing xfs_dir2_data_unused and xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make sure that the remaining bytes large enough to hold a dirent with a single-byte name before accessing xfs_dir2_data_entry.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41013.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a", "reference_id": "0c7fcdb6d06cdf8b19b57c17605215b06afa864a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:24:52Z/" } ], "url": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "reference_id": "2300296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300296" }, { "reference_url": "https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d", "reference_id": "b0932e4f9da85349d1c8f2a77d2a7a7163b8511d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:24:52Z/" } ], "url": "https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d" }, { "reference_url": "https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b", "reference_id": "ca96d83c93071f95cf962ce92406621a472df31b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:24:52Z/" } ], "url": "https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7000", "reference_id": "RHSA-2024:7000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7001", "reference_id": "RHSA-2024:7001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8617", "reference_id": "RHSA-2024:8617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8617" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-41013" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9k-b76u-wyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75635?format=api", "vulnerability_id": "VCID-2jb6-uj13-duft", "summary": "kernel: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53244.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53244.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395255", "reference_id": "2395255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53244" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jb6-uj13-duft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80340?format=api", "vulnerability_id": "VCID-2kqx-equ7-kuct", "summary": "kernel: sched/core: Do not requeue task on CPU excluded from cpus_mask", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50100.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50100.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50100", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20287", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50100" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373679", "reference_id": "2373679", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2458", "reference_id": "RHSA-2023:2458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2951", "reference_id": "RHSA-2023:2951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2951" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50100" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kqx-equ7-kuct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81412?format=api", "vulnerability_id": "VCID-382t-1gcu-7ybr", "summary": "In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about \"Task X blocked for more than N seconds\", as found in testing by syzbot: INFO: task syz-executor.0:8700 blocked for more than 143 seconds. Not tainted 5.14.0-rc7-syzkaller #0 \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message. task:syz-executor.0 state:D stack:23192 pid: 8700 ppid: 8455 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4681 [inline] __schedule+0xc07/0x11f0 kernel/sched/core.c:5938 schedule+0x14b/0x210 kernel/sched/core.c:6017 schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157 usb_start_wait_urb+0x167/0x550 drivers/usb/core/message.c:63 do_proc_bulk+0x978/0x1080 drivers/usb/core/devio.c:1236 proc_bulk drivers/usb/core/devio.c:1273 [inline] usbdev_do_ioctl drivers/usb/core/devio.c:2547 [inline] usbdev_ioctl+0x3441/0x6b10 drivers/usb/core/devio.c:2713 ... To fix this problem, this patch replaces usbfs's calls to usb_control_msg() and usb_bulk_msg() with special-purpose code that does essentially the same thing (as recommended in the comment for usb_start_wait_urb()), except that it always uses a killable wait and it uses GFP_KERNEL rather than GFP_NOIO.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47582.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47582.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02929", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47582" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293247", "reference_id": "2293247", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7000", "reference_id": "RHSA-2024:7000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7001", "reference_id": "RHSA-2024:7001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-47582" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-382t-1gcu-7ybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68420?format=api", "vulnerability_id": "VCID-39k9-dnc1-v7g1", "summary": "Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34463", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930251", "reference_id": "1930251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930251" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1578", "reference_id": "RHSA-2021:1578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1578" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1620", "reference_id": "RHSA-2021:1620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1739", "reference_id": "RHSA-2021:1739", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2314", "reference_id": "RHSA-2021:2314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2316", "reference_id": "RHSA-2021:2316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2316" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2020-12364" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39k9-dnc1-v7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79766?format=api", "vulnerability_id": "VCID-3a7u-bm7a-qkeu", "summary": "kernel: dm: fix unconditional IO throttle caused by REQ_PREFLUSH", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38063.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38063.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373387", "reference_id": "2373387", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373387" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38063" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3a7u-bm7a-qkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85148?format=api", "vulnerability_id": "VCID-3aqs-q9h8-3bhf", "summary": "kernel: tty: xilinx_uartps: split sysrq handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21820.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21820.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348916", "reference_id": "2348916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-21820" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3aqs-q9h8-3bhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82883?format=api", "vulnerability_id": "VCID-3gjk-d9sj-sfhw", "summary": "In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference to the old ct entry. That's because tcf_ct_skb_nfct_cached() returns false and tcf_ct_flow_table_lookup() may simply overwrite it. The fix is to, as the ct entry is not reusable, free it already at tcf_ct_skb_nfct_cached().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33102", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49183" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347743", "reference_id": "2347743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347743" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49183" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gjk-d9sj-sfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84757?format=api", "vulnerability_id": "VCID-3h3b-gupb-c7en", "summary": "In the Linux kernel, the following vulnerability has been resolved: riscv: VMAP_STACK overflow detection thread-safe commit 31da94c25aea (\"riscv: add VMAP_STACK overflow detection\") added support for CONFIG_VMAP_STACK. If overflow is detected, CPU switches to `shadow_stack` temporarily before switching finally to per-cpu `overflow_stack`. If two CPUs/harts are racing and end up in over flowing kernel stack, one or both will end up corrupting each other state because `shadow_stack` is not per-cpu. This patch optimizes per-cpu overflow stack switch by directly picking per-cpu `overflow_stack` and gets rid of `shadow_stack`. Following are the changes in this patch - Defines an asm macro to obtain per-cpu symbols in destination register. - In entry.S, when overflow is detected, per-cpu overflow stack is located using per-cpu asm macro. Computing per-cpu symbol requires a temporary register. x31 is saved away into CSR_SCRATCH (CSR_SCRATCH is anyways zero since we're in kernel). Please see Links for additional relevant disccussion and alternative solution. Tested by `echo EXHAUST_STACK > /sys/kernel/debug/provoke-crash/DIRECT` Kernel crash log below Insufficient stack space to handle exception!/debug/provoke-crash/DIRECT Task stack: [0xff20000010a98000..0xff20000010a9c000] Overflow stack: [0xff600001f7d98370..0xff600001f7d99370] CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34 Hardware name: riscv-virtio,qemu (DT) epc : __memset+0x60/0xfc ra : recursive_loop+0x48/0xc6 [lkdtm] epc : ffffffff808de0e4 ra : ffffffff0163a752 sp : ff20000010a97e80 gp : ffffffff815c0330 tp : ff600000820ea280 t0 : ff20000010a97e88 t1 : 000000000000002e t2 : 3233206874706564 s0 : ff20000010a982b0 s1 : 0000000000000012 a0 : ff20000010a97e88 a1 : 0000000000000000 a2 : 0000000000000400 a3 : ff20000010a98288 a4 : 0000000000000000 a5 : 0000000000000000 a6 : fffffffffffe43f0 a7 : 00007fffffffffff s2 : ff20000010a97e88 s3 : ffffffff01644680 s4 : ff20000010a9be90 s5 : ff600000842ba6c0 s6 : 00aaaaaac29e42b0 s7 : 00fffffff0aa3684 s8 : 00aaaaaac2978040 s9 : 0000000000000065 s10: 00ffffff8a7cad10 s11: 00ffffff8a76a4e0 t3 : ffffffff815dbaf4 t4 : ffffffff815dbaf4 t5 : ffffffff815dbab8 t6 : ff20000010a9bb48 status: 0000000200000120 badaddr: ff20000010a97e88 cause: 000000000000000f Kernel panic - not syncing: Kernel stack overflow CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff80006754>] dump_backtrace+0x30/0x38 [<ffffffff808de798>] show_stack+0x40/0x4c [<ffffffff808ea2a8>] dump_stack_lvl+0x44/0x5c [<ffffffff808ea2d8>] dump_stack+0x18/0x20 [<ffffffff808dec06>] panic+0x126/0x2fe [<ffffffff800065ea>] walk_stackframe+0x0/0xf0 [<ffffffff0163a752>] recursive_loop+0x48/0xc6 [lkdtm] SMP: stopping secondary CPUs ---[ end Kernel panic - not syncing: Kernel stack overflow ]---", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52761.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282739", "reference_id": "2282739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282739" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2023-52761" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3h3b-gupb-c7en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85124?format=api", "vulnerability_id": "VCID-3hbk-8fxp-qqcy", "summary": "kernel: memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58034.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58034.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348890", "reference_id": "2348890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348890" }, { "reference_url": "https://git.kernel.org/stable/c/3b02273446e23961d910b50cc12528faec649fb2", "reference_id": "3b02273446e23961d910b50cc12528faec649fb2", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T17:59:56Z/" } ], "url": "https://git.kernel.org/stable/c/3b02273446e23961d910b50cc12528faec649fb2" }, { "reference_url": "https://git.kernel.org/stable/c/755e44538c190c31de9090d8e8821d228fcfd416", "reference_id": "755e44538c190c31de9090d8e8821d228fcfd416", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T17:59:56Z/" } ], "url": "https://git.kernel.org/stable/c/755e44538c190c31de9090d8e8821d228fcfd416" }, { "reference_url": "https://git.kernel.org/stable/c/b9784e5cde1f9fb83661a70e580e381ae1264d12", "reference_id": "b9784e5cde1f9fb83661a70e580e381ae1264d12", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T17:59:56Z/" } ], "url": "https://git.kernel.org/stable/c/b9784e5cde1f9fb83661a70e580e381ae1264d12" }, { "reference_url": "https://git.kernel.org/stable/c/c144423cb07e4e227a8572d5742ca2b36ada770d", "reference_id": "c144423cb07e4e227a8572d5742ca2b36ada770d", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T17:59:56Z/" } ], "url": "https://git.kernel.org/stable/c/c144423cb07e4e227a8572d5742ca2b36ada770d" }, { "reference_url": "https://git.kernel.org/stable/c/c3def10c610ae046aaa61d00528e7bd15e4ad8d3", "reference_id": "c3def10c610ae046aaa61d00528e7bd15e4ad8d3", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T17:59:56Z/" } ], "url": "https://git.kernel.org/stable/c/c3def10c610ae046aaa61d00528e7bd15e4ad8d3" }, { "reference_url": "https://git.kernel.org/stable/c/e9d07e91de140679eeaf275f47ad154467cb9e05", "reference_id": "e9d07e91de140679eeaf275f47ad154467cb9e05", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T17:59:56Z/" } ], "url": "https://git.kernel.org/stable/c/e9d07e91de140679eeaf275f47ad154467cb9e05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-58034" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hbk-8fxp-qqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70282?format=api", "vulnerability_id": "VCID-3sps-7a98-5yb7", "summary": "kernel: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53834.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53834.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420357", "reference_id": "2420357", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420357" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53834" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sps-7a98-5yb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85741?format=api", "vulnerability_id": "VCID-3t8r-ykfq-4qh7", "summary": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26668.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a", "reference_id": "00c2c29aa36d1d1827c51a3720e9f893a22c7c6a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:53:39Z/" } ], "url": "https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272797", "reference_id": "2272797", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272797" }, { "reference_url": "https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1", "reference_id": "79d4efd75e7dbecd855a3b8a63e65f7265f466e1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:53:39Z/" } ], "url": "https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1" }, { "reference_url": "https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0", "reference_id": "9882495d02ecc490604f747437a40626dc9160d0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:53:39Z/" } ], "url": "https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0" }, { "reference_url": "https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b", "reference_id": "bc6e242bb74e2ae616bfd2b250682b738e781c9b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:53:39Z/" } ], "url": "https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b" }, { "reference_url": "https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa", "reference_id": "c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:53:39Z/" } ], "url": "https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4823", "reference_id": "RHSA-2024:4823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4831", "reference_id": "RHSA-2024:4831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5928", "reference_id": "RHSA-2024:5928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5928" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-26668" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3t8r-ykfq-4qh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86857?format=api", "vulnerability_id": "VCID-3vy8-kr4h-ebaw", "summary": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35864.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35864.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281769", "reference_id": "2281769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281769" }, { "reference_url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1", "reference_id": "705c76fbf726c7a2f6ff9143d4013b18daaaebf1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-29T18:32:19Z/" } ], "url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1" }, { "reference_url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb", "reference_id": "a8344e2b69bde63f713b0aa796d70dbeadffddfb", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-29T18:32:19Z/" } ], "url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb" }, { "reference_url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5", "reference_id": "c868cabdf6fdd61bea54532271f4708254e57fc5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-29T18:32:19Z/" } ], "url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5" }, { "reference_url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4", "reference_id": "f92739fdd4522c4291277136399353d7c341fae4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-29T18:32:19Z/" } ], "url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-35864" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vy8-kr4h-ebaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60893?format=api", "vulnerability_id": "VCID-3wu3-cc3e-7ya4", "summary": "kernel: ASoC: qcom: q6asm: drop DSP responses for closed data streams", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43204.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467142", "reference_id": "2467142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467142" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-43204" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wu3-cc3e-7ya4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77153?format=api", "vulnerability_id": "VCID-3wv1-u76y-uugs", "summary": "kernel: smb: client: fix use-after-free in cifs_oplock_break", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38527.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388928", "reference_id": "2388928", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16880", "reference_id": "RHSA-2025:16880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16904", "reference_id": "RHSA-2025:16904", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17122", "reference_id": "RHSA-2025:17122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17123", "reference_id": "RHSA-2025:17123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17124", "reference_id": "RHSA-2025:17124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17241", "reference_id": "RHSA-2025:17241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17397", "reference_id": "RHSA-2025:17397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17398", "reference_id": "RHSA-2025:17398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17570", "reference_id": "RHSA-2025:17570", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18054", "reference_id": "RHSA-2025:18054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18098", "reference_id": "RHSA-2025:18098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21667", "reference_id": "RHSA-2025:21667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22752", "reference_id": "RHSA-2025:22752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22752" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38527" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wv1-u76y-uugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80591?format=api", "vulnerability_id": "VCID-3xhc-g93q-suba", "summary": "Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33061.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14283", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33061" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024713", "reference_id": "2024713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-33061" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xhc-g93q-suba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81480?format=api", "vulnerability_id": "VCID-43sp-skb2-2ycq", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(), but not freed in int smu_v12_0_fini_smc_tables(). Free it!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47658.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06569", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348132", "reference_id": "2348132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348132" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-47658" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43sp-skb2-2ycq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86689?format=api", "vulnerability_id": "VCID-4guc-1n3q-c7hj", "summary": "In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skb_peek() unexpectedly returning NULL or a pointer to an already dequeued socket buffer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27402.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0a9f558c72c47472c38c05fcb72c70abb9104277", "reference_id": "0a9f558c72c47472c38c05fcb72c70abb9104277", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-31T18:37:04Z/" } ], "url": "https://git.kernel.org/stable/c/0a9f558c72c47472c38c05fcb72c70abb9104277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281129", "reference_id": "2281129", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281129" }, { "reference_url": "https://git.kernel.org/stable/c/7d2a894d7f487dcb894df023e9d3014cf5b93fe5", "reference_id": "7d2a894d7f487dcb894df023e9d3014cf5b93fe5", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-31T18:37:04Z/" } ], "url": "https://git.kernel.org/stable/c/7d2a894d7f487dcb894df023e9d3014cf5b93fe5" }, { "reference_url": "https://git.kernel.org/stable/c/7d3914a477eed92b48c493a8631cc4554ab4fd4f", "reference_id": "7d3914a477eed92b48c493a8631cc4554ab4fd4f", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-31T18:37:04Z/" } ], "url": "https://git.kernel.org/stable/c/7d3914a477eed92b48c493a8631cc4554ab4fd4f" }, { "reference_url": "https://git.kernel.org/stable/c/8ef4fcc7014b9f93619851d6b78d6cc2789a4c88", "reference_id": "8ef4fcc7014b9f93619851d6b78d6cc2789a4c88", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-31T18:37:04Z/" } ], "url": "https://git.kernel.org/stable/c/8ef4fcc7014b9f93619851d6b78d6cc2789a4c88" }, { "reference_url": "https://git.kernel.org/stable/c/9d5523e065b568e79dfaa2ea1085a5bcf74baf78", "reference_id": "9d5523e065b568e79dfaa2ea1085a5bcf74baf78", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-31T18:37:04Z/" } ], "url": "https://git.kernel.org/stable/c/9d5523e065b568e79dfaa2ea1085a5bcf74baf78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-27402" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4guc-1n3q-c7hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73472?format=api", "vulnerability_id": "VCID-4h23-6r98-8fah", "summary": "kernel: Linux kernel: uvcvideo Denial of Service from invalid UVC entity IDs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40016.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40016.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405130", "reference_id": "2405130", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-40016" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4h23-6r98-8fah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74165?format=api", "vulnerability_id": "VCID-4h5b-jec2-tkhu", "summary": "kernel: drm/amdgpu: unmap and remove csa_va properly", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53545.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53545.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401539", "reference_id": "2401539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2394", "reference_id": "RHSA-2024:2394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53545" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4h5b-jec2-tkhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59344?format=api", "vulnerability_id": "VCID-4hug-t24z-kucs", "summary": "kernel: ocfs2: split transactions in dio completion to avoid credit exhaustion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46080.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481928", "reference_id": "2481928", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481928" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46080" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hug-t24z-kucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66970?format=api", "vulnerability_id": "VCID-4jpy-r5eq-5ke2", "summary": "kernel: net: fix segmentation of forwarding fraglist GRO", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23154.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439933", "reference_id": "2439933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439933" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-23154" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4jpy-r5eq-5ke2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59395?format=api", "vulnerability_id": "VCID-4pjf-e5f7-mycu", "summary": "kernel: crypto: atmel-tdes - fix DMA sync direction", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46077.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481974", "reference_id": "2481974", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481974" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46077" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4pjf-e5f7-mycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87580?format=api", "vulnerability_id": "VCID-4syw-6j26-mqh4", "summary": "In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() could not stop it and will return directly. If the port region is released by release_region() and then the timer handler cpu5wdt_trigger() calls outb() to write into the region that is released, the use-after-free bug will happen. Change del_timer() to timer_shutdown_sync() in order that the timer handler could be finished before the port region is released.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38630.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38630.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293697", "reference_id": "2293697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293697" }, { "reference_url": "https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4", "reference_id": "573601521277119f2e2ba5f28ae6e87fc594f4d4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:05Z/" } ], "url": "https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4" }, { "reference_url": "https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314", "reference_id": "9b1c063ffc075abf56f63e55d70b9778ff534314", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:05Z/" } ], "url": "https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314" }, { "reference_url": "https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a", "reference_id": "f19686d616500cd0d47b30cee82392b53f7f784a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:05Z/" } ], "url": "https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-38630" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4syw-6j26-mqh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59409?format=api", "vulnerability_id": "VCID-4w8u-eyqr-vybb", "summary": "kernel: net: bridge: use a stable FDB dst snapshot in RCU readers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46086.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46086.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481989", "reference_id": "2481989", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481989" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46086" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w8u-eyqr-vybb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88571?format=api", "vulnerability_id": "VCID-4yvc-u8ju-byh3", "summary": "In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core staying in interrupt context too long and lead to soft lockup under heavy load. Handle CEQEs in BH workqueue and set an upper limit for the number of CEQE handled by a single call of work handler.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43872.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08", "reference_id": "06580b33c183c9f98e2a2ca96a86137179032c08", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:06:16Z/" } ], "url": "https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306366", "reference_id": "2306366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306366" }, { "reference_url": "https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b", "reference_id": "2fdf34038369c0a27811e7b4680662a14ada1d6b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:06:16Z/" } ], "url": "https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-43872" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvc-u8ju-byh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88307?format=api", "vulnerability_id": "VCID-4yxa-fq12-xqb8", "summary": "In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid access on the priv->stats_report->stats array.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42162.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301540", "reference_id": "2301540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301540" }, { "reference_url": "https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62", "reference_id": "32675d828c8a392e20d5b42375ed112c407e4b62", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:14:49Z/" } ], "url": "https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62" }, { "reference_url": "https://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6", "reference_id": "af9bcf910b1f86244f39e15e701b2dc564b469a6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:14:49Z/" } ], "url": "https://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-42162" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yxa-fq12-xqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64784?format=api", "vulnerability_id": "VCID-5au8-v1ew-xfbj", "summary": "kernel: net: add xmit recursion limit to tunnel xmit functions", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23276.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23276.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449561", "reference_id": "2449561", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449561" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-23276" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5au8-v1ew-xfbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86221?format=api", "vulnerability_id": "VCID-5e2p-bgdk-m3dj", "summary": "kernel: RDMA/mlx5: Move events notifier registration to be after device registration", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53224.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334399", "reference_id": "2334399", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334399" }, { "reference_url": "https://git.kernel.org/stable/c/542bd62b7a7f37182c9ef192c2bd25d118c144e4", "reference_id": "542bd62b7a7f37182c9ef192c2bd25d118c144e4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:03:20Z/" } ], "url": "https://git.kernel.org/stable/c/542bd62b7a7f37182c9ef192c2bd25d118c144e4" }, { "reference_url": "https://git.kernel.org/stable/c/6b0acf6a94c31efa43fce4edc22413a3390f9c05", "reference_id": "6b0acf6a94c31efa43fce4edc22413a3390f9c05", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:03:20Z/" } ], "url": "https://git.kernel.org/stable/c/6b0acf6a94c31efa43fce4edc22413a3390f9c05" }, { "reference_url": "https://git.kernel.org/stable/c/921fcf2971a1e8d3b904ba2c2905b96f4ec3d4ad", "reference_id": "921fcf2971a1e8d3b904ba2c2905b96f4ec3d4ad", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:03:20Z/" } ], "url": "https://git.kernel.org/stable/c/921fcf2971a1e8d3b904ba2c2905b96f4ec3d4ad" }, { "reference_url": "https://git.kernel.org/stable/c/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8", "reference_id": "ede132a5cf559f3ab35a4c28bac4f4a6c20334d8", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:03:20Z/" } ], "url": "https://git.kernel.org/stable/c/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-53224" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5e2p-bgdk-m3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70452?format=api", "vulnerability_id": "VCID-5eew-2b3m-jbgb", "summary": "kernel: drm/amd/display: fix mapping to non-allocated address", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53753.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419927", "reference_id": "2419927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6583", "reference_id": "RHSA-2023:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7077", "reference_id": "RHSA-2023:7077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7077" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53753" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5eew-2b3m-jbgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73477?format=api", "vulnerability_id": "VCID-5hpq-769v-hkgc", "summary": "kernel: spi: cadence-quadspi: Implement refcount to handle unbind during busy", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40005.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405134", "reference_id": "2405134", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-40005" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hpq-769v-hkgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77100?format=api", "vulnerability_id": "VCID-5j8s-mjp8-47h9", "summary": "kernel: padata: Fix pd UAF once and for all", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38584.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38584.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389501", "reference_id": "2389501", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389501" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38584" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5j8s-mjp8-47h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81850?format=api", "vulnerability_id": "VCID-5mfx-cbsw-x3f4", "summary": "In the Linux kernel, the following vulnerability has been resolved: sfc/siena: fix null pointer dereference in efx_hard_start_xmit Like in previous patch for sfc, prevent potential (but unlikely) NULL pointer dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48646.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48646.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48646", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01014", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48646" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277816", "reference_id": "2277816", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277816" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48646" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mfx-cbsw-x3f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59141?format=api", "vulnerability_id": "VCID-5ppr-xdw3-fyab", "summary": "kernel: batman-adv: bla: put backbone reference on failed claim hash insert", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46231.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46231.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482562", "reference_id": "2482562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46231" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ppr-xdw3-fyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59108?format=api", "vulnerability_id": "VCID-6292-znkq-7fd1", "summary": "kernel: ipmi: Add limits to event and receive message requests", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46177.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482539", "reference_id": "2482539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482539" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46177" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6292-znkq-7fd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60776?format=api", "vulnerability_id": "VCID-63v1-tm38-zyfn", "summary": "kernel: most: core: fix resource leak in most_register_interface error paths", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71272.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71272.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467061", "reference_id": "2467061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-71272" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63v1-tm38-zyfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74061?format=api", "vulnerability_id": "VCID-686s-91xk-53bs", "summary": "kernel: cpufreq: davinci: Fix clk use after free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53544.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401474", "reference_id": "2401474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2394", "reference_id": "RHSA-2024:2394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53544" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-686s-91xk-53bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59188?format=api", "vulnerability_id": "VCID-68tr-q3r5-eqhe", "summary": "kernel: spi: mpc52xx: fix use-after-free on registration failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46241.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46241.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482593", "reference_id": "2482593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482593" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46241" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-68tr-q3r5-eqhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59578?format=api", "vulnerability_id": "VCID-68u4-cn8r-sbeg", "summary": "kernel: udf: fix partition descriptor append bookkeeping", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45991.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45991.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482113", "reference_id": "2482113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482113" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-45991" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-68u4-cn8r-sbeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76625?format=api", "vulnerability_id": "VCID-6b37-vrxv-nkhw", "summary": "kernel: exfat: add cluster chain loop check for dir", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38692.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393175", "reference_id": "2393175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393175" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38692" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6b37-vrxv-nkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86242?format=api", "vulnerability_id": "VCID-6ccm-6dwt-bkfs", "summary": "In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually with spi_alloc_host()/spi_alloc_target(), but uses devm_spi_register_controller(). In case of error after the latter call the memory will be explicitly freed in the probe function by spi_controller_put() call, but used afterwards by \"devm\" management outside probe() (spi_unregister_controller() <- devm_spi_unregister() below). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 ... Call trace: kernfs_find_ns kernfs_find_and_get_ns sysfs_remove_group sysfs_remove_groups device_remove_attrs device_del spi_unregister_controller devm_spi_unregister release_nodes devres_release_all really_probe driver_probe_device __device_attach_driver bus_for_each_drv __device_attach device_initial_probe bus_probe_device deferred_probe_work_func process_one_work worker_thread kthread ret_from_fork", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26866.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26866.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/1543418e82789cc383cd36d41469983c64e3fc7f", "reference_id": "1543418e82789cc383cd36d41469983c64e3fc7f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:57:41Z/" } ], "url": "https://git.kernel.org/stable/c/1543418e82789cc383cd36d41469983c64e3fc7f" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275719", "reference_id": "2275719", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275719" }, { "reference_url": "https://git.kernel.org/stable/c/2ae0ab0143fcc06190713ed81a6486ed0ad3c861", "reference_id": "2ae0ab0143fcc06190713ed81a6486ed0ad3c861", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:57:41Z/" } ], "url": "https://git.kernel.org/stable/c/2ae0ab0143fcc06190713ed81a6486ed0ad3c861" }, { "reference_url": "https://git.kernel.org/stable/c/996ce839606afd0fef91355627868022aa73eb68", "reference_id": "996ce839606afd0fef91355627868022aa73eb68", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:57:41Z/" } ], "url": "https://git.kernel.org/stable/c/996ce839606afd0fef91355627868022aa73eb68" }, { "reference_url": "https://git.kernel.org/stable/c/da83ed350e4604b976e94239b08d8e2e7eaee7ea", "reference_id": "da83ed350e4604b976e94239b08d8e2e7eaee7ea", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-28T19:57:41Z/" } ], "url": "https://git.kernel.org/stable/c/da83ed350e4604b976e94239b08d8e2e7eaee7ea" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-26866" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ccm-6dwt-bkfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68299?format=api", "vulnerability_id": "VCID-6esn-wjxv-7ycm", "summary": "kernel: iomap: adjust read range correctly for non-block-aligned positions", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68794.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68794.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429040", "reference_id": "2429040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429040" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-68794" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6esn-wjxv-7ycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87552?format=api", "vulnerability_id": "VCID-6mku-v4z6-n3e1", "summary": "In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25_dev The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference count leak issue of the object \"ax25_dev\". Memory leak issue in ax25_addr_ax25dev(): The reference count of the object \"ax25_dev\" can be increased multiple times in ax25_addr_ax25dev(). This will cause a memory leak. Memory leak issues in ax25_dev_device_down(): The reference count of ax25_dev is set to 1 in ax25_dev_device_up() and then increase the reference count when ax25_dev is added to ax25_dev_list. As a result, the reference count of ax25_dev is 2. But when the device is shutting down. The ax25_dev_device_down() drops the reference count once or twice depending on if we goto unlock_put or not, which will cause memory leak. As for the issue of ax25_addr_ax25dev(), it is impossible for one pointer to be on a list twice. So add a break in ax25_addr_ax25dev(). As for the issue of ax25_dev_device_down(), increase the reference count of ax25_dev once in ax25_dev_device_up() and decrease the reference count of ax25_dev after it is removed from the ax25_dev_list.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38602.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38602.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868", "reference_id": "1ea02699c7557eeb35ccff2bd822de1b3e09d868", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:13:18Z/" } ], "url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293363", "reference_id": "2293363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293363" }, { "reference_url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a", "reference_id": "38eb01edfdaa1562fa00429be2e33f45383b1b3a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:13:18Z/" } ], "url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a" }, { "reference_url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3", "reference_id": "81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:13:18Z/" } ], "url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3" }, { "reference_url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c", "reference_id": "ae467750a3765dd1092eb29f58247950a2f9b60c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:13:18Z/" } ], "url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c" }, { "reference_url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced", "reference_id": "b505e0319852b08a3a716b64620168eab21f4ced", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:13:18Z/" } ], "url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-38602" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mku-v4z6-n3e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87344?format=api", "vulnerability_id": "VCID-6qwf-n163-8fa7", "summary": "kernel: pinctrl: ocelot: fix system hang on level based interrupts", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50196.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/20728e86289ab463b99b7ab4425515bd26aba417", "reference_id": "20728e86289ab463b99b7ab4425515bd26aba417", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:59Z/" } ], "url": "https://git.kernel.org/stable/c/20728e86289ab463b99b7ab4425515bd26aba417" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324563", "reference_id": "2324563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324563" }, { "reference_url": "https://git.kernel.org/stable/c/4a81800ef05bea5a9896f199677f7b7f5020776a", "reference_id": "4a81800ef05bea5a9896f199677f7b7f5020776a", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:59Z/" } ], "url": "https://git.kernel.org/stable/c/4a81800ef05bea5a9896f199677f7b7f5020776a" }, { "reference_url": "https://git.kernel.org/stable/c/655f5d4662b958122b260be05aa6dfdf8768efe6", "reference_id": "655f5d4662b958122b260be05aa6dfdf8768efe6", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:59Z/" } ], "url": "https://git.kernel.org/stable/c/655f5d4662b958122b260be05aa6dfdf8768efe6" }, { "reference_url": "https://git.kernel.org/stable/c/93b8ddc54507a227087c60a0013ed833b6ae7d3c", "reference_id": "93b8ddc54507a227087c60a0013ed833b6ae7d3c", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:59Z/" } ], "url": "https://git.kernel.org/stable/c/93b8ddc54507a227087c60a0013ed833b6ae7d3c" }, { "reference_url": "https://git.kernel.org/stable/c/dcbe9954634807ec54e22bde278b5b269f921381", "reference_id": "dcbe9954634807ec54e22bde278b5b269f921381", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:59Z/" } ], "url": "https://git.kernel.org/stable/c/dcbe9954634807ec54e22bde278b5b269f921381" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-50196" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qwf-n163-8fa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86399?format=api", "vulnerability_id": "VCID-6zxx-2e89-aqcw", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why] MAX_SURFACES is per stream, while MAX_PLANES is per asic. The mpc_combine is an array that records all the planes per asic. Therefore MAX_PLANES should be used as the array size. Using MAX_SURFACES causes array overflow when there are more than 3 planes. [how] Use the MAX_PLANES for the mpc_combine array size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26914.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26914.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3", "reference_id": "0bd8ef618a42d7e6ea3f701065264e15678025e3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:47:53Z/" } ], "url": "https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275792", "reference_id": "2275792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275792" }, { "reference_url": "https://git.kernel.org/stable/c/39079fe8e660851abbafa90cd55cbf029210661f", "reference_id": "39079fe8e660851abbafa90cd55cbf029210661f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:47:53Z/" } ], "url": "https://git.kernel.org/stable/c/39079fe8e660851abbafa90cd55cbf029210661f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-26914" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6zxx-2e89-aqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81014?format=api", "vulnerability_id": "VCID-7bra-8epf-z7cs", "summary": "In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow's original mod actions in order to clear the registers which hold ct_state. When such flow also includes encap action, a neigh update event can cause the driver to unoffload the flow and then reoffload it. Each time this happens, the ct clear handling adds that same set of mod hdr actions to reset ct_state until the max of mod hdr actions is reached. Also the driver never releases the allocated mod hdr actions and causing a memleak. Fix above two issues by moving CT clear mod acts allocation into the parsing actions phase and only use it when offloading the rule. The release of mod acts will be done in the normal flow_put(). backtrace: [<000000007316e2f3>] krealloc+0x83/0xd0 [<00000000ef157de1>] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core] [<00000000970ce4ae>] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core] [<0000000067c5fa17>] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core] [<00000000d032eb98>] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core] [<00000000fd23b869>] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core] [<000000004fc24acc>] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core] [<00000000dc741c17>] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core] [<00000000e92e49d7>] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core] [<00000000f60f5602>] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core]", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05401", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47199" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274610", "reference_id": "2274610", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274610" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-47199" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bra-8epf-z7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68348?format=api", "vulnerability_id": "VCID-7djh-s68v-wuhw", "summary": "kernel: inet: frags: flush pending skbs in fqdir_pre_exit()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68768.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429092", "reference_id": "2429092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429092" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-68768" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7djh-s68v-wuhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59388?format=api", "vulnerability_id": "VCID-7fd1-c8xg-ffba", "summary": "kernel: net: rds: fix MR cleanup on copy error", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46053.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46053.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481966", "reference_id": "2481966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46053" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fd1-c8xg-ffba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59357?format=api", "vulnerability_id": "VCID-7gc9-aqme-jfgw", "summary": "kernel: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46006.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46006.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481939", "reference_id": "2481939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481939" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46006" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7gc9-aqme-jfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87328?format=api", "vulnerability_id": "VCID-7hth-pca3-kuby", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero. The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected. kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36969.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36969.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba", "reference_id": "130afc8a886183a94cf6eab7d24f300014ff87ba", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:44:38Z/" } ], "url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292328", "reference_id": "2292328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292328" }, { "reference_url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911", "reference_id": "308de6be0c9c7ba36915c0d398e771725c0ea911", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:44:38Z/" } ], "url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911" }, { "reference_url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639", "reference_id": "7e4f50dfc98c49b3dc6875a35c3112522fb25639", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:44:38Z/" } ], "url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639" }, { "reference_url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f", "reference_id": "91402e0e5de9124a3108db7a14163fcf9a6d322f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:44:38Z/" } ], "url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f" }, { "reference_url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445", "reference_id": "a32c8f951c8a456c1c251e1dcdf21787f8066445", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:44:38Z/" } ], "url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445" }, { "reference_url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563", "reference_id": "f187fcbbb8f8bf10c6687f0beae22509369f7563", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-10T18:44:38Z/" } ], "url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-36969" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hth-pca3-kuby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86395?format=api", "vulnerability_id": "VCID-7scc-8ehc-p7fd", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why] odm calculation is missing for pipe split policy determination and cause Underflow/Corruption issue. [how] Add the odm calculation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26913.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26913.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275794", "reference_id": "2275794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275794" }, { "reference_url": "https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31", "reference_id": "cdbe0be8874c63bca85b8c38e5b1eecbdd18df31", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:47:56Z/" } ], "url": "https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31" }, { "reference_url": "https://git.kernel.org/stable/c/faf51b201bc42adf500945732abb6220c707d6f3", "reference_id": "faf51b201bc42adf500945732abb6220c707d6f3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:47:56Z/" } ], "url": "https://git.kernel.org/stable/c/faf51b201bc42adf500945732abb6220c707d6f3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-26913" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7scc-8ehc-p7fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82896?format=api", "vulnerability_id": "VCID-7thb-2bfs-xba3", "summary": "In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've called device_unregister(&host_bridge->dev). But the unregister may have freed phb, because pcibios_free_controller_deferred() is the release function for the host_bridge. If there are no outstanding references when we call device_unregister() then phb will be freed out from under us. This has gone mainly unnoticed, but with slub_debug and page_poison enabled it can lead to a crash: PID: 7574 TASK: c0000000d492cb80 CPU: 13 COMMAND: \"drmgr\" #0 [c0000000e4f075a0] crash_kexec at c00000000027d7dc #1 [c0000000e4f075d0] oops_end at c000000000029608 #2 [c0000000e4f07650] __bad_page_fault at c0000000000904b4 #3 [c0000000e4f076c0] do_bad_slb_fault at c00000000009a5a8 #4 [c0000000e4f076f0] data_access_slb_common_virt at c000000000008b30 Data SLB Access [380] exception frame: R0: c000000000167250 R1: c0000000e4f07a00 R2: c000000002a46100 R3: c000000002b39ce8 R4: 00000000000000c0 R5: 00000000000000a9 R6: 3894674d000000c0 R7: 0000000000000000 R8: 00000000000000ff R9: 0000000000000100 R10: 6b6b6b6b6b6b6b6b R11: 0000000000008000 R12: c00000000023da80 R13: c0000009ffd38b00 R14: 0000000000000000 R15: 000000011c87f0f0 R16: 0000000000000006 R17: 0000000000000003 R18: 0000000000000002 R19: 0000000000000004 R20: 0000000000000005 R21: 000000011c87ede8 R22: 000000011c87c5a8 R23: 000000011c87d3a0 R24: 0000000000000000 R25: 0000000000000001 R26: c0000000e4f07cc8 R27: c00000004d1cc400 R28: c0080000031d00e8 R29: c00000004d23d800 R30: c00000004d1d2400 R31: c00000004d1d2540 NIP: c000000000167258 MSR: 8000000000009033 OR3: c000000000e9f474 CTR: 0000000000000000 LR: c000000000167250 XER: 0000000020040003 CCR: 0000000024088420 MQ: 0000000000000000 DAR: 6b6b6b6b6b6b6ba3 DSISR: c0000000e4f07920 Syscall Result: fffffffffffffff2 [NIP : release_resource+56] [LR : release_resource+48] #5 [c0000000e4f07a00] release_resource at c000000000167258 (unreliable) #6 [c0000000e4f07a30] remove_phb_dynamic at c000000000105648 #7 [c0000000e4f07ab0] dlpar_remove_slot at c0080000031a09e8 [rpadlpar_io] #8 [c0000000e4f07b50] remove_slot_store at c0080000031a0b9c [rpadlpar_io] #9 [c0000000e4f07be0] kobj_attr_store at c000000000817d8c #10 [c0000000e4f07c00] sysfs_kf_write at c00000000063e504 #11 [c0000000e4f07c20] kernfs_fop_write_iter at c00000000063d868 #12 [c0000000e4f07c70] new_sync_write at c00000000054339c #13 [c0000000e4f07d10] vfs_write at c000000000546624 #14 [c0000000e4f07d60] ksys_write at c0000000005469f4 #15 [c0000000e4f07db0] system_call_exception at c000000000030840 #16 [c0000000e4f07e10] system_call_vectored_common at c00000000000c168 To avoid it, we can take a reference to the host_bridge->dev until we're done using phb. Then when we drop the reference the phb will be freed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06045", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49196" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348173", "reference_id": "2348173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348173" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49196" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7thb-2bfs-xba3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62008?format=api", "vulnerability_id": "VCID-7vaw-mv2d-4qbu", "summary": "kernel: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31592.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31592.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461501", "reference_id": "2461501", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461501" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-31592" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vaw-mv2d-4qbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63747?format=api", "vulnerability_id": "VCID-84ta-rw6f-jqbs", "summary": "kernel: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23468.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23468.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454848", "reference_id": "2454848", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-23468" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84ta-rw6f-jqbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83574?format=api", "vulnerability_id": "VCID-84xk-htf2-77db", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtraction overflow. On the other side (addr + 2 * min_alignment) can overflow in case of mock tests. This patch should handle both cases. (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49635.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31118", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347656", "reference_id": "2347656", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347656" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49635" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84xk-htf2-77db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64363?format=api", "vulnerability_id": "VCID-88pr-sj3w-s3g5", "summary": "kernel: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23315.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23315.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451177", "reference_id": "2451177", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451177" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-23315" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88pr-sj3w-s3g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85591?format=api", "vulnerability_id": "VCID-8e2n-p7q1-jbh7", "summary": "kernel: net: hns3: don't auto enable misc vector", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21651.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21651.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338826", "reference_id": "2338826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338826" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-21651" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8e2n-p7q1-jbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82692?format=api", "vulnerability_id": "VCID-8gph-qg72-fbbz", "summary": "kernel: netlink: Bounds-check struct nlmsgerr creation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19811", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49766" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363478", "reference_id": "2363478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49766" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gph-qg72-fbbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83271?format=api", "vulnerability_id": "VCID-8m6g-4wxe-7ygg", "summary": "kernel: dlm: prevent NPD when writing a positive value to event_done", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23131.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360285", "reference_id": "2360285", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360285" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-23131" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8m6g-4wxe-7ygg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77923?format=api", "vulnerability_id": "VCID-8qa4-2xqg-t3cz", "summary": "kernel: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38422.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383465", "reference_id": "2383465", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383465" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38422" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qa4-2xqg-t3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79697?format=api", "vulnerability_id": "VCID-8tsp-s5xf-bba3", "summary": "kernel: Linux kernel: Use-After-Free vulnerability in MSI translation via IOMMU domain change during VFIO operation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38062.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38062.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373358", "reference_id": "2373358", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373358" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38062" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tsp-s5xf-bba3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85846?format=api", "vulnerability_id": "VCID-8vdd-mghd-d7e7", "summary": "kernel: spi: mpc52xx: Add cancel_work_sync before module remove", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50051.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50051.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337126", "reference_id": "2337126", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337126" }, { "reference_url": "https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1", "reference_id": "373d55a47dc662e5e30d12ad5d334312f757c1f1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:12:07Z/" } ], "url": "https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1" }, { "reference_url": "https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b", "reference_id": "90b72189de2cddacb26250579da0510b29a8b82b", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:12:07Z/" } ], "url": "https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b" }, { "reference_url": "https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8", "reference_id": "984836621aad98802d92c4a3047114cf518074c8", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:12:07Z/" } ], "url": "https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8" }, { "reference_url": "https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21", "reference_id": "cd5106c77d6d6828aa82449f01f4eb436d602a21", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:12:07Z/" } ], "url": "https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21" }, { "reference_url": "https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1", "reference_id": "d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:12:07Z/" } ], "url": "https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1" }, { "reference_url": "https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817", "reference_id": "e0c6ce8424095c2da32a063d3fc027494c689817", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:12:07Z/" } ], "url": "https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817" }, { "reference_url": "https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59", "reference_id": "f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:12:07Z/" } ], "url": "https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-50051" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vdd-mghd-d7e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59177?format=api", "vulnerability_id": "VCID-8xhs-5sqt-dyh4", "summary": "kernel: batman-adv: stop tp_meter sessions during mesh teardown", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46208.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46208.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482585", "reference_id": "2482585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46208" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xhs-5sqt-dyh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86398?format=api", "vulnerability_id": "VCID-91dq-3zbb-eqet", "summary": "kernel: scsi: hisi_sas: Create all dump files during debugfs initialization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56588.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56588.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334522", "reference_id": "2334522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334522" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-56588" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91dq-3zbb-eqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84987?format=api", "vulnerability_id": "VCID-93a6-e7e4-guge", "summary": "In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return). This can lead to a potential use-after-free when the completion via io_rw_done runs at separate context.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52926.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52926.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347279", "reference_id": "2347279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347279" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52926" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93a6-e7e4-guge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72208?format=api", "vulnerability_id": "VCID-94as-r5ts-cbfa", "summary": "kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40168.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414482", "reference_id": "2414482", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2720", "reference_id": "RHSA-2026:2720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2821", "reference_id": "RHSA-2026:2821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3275", "reference_id": "RHSA-2026:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3488", "reference_id": "RHSA-2026:3488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4111", "reference_id": "RHSA-2026:4111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6954", "reference_id": "RHSA-2026:6954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9513", "reference_id": "RHSA-2026:9513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9514", "reference_id": "RHSA-2026:9514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9643", "reference_id": "RHSA-2026:9643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9643" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-40168" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94as-r5ts-cbfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75454?format=api", "vulnerability_id": "VCID-95rh-b457-2fh1", "summary": "kernel: Linux kernel: Denial of Service due to improper resource deallocation in tracing functionality", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39829.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39829.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/000aa47a51233fd38a629b029478e0278e1e9fbe", "reference_id": "000aa47a51233fd38a629b029478e0278e1e9fbe", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T18:17:20Z/" } ], "url": "https://git.kernel.org/stable/c/000aa47a51233fd38a629b029478e0278e1e9fbe" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395808", "reference_id": "2395808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395808" }, { "reference_url": "https://git.kernel.org/stable/c/2a2deb9f8df70480050351ac27041f19bb9e718b", "reference_id": "2a2deb9f8df70480050351ac27041f19bb9e718b", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T18:17:20Z/" } ], "url": "https://git.kernel.org/stable/c/2a2deb9f8df70480050351ac27041f19bb9e718b" }, { "reference_url": "https://git.kernel.org/stable/c/edede7a6dcd7435395cf757d053974aaab6ab1c2", "reference_id": "edede7a6dcd7435395cf757d053974aaab6ab1c2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-14T18:17:20Z/" } ], "url": "https://git.kernel.org/stable/c/edede7a6dcd7435395cf757d053974aaab6ab1c2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-39829" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95rh-b457-2fh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59560?format=api", "vulnerability_id": "VCID-9afn-v73t-7ya5", "summary": "kernel: gfs2: fix memory leaks in gfs2_fill_super error path", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45961.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482101", "reference_id": "2482101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482101" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45961" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9afn-v73t-7ya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60804?format=api", "vulnerability_id": "VCID-9kxz-khdu-vqb1", "summary": "kernel: scsi: ufs: core: Flush exception handling work when RPM level is zero", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43275.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43275.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467079", "reference_id": "2467079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467079" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-43275" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kxz-khdu-vqb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74827?format=api", "vulnerability_id": "VCID-9rfu-env8-4ybs", "summary": "kernel: media: atomisp: prevent integer overflow in sh_css_set_black_frame()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50399.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06338", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50399" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396430", "reference_id": "2396430", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396430" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50399" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rfu-env8-4ybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88703?format=api", "vulnerability_id": "VCID-9ut4-jgnw-dkb2", "summary": "In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a bug when running the \"remove single subflow\" subtest from the mptcp_join.sh selftest. Removing a 'subflow' endpoint will first trigger a RM_ADDR, then the subflow closure. Before this patch, and upon the reception of the RM_ADDR, the other peer will then try to decrement this add_addr_accepted. That's not correct because the attached subflows have not been created upon the reception of an ADD_ADDR. A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45009.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd", "reference_id": "1c1f721375989579e46741f59523e39ec9b2a9bd", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:51:12Z/" } ], "url": "https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd" }, { "reference_url": "https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c", "reference_id": "2060f1efab370b496c4903b840844ecaff324c3c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:51:12Z/" } ], "url": "https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311706", "reference_id": "2311706", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311706" }, { "reference_url": "https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d", "reference_id": "35b31f5549ede4070566b949781e83495906b43d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:51:12Z/" } ], "url": "https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d" }, { "reference_url": "https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7", "reference_id": "85b866e4c4e63a1d7afb58f1e24273caad03d0b7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:51:12Z/" } ], "url": "https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7" }, { "reference_url": "https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608", "reference_id": "d20bf2c96d7ffd171299b32f562f70e5bf5dc608", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:51:12Z/" } ], "url": "https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-45009" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ut4-jgnw-dkb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86063?format=api", "vulnerability_id": "VCID-9vdw-6qw2-rkb5", "summary": "kernel: net/smc: protect link down work from execute after lgr freed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56718.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334793", "reference_id": "2334793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334793" }, { "reference_url": "https://git.kernel.org/stable/c/2627c3e8646932dfc7b9722c88c2e1ffcf7a9fb2", "reference_id": "2627c3e8646932dfc7b9722c88c2e1ffcf7a9fb2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:58:28Z/" } ], "url": "https://git.kernel.org/stable/c/2627c3e8646932dfc7b9722c88c2e1ffcf7a9fb2" }, { "reference_url": "https://git.kernel.org/stable/c/2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec", "reference_id": "2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:58:28Z/" } ], "url": "https://git.kernel.org/stable/c/2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec" }, { "reference_url": "https://git.kernel.org/stable/c/841b1824750d3b8d1dc0a96b14db4418b952abbc", "reference_id": "841b1824750d3b8d1dc0a96b14db4418b952abbc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:58:28Z/" } ], "url": "https://git.kernel.org/stable/c/841b1824750d3b8d1dc0a96b14db4418b952abbc" }, { "reference_url": "https://git.kernel.org/stable/c/bec2f52866d511e94c1c37cd962e4382b1b1a299", "reference_id": "bec2f52866d511e94c1c37cd962e4382b1b1a299", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:58:28Z/" } ], "url": "https://git.kernel.org/stable/c/bec2f52866d511e94c1c37cd962e4382b1b1a299" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-56718" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vdw-6qw2-rkb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61947?format=api", "vulnerability_id": "VCID-9wb8-qrzj-8qcf", "summary": "kernel: KVM: x86: Use scratch field in MMIO fragment to hold small write values", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31588.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31588.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461458", "reference_id": "2461458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461458" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31588" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wb8-qrzj-8qcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59315?format=api", "vulnerability_id": "VCID-9wh1-8hg9-1bca", "summary": "kernel: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45841.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45841.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481867", "reference_id": "2481867", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45841" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wh1-8hg9-1bca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85911?format=api", "vulnerability_id": "VCID-9whm-wc4z-dbcv", "summary": "In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets Tasklets have an inherent problem with memory corruption. The function tasklet_action_common calls tasklet_trylock, then it calls the tasklet callback and then it calls tasklet_unlock. If the tasklet callback frees the structure that contains the tasklet or if it calls some code that may free it, tasklet_unlock will write into free memory. The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but it is not a sufficient fix and the data corruption can still happen [1]. There is no fix for dm-verity and dm-verity will write into free memory with every tasklet-processed bio. There will be atomic workqueues implemented in the kernel 6.9 [2]. They will have better interface and they will not suffer from the memory corruption problem. But we need something that stops the memory corruption now and that can be backported to the stable kernels. So, I'm proposing this commit that disables tasklets in both dm-crypt and dm-verity. This commit doesn't remove the tasklet support, because the tasklet code will be reused when atomic workqueues will be implemented. [1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/ [2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26718.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0a9bab391e336489169b95cb0d4553d921302189", "reference_id": "0a9bab391e336489169b95cb0d4553d921302189", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:52:23Z/" } ], "url": "https://git.kernel.org/stable/c/0a9bab391e336489169b95cb0d4553d921302189" }, { "reference_url": "https://git.kernel.org/stable/c/0c45a20cbe68bc4d681734f5c03891124a274257", "reference_id": "0c45a20cbe68bc4d681734f5c03891124a274257", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:52:23Z/" } ], "url": "https://git.kernel.org/stable/c/0c45a20cbe68bc4d681734f5c03891124a274257" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273146", "reference_id": "2273146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273146" }, { "reference_url": "https://git.kernel.org/stable/c/30884a44e0cedc3dfda8c22432f3ba4078ec2d94", "reference_id": "30884a44e0cedc3dfda8c22432f3ba4078ec2d94", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:52:23Z/" } ], "url": "https://git.kernel.org/stable/c/30884a44e0cedc3dfda8c22432f3ba4078ec2d94" }, { "reference_url": "https://git.kernel.org/stable/c/5735a2671ffb70ea29ca83969fe01316ee2ed6fc", "reference_id": "5735a2671ffb70ea29ca83969fe01316ee2ed6fc", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:52:23Z/" } ], "url": "https://git.kernel.org/stable/c/5735a2671ffb70ea29ca83969fe01316ee2ed6fc" }, { "reference_url": "https://git.kernel.org/stable/c/b825e0f9d68c178072bffd32dd34c39e3d2d597a", "reference_id": "b825e0f9d68c178072bffd32dd34c39e3d2d597a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:52:23Z/" } ], "url": "https://git.kernel.org/stable/c/b825e0f9d68c178072bffd32dd34c39e3d2d597a" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-26718" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9whm-wc4z-dbcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69726?format=api", "vulnerability_id": "VCID-9wre-s4bc-xkcc", "summary": "kernel: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68254.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68254.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422767", "reference_id": "2422767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-68254" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wre-s4bc-xkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84574?format=api", "vulnerability_id": "VCID-9zdu-q2wu-gycd", "summary": "In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In 'basic' time-travel mode (without =inf-cpu or =ext), we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timer_read(), which pushes time forward just a little bit. Then, if we happen to get the interrupt after calculating the new time to push to, but before actually finishing that, the interrupt will set the time to a value that's incompatible with the forward, and we'll crash because time goes backwards when we do the forwarding. Fix this by reading the time_travel_time, calculating the adjustment, and doing the adjustment all with interrupts disabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52633.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272802", "reference_id": "2272802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52633" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zdu-q2wu-gycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81003?format=api", "vulnerability_id": "VCID-9zyc-5bds-g7g2", "summary": "In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: \tWARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47188.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47188.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03413", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47188" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274621", "reference_id": "2274621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274621" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-47188" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zyc-5bds-g7g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85872?format=api", "vulnerability_id": "VCID-a69z-seup-33a6", "summary": "kernel: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57872.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337147", "reference_id": "2337147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337147" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-57872" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a69z-seup-33a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86821?format=api", "vulnerability_id": "VCID-aqry-akte-ukga", "summary": "In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apk unisoc #df -h | grep dm-48 /dev/block/dm-48 112G 112G 1.2M 100% /data unisoc # ./f2fs_io release_cblocks test.apk 924 unisoc # df -h | grep dm-48 /dev/block/dm-48 112G 112G 4.8M 100% /data unisoc # dd if=/dev/random of=file4 bs=1M count=3 3145728 bytes (3.0 M) copied, 0.025 s, 120 M/s unisoc # df -h | grep dm-48 /dev/block/dm-48 112G 112G 1.8M 100% /data unisoc # ./f2fs_io reserve_cblocks test.apk F2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device adb reboot unisoc # df -h | grep dm-48 /dev/block/dm-48 112G 112G 11M 100% /data unisoc # ./f2fs_io reserve_cblocks test.apk 0 This is because the file has only one direct_node. After returning to -ENOSPC, reserved_blocks += ret will not be executed. As a result, the reserved_blocks at this time is still 0, which is not the real number of reserved blocks. Therefore, fsck cannot be set to repair the file. After this patch, the fsck flag will be set to fix this problem. unisoc # df -h | grep dm-48 /dev/block/dm-48 112G 112G 1.8M 100% /data unisoc # ./f2fs_io reserve_cblocks test.apk F2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device adb reboot then fsck will be executed unisoc # df -h | grep dm-48 /dev/block/dm-48 112G 112G 11M 100% /data unisoc # ./f2fs_io reserve_cblocks test.apk 924", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35844.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281274", "reference_id": "2281274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281274" }, { "reference_url": "https://git.kernel.org/stable/c/2f6d721e14b69d6e1251f69fa238b48e8374e25f", "reference_id": "2f6d721e14b69d6e1251f69fa238b48e8374e25f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-17T16:58:26Z/" } ], "url": "https://git.kernel.org/stable/c/2f6d721e14b69d6e1251f69fa238b48e8374e25f" }, { "reference_url": "https://git.kernel.org/stable/c/569c198c9e2093fd29cc071856a4e548fda506bc", "reference_id": "569c198c9e2093fd29cc071856a4e548fda506bc", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-17T16:58:26Z/" } ], "url": "https://git.kernel.org/stable/c/569c198c9e2093fd29cc071856a4e548fda506bc" }, { "reference_url": "https://git.kernel.org/stable/c/889846dfc8ee2cf31148a44bfd2faeb2faadc685", "reference_id": "889846dfc8ee2cf31148a44bfd2faeb2faadc685", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-17T16:58:26Z/" } ], "url": "https://git.kernel.org/stable/c/889846dfc8ee2cf31148a44bfd2faeb2faadc685" }, { "reference_url": "https://git.kernel.org/stable/c/f0bf89e84c3afb79d7a3a9e4bc853ad6a3245c0a", "reference_id": "f0bf89e84c3afb79d7a3a9e4bc853ad6a3245c0a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-17T16:58:26Z/" } ], "url": "https://git.kernel.org/stable/c/f0bf89e84c3afb79d7a3a9e4bc853ad6a3245c0a" }, { "reference_url": "https://git.kernel.org/stable/c/fa3ac8b1a227d9b470b87972494293348b5839ee", "reference_id": "fa3ac8b1a227d9b470b87972494293348b5839ee", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-17T16:58:26Z/" } ], "url": "https://git.kernel.org/stable/c/fa3ac8b1a227d9b470b87972494293348b5839ee" }, { "reference_url": "https://git.kernel.org/stable/c/fc0aed88afbf6f606205129a7466eebdf528e3f3", "reference_id": "fc0aed88afbf6f606205129a7466eebdf528e3f3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-17T16:58:26Z/" } ], "url": "https://git.kernel.org/stable/c/fc0aed88afbf6f606205129a7466eebdf528e3f3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-35844" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqry-akte-ukga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86209?format=api", "vulnerability_id": "VCID-arhh-pkyj-sfbh", "summary": "kernel: sh: intc: Fix use-after-free bug in register_intc_controller()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53165.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334390", "reference_id": "2334390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334390" }, { "reference_url": "https://git.kernel.org/stable/c/3c7c806b3eafd94ae0f77305a174d63b69ec187c", "reference_id": "3c7c806b3eafd94ae0f77305a174d63b69ec187c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/3c7c806b3eafd94ae0f77305a174d63b69ec187c" }, { "reference_url": "https://git.kernel.org/stable/c/588bdec1ff8b81517dbae0ae51c9df52c0b952d3", "reference_id": "588bdec1ff8b81517dbae0ae51c9df52c0b952d3", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/588bdec1ff8b81517dbae0ae51c9df52c0b952d3" }, { "reference_url": "https://git.kernel.org/stable/c/63e72e551942642c48456a4134975136cdcb9b3c", "reference_id": "63e72e551942642c48456a4134975136cdcb9b3c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/63e72e551942642c48456a4134975136cdcb9b3c" }, { "reference_url": "https://git.kernel.org/stable/c/6ba6e19912570b2ad68298be0be1dc779014a303", "reference_id": "6ba6e19912570b2ad68298be0be1dc779014a303", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/6ba6e19912570b2ad68298be0be1dc779014a303" }, { "reference_url": "https://git.kernel.org/stable/c/971b4893457788e0e123ea552f0bb126a5300e61", "reference_id": "971b4893457788e0e123ea552f0bb126a5300e61", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/971b4893457788e0e123ea552f0bb126a5300e61" }, { "reference_url": "https://git.kernel.org/stable/c/b8b84dcdf3ab1d414304819f824b10efba64132c", "reference_id": "b8b84dcdf3ab1d414304819f824b10efba64132c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/b8b84dcdf3ab1d414304819f824b10efba64132c" }, { "reference_url": "https://git.kernel.org/stable/c/c3f4f4547fb291982f5ef56c048277c4d5ccc4e4", "reference_id": "c3f4f4547fb291982f5ef56c048277c4d5ccc4e4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/c3f4f4547fb291982f5ef56c048277c4d5ccc4e4" }, { "reference_url": "https://git.kernel.org/stable/c/c43df7dae28fb9fce96ef088250c1e3c3a77c527", "reference_id": "c43df7dae28fb9fce96ef088250c1e3c3a77c527", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/c43df7dae28fb9fce96ef088250c1e3c3a77c527" }, { "reference_url": "https://git.kernel.org/stable/c/d8de818df12d86a1a26a8efd7b4b3b9c6dc3c5cc", "reference_id": "d8de818df12d86a1a26a8efd7b4b3b9c6dc3c5cc", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:43:49Z/" } ], "url": "https://git.kernel.org/stable/c/d8de818df12d86a1a26a8efd7b4b3b9c6dc3c5cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-53165" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arhh-pkyj-sfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86953?format=api", "vulnerability_id": "VCID-assx-fhys-jfe2", "summary": "In the Linux kernel, the following vulnerability has been resolved: net: phy: phy_device: Prevent nullptr exceptions on ISR If phydev->irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service routine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35945.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281785", "reference_id": "2281785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281785" }, { "reference_url": "https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311", "reference_id": "3419ee39e3d3162ab2ec9942bb537613ed5b6311", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T17:11:47Z/" } ], "url": "https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311" }, { "reference_url": "https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b", "reference_id": "61c81872815f46006982bb80460c0c80a949b35b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T17:11:47Z/" } ], "url": "https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b" }, { "reference_url": "https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5", "reference_id": "7a71f61ebf95cedd3f245db6da397822971d8db5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T17:11:47Z/" } ], "url": "https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-35945" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-assx-fhys-jfe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83313?format=api", "vulnerability_id": "VCID-awnb-656q-sycz", "summary": "In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_spapr_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49437.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01628", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49437" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "reference_id": "2347807", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49437" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awnb-656q-sycz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79169?format=api", "vulnerability_id": "VCID-awuy-pm3t-f7da", "summary": "kernel: NFSD: fix race between nfsd registration and exports_proc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38232.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376410", "reference_id": "2376410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376410" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38232" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awuy-pm3t-f7da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59286?format=api", "vulnerability_id": "VCID-b2u3-w3y7-ufh4", "summary": "kernel: ipmi:si: Return state to normal if message allocation fails", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46108.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46108.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482661", "reference_id": "2482661", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46108" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2u3-w3y7-ufh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85891?format=api", "vulnerability_id": "VCID-b374-5mmh-2ud8", "summary": "kernel: bpf: Prevent tailcall infinite loop caused by freplace", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47794.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47794.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337344", "reference_id": "2337344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337344" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-47794" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b374-5mmh-2ud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61473?format=api", "vulnerability_id": "VCID-b3rm-31tt-syed", "summary": "kernel: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31698.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31698.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464415", "reference_id": "2464415", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464415" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31698" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3rm-31tt-syed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59191?format=api", "vulnerability_id": "VCID-b63v-qyb3-a3hg", "summary": "kernel: hfsplus: fix uninit-value by validating catalog record size", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46169.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482595", "reference_id": "2482595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482595" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46169" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b63v-qyb3-a3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83445?format=api", "vulnerability_id": "VCID-b6nd-4eb8-2qey", "summary": "In the Linux kernel, the following vulnerability has been resolved: media: i2c: dw9714: Disable the regulator when the driver fails to probe When the driver fails to probe, we will get the following splat: [ 59.305988] ------------[ cut here ]------------ [ 59.306417] WARNING: CPU: 2 PID: 395 at drivers/regulator/core.c:2257 _regulator_put+0x3ec/0x4e0 [ 59.310345] RIP: 0010:_regulator_put+0x3ec/0x4e0 [ 59.318362] Call Trace: [ 59.318582] <TASK> [ 59.318765] regulator_put+0x1f/0x30 [ 59.319058] devres_release_group+0x319/0x3d0 [ 59.319420] i2c_device_probe+0x766/0x940 Fix this by disabling the regulator in error handling.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49528.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25694", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49528" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347791", "reference_id": "2347791", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347791" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49528" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nd-4eb8-2qey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85913?format=api", "vulnerability_id": "VCID-b7xg-dx5p-5yas", "summary": "kernel: soc: imx8m: Probe the SoC driver as platform driver", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56787.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/2129f6faa5dfe8c6b87aad11720bf75edd77d3e4", "reference_id": "2129f6faa5dfe8c6b87aad11720bf75edd77d3e4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:56:05Z/" } ], "url": "https://git.kernel.org/stable/c/2129f6faa5dfe8c6b87aad11720bf75edd77d3e4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336540", "reference_id": "2336540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336540" }, { "reference_url": "https://git.kernel.org/stable/c/997a3c04d7fa3d1d385c14691350d096fada648c", "reference_id": "997a3c04d7fa3d1d385c14691350d096fada648c", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:56:05Z/" } ], "url": "https://git.kernel.org/stable/c/997a3c04d7fa3d1d385c14691350d096fada648c" }, { "reference_url": "https://git.kernel.org/stable/c/9cc832d37799dbea950c4c8a34721b02b8b5a8ff", "reference_id": "9cc832d37799dbea950c4c8a34721b02b8b5a8ff", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:56:05Z/" } ], "url": "https://git.kernel.org/stable/c/9cc832d37799dbea950c4c8a34721b02b8b5a8ff" }, { "reference_url": "https://git.kernel.org/stable/c/e497edb8f31ec2c2b6f4ce930e175aa2da8be334", "reference_id": "e497edb8f31ec2c2b6f4ce930e175aa2da8be334", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:56:05Z/" } ], "url": "https://git.kernel.org/stable/c/e497edb8f31ec2c2b6f4ce930e175aa2da8be334" }, { "reference_url": "https://git.kernel.org/stable/c/ea2ff66feb5f9b183f9e2f9d06c21340bd88de12", "reference_id": "ea2ff66feb5f9b183f9e2f9d06c21340bd88de12", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:56:05Z/" } ], "url": "https://git.kernel.org/stable/c/ea2ff66feb5f9b183f9e2f9d06c21340bd88de12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-56787" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7xg-dx5p-5yas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79730?format=api", "vulnerability_id": "VCID-b8ax-m5r3-wffb", "summary": "kernel: drm/amd/display: Increase block_sequence array size", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38080.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373379", "reference_id": "2373379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38080" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8ax-m5r3-wffb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59424?format=api", "vulnerability_id": "VCID-bcqf-63bc-jfgr", "summary": "kernel: crypto: authencesn - reject short ahash digests during instance creation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46033.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46033.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482000", "reference_id": "2482000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482000" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46033" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcqf-63bc-jfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82471?format=api", "vulnerability_id": "VCID-bes8-6rc1-ckbh", "summary": "In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There is warning report about of_node refcount leak while probing mdio device: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4 In of_mdiobus_register_device(), we increase fwnode refcount by fwnode_handle_get() before associating the of_node with mdio device, but it has never been decreased in normal path. Since that, in mdio_device_release(), it needs to call fwnode_handle_put() in addition instead of calling kfree() directly. After above, just calling mdio_device_free() in the error handle path of of_mdiobus_register_device() is enough to keep the refcount balanced.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48961" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320700", "reference_id": "2320700", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320700" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48961" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bes8-6rc1-ckbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59927?format=api", "vulnerability_id": "VCID-bhjm-r1e1-fbeh", "summary": "kernel: net/rds: reset op_nents when zerocopy page pin fails", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43494.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43494.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480434", "reference_id": "2480434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480434" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43494" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhjm-r1e1-fbeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60869?format=api", "vulnerability_id": "VCID-bhw2-7e12-vbbs", "summary": "kernel: net: cpsw_new: Fix potential unregister of netdev that has not been registered yet", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43219.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43219.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467125", "reference_id": "2467125", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467125" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-43219" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhw2-7e12-vbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87357?format=api", "vulnerability_id": "VCID-bj6s-1ase-87f6", "summary": "kernel: udf: refactor inode_bmap() to handle error", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50211.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324597", "reference_id": "2324597", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324597" }, { "reference_url": "https://git.kernel.org/stable/c/493447dd8336607fce426f7879e581095f6c606e", "reference_id": "493447dd8336607fce426f7879e581095f6c606e", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:19Z/" } ], "url": "https://git.kernel.org/stable/c/493447dd8336607fce426f7879e581095f6c606e" }, { "reference_url": "https://git.kernel.org/stable/c/b22d9a5698abf04341f8fbc30141e0673863c3a6", "reference_id": "b22d9a5698abf04341f8fbc30141e0673863c3a6", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:19Z/" } ], "url": "https://git.kernel.org/stable/c/b22d9a5698abf04341f8fbc30141e0673863c3a6" }, { "reference_url": "https://git.kernel.org/stable/c/c226964ec786f3797ed389a16392ce4357697d24", "reference_id": "c226964ec786f3797ed389a16392ce4357697d24", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:17:19Z/" } ], "url": "https://git.kernel.org/stable/c/c226964ec786f3797ed389a16392ce4357697d24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-50211" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bj6s-1ase-87f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85902?format=api", "vulnerability_id": "VCID-bkb2-dnpj-bbg8", "summary": "In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer dereference may occur. Call Stack: \tCPU1: CPU2: \tgadget_unbind_driver dwc3_suspend_common \tdwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26715.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273152", "reference_id": "2273152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273152" }, { "reference_url": "https://git.kernel.org/stable/c/36695d5eeeefe5a64b47d0336e7c8fc144e78182", "reference_id": "36695d5eeeefe5a64b47d0336e7c8fc144e78182", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T17:49:51Z/" } ], "url": "https://git.kernel.org/stable/c/36695d5eeeefe5a64b47d0336e7c8fc144e78182" }, { "reference_url": "https://git.kernel.org/stable/c/57e2e42ccd3cd6183228269715ed032f44536751", "reference_id": "57e2e42ccd3cd6183228269715ed032f44536751", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T17:49:51Z/" } ], "url": "https://git.kernel.org/stable/c/57e2e42ccd3cd6183228269715ed032f44536751" }, { "reference_url": "https://git.kernel.org/stable/c/61a348857e869432e6a920ad8ea9132e8d44c316", "reference_id": "61a348857e869432e6a920ad8ea9132e8d44c316", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T17:49:51Z/" } ], "url": "https://git.kernel.org/stable/c/61a348857e869432e6a920ad8ea9132e8d44c316" }, { "reference_url": "https://git.kernel.org/stable/c/88936ceab6b426f1312327e9ef849c215c6007a7", "reference_id": "88936ceab6b426f1312327e9ef849c215c6007a7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T17:49:51Z/" } ], "url": "https://git.kernel.org/stable/c/88936ceab6b426f1312327e9ef849c215c6007a7" }, { "reference_url": "https://git.kernel.org/stable/c/c7ebd8149ee519d27232e6e4940e9c02071b568b", "reference_id": "c7ebd8149ee519d27232e6e4940e9c02071b568b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T17:49:51Z/" } ], "url": "https://git.kernel.org/stable/c/c7ebd8149ee519d27232e6e4940e9c02071b568b" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-26715" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkb2-dnpj-bbg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82444?format=api", "vulnerability_id": "VCID-bmt5-zv3s-2fga", "summary": "In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct soc_device_attribute array, which causes an oops when assessed by the soc_device_match(mt7621_pcie_quirks_match) call. This was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr was fixed to register the SOC as a device, in: commit 7c18b64bba3b (\"mips: ralink: mt7621: do not use kzalloc too early\") Fix it by adding the required sentinel.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48952.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48952.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0654", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48952" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320789", "reference_id": "2320789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320789" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48952" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmt5-zv3s-2fga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85541?format=api", "vulnerability_id": "VCID-bqz2-xrym-wkg8", "summary": "kernel: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21656.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21656.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339139", "reference_id": "2339139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-21656" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqz2-xrym-wkg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86260?format=api", "vulnerability_id": "VCID-bqzs-pg7m-f3gp", "summary": "kernel: erofs: handle NONHEAD !delta[1] lclusters gracefully", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53234.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53234.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334418", "reference_id": "2334418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334418" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-53234" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqzs-pg7m-f3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85755?format=api", "vulnerability_id": "VCID-bsta-vps8-wkgy", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368) 357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev, \t\t\t\t enum amdgpu_mca_error_type type, 358 int idx, struct mca_bank_entry *entry) 359 { 360 const struct amdgpu_mca_smu_funcs *mca_funcs = \t\t\t\t\t\tadev->mca.mca_funcs; 361 int count; 362 363 switch (type) { 364 case AMDGPU_MCA_ERROR_TYPE_UE: 365 count = mca_funcs->max_ue_count; mca_funcs is dereferenced here. 366 break; 367 case AMDGPU_MCA_ERROR_TYPE_CE: 368 count = mca_funcs->max_ce_count; mca_funcs is dereferenced here. 369 break; 370 default: 371 return -EINVAL; 372 } 373 374 if (idx >= count) 375 return -EINVAL; 376 377 if (mca_funcs && mca_funcs->mca_get_mca_entry) \t ^^^^^^^^^ Checked too late!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26672.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272814", "reference_id": "2272814", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272814" }, { "reference_url": "https://git.kernel.org/stable/c/4f32504a2f85a7b40fe149436881381f48e9c0c0", "reference_id": "4f32504a2f85a7b40fe149436881381f48e9c0c0", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-02T15:55:06Z/" } ], "url": "https://git.kernel.org/stable/c/4f32504a2f85a7b40fe149436881381f48e9c0c0" }, { "reference_url": "https://git.kernel.org/stable/c/7b5d58c07024516c0e81b95e98f37710cf402c53", "reference_id": "7b5d58c07024516c0e81b95e98f37710cf402c53", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-02T15:55:06Z/" } ], "url": "https://git.kernel.org/stable/c/7b5d58c07024516c0e81b95e98f37710cf402c53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-26672" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bsta-vps8-wkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74047?format=api", "vulnerability_id": "VCID-c14p-vq3e-hygx", "summary": "kernel: cifs: fix mid leak during reconnection after timeout threshold", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53597.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53597.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401466", "reference_id": "2401466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5101", "reference_id": "RHSA-2024:5101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53597" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c14p-vq3e-hygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87806?format=api", "vulnerability_id": "VCID-c3c9-vkgb-h7b9", "summary": "In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv resource release is added to the sec resource release function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41002.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41002.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297586", "reference_id": "2297586", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297586" }, { "reference_url": "https://git.kernel.org/stable/c/36810d2db3496bb8b4db7ccda666674a5efc7b47", "reference_id": "36810d2db3496bb8b4db7ccda666674a5efc7b47", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:01:11Z/" } ], "url": "https://git.kernel.org/stable/c/36810d2db3496bb8b4db7ccda666674a5efc7b47" }, { "reference_url": "https://git.kernel.org/stable/c/7c42ce556ff65995c8875c9ed64141c14238e7e6", "reference_id": "7c42ce556ff65995c8875c9ed64141c14238e7e6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:01:11Z/" } ], "url": "https://git.kernel.org/stable/c/7c42ce556ff65995c8875c9ed64141c14238e7e6" }, { "reference_url": "https://git.kernel.org/stable/c/9f21886370db451b0fdc651f6e41550a1da70601", "reference_id": "9f21886370db451b0fdc651f6e41550a1da70601", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:01:11Z/" } ], "url": "https://git.kernel.org/stable/c/9f21886370db451b0fdc651f6e41550a1da70601" }, { "reference_url": "https://git.kernel.org/stable/c/a886bcb0f67d1e3d6b2da25b3519de59098200c2", "reference_id": "a886bcb0f67d1e3d6b2da25b3519de59098200c2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:01:11Z/" } ], "url": "https://git.kernel.org/stable/c/a886bcb0f67d1e3d6b2da25b3519de59098200c2" }, { "reference_url": "https://git.kernel.org/stable/c/bba4250757b4ae1680fea435a358d8093f254094", "reference_id": "bba4250757b4ae1680fea435a358d8093f254094", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:01:11Z/" } ], "url": "https://git.kernel.org/stable/c/bba4250757b4ae1680fea435a358d8093f254094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-41002" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3c9-vkgb-h7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83319?format=api", "vulnerability_id": "VCID-c449-62ea-fkau", "summary": "In the Linux kernel, the following vulnerability has been resolved: list: fix a data-race around ep->rdllist ep_poll() first calls ep_events_available() with no lock held and checks if ep->rdllist is empty by list_empty_careful(), which reads rdllist->prev. Thus all accesses to it need some protection to avoid store/load-tearing. Note INIT_LIST_HEAD_RCU() already has the annotation for both prev and next. Commit bf3b9f6372c4 (\"epoll: Add busy poll support to epoll with socket fds.\") added the first lockless ep_events_available(), and commit c5a282e9635e (\"fs/epoll: reduce the scope of wq lock in epoll_wait()\") made some ep_events_available() calls lockless and added single call under a lock, finally commit e59d3c64cba6 (\"epoll: eliminate unnecessary lock for zero timeout\") made the last ep_events_available() lockless. BUG: KCSAN: data-race in do_epoll_wait / do_epoll_wait write to 0xffff88810480c7d8 of 8 bytes by task 1802 on cpu 0: INIT_LIST_HEAD include/linux/list.h:38 [inline] list_splice_init include/linux/list.h:492 [inline] ep_start_scan fs/eventpoll.c:622 [inline] ep_send_events fs/eventpoll.c:1656 [inline] ep_poll fs/eventpoll.c:1806 [inline] do_epoll_wait+0x4eb/0xf40 fs/eventpoll.c:2234 do_epoll_pwait fs/eventpoll.c:2268 [inline] __do_sys_epoll_pwait fs/eventpoll.c:2281 [inline] __se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275 __x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff88810480c7d8 of 8 bytes by task 1799 on cpu 1: list_empty_careful include/linux/list.h:329 [inline] ep_events_available fs/eventpoll.c:381 [inline] ep_poll fs/eventpoll.c:1797 [inline] do_epoll_wait+0x279/0xf40 fs/eventpoll.c:2234 do_epoll_pwait fs/eventpoll.c:2268 [inline] __do_sys_epoll_pwait fs/eventpoll.c:2281 [inline] __se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275 __x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0xffff88810480c7d0 -> 0xffff888103c15098 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 1799 Comm: syz-fuzzer Tainted: G W 5.17.0-rc7-syzkaller-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49443.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49443", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00812", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49443" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "reference_id": "2348240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49443" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c449-62ea-fkau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74770?format=api", "vulnerability_id": "VCID-c4tp-quup-euc8", "summary": "kernel: drm/amdgpu: SDMA update use unlocked iterator", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50393.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04097", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50393" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396403", "reference_id": "2396403", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6583", "reference_id": "RHSA-2023:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7077", "reference_id": "RHSA-2023:7077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7077" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50393" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4tp-quup-euc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63757?format=api", "vulnerability_id": "VCID-c6zk-te2v-t7a2", "summary": "kernel: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23448.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23448.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454858", "reference_id": "2454858", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-23448" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6zk-te2v-t7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72187?format=api", "vulnerability_id": "VCID-cb4p-1ysu-cuck", "summary": "kernel: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40149.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40149.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414466", "reference_id": "2414466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414466" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-40149" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cb4p-1ysu-cuck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76160?format=api", "vulnerability_id": "VCID-cdmn-b13u-4kbs", "summary": "kernel: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39684.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39684.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393502", "reference_id": "2393502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393502" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-39684" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdmn-b13u-4kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73868?format=api", "vulnerability_id": "VCID-ch6v-9ant-3qhx", "summary": "kernel: drm/amdgpu: Fix size validation for non-exclusive domains (v4)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02323", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50527" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402249", "reference_id": "2402249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6583", "reference_id": "RHSA-2023:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7077", "reference_id": "RHSA-2023:7077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7077" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50527" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ch6v-9ant-3qhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87026?format=api", "vulnerability_id": "VCID-cjrz-aqf5-5qaj", "summary": "kernel: smb: client: Fix use-after-free of network namespace.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53095.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53095.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327888", "reference_id": "2327888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327888" }, { "reference_url": "https://git.kernel.org/stable/c/c7f9282fc27fc36dbaffc8527c723de264a132f8", "reference_id": "c7f9282fc27fc36dbaffc8527c723de264a132f8", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T14:28:13Z/" } ], "url": "https://git.kernel.org/stable/c/c7f9282fc27fc36dbaffc8527c723de264a132f8" }, { "reference_url": "https://git.kernel.org/stable/c/e8c71494181153a134c96da28766a57bd1eac8cb", "reference_id": "e8c71494181153a134c96da28766a57bd1eac8cb", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T14:28:13Z/" } ], "url": "https://git.kernel.org/stable/c/e8c71494181153a134c96da28766a57bd1eac8cb" }, { "reference_url": "https://git.kernel.org/stable/c/ef7134c7fc48e1441b398e55a862232868a6f0a7", "reference_id": "ef7134c7fc48e1441b398e55a862232868a6f0a7", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T14:28:13Z/" } ], "url": "https://git.kernel.org/stable/c/ef7134c7fc48e1441b398e55a862232868a6f0a7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-53095" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjrz-aqf5-5qaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87660?format=api", "vulnerability_id": "VCID-ck6v-aa7m-23cp", "summary": "In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix the problem, when link status change, need to check whether the roce registered, and when uninit, need to wait link update finish.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39507.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39507.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4", "reference_id": "12cda920212a49fa22d9e8b9492ac4ea013310a4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:06:51Z/" } ], "url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297702", "reference_id": "2297702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297702" }, { "reference_url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48", "reference_id": "62b5dfb67bfa8bd0301bf3442004563495f9ee48", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:06:51Z/" } ], "url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48" }, { "reference_url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "reference_id": "689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:06:51Z/" } ], "url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa" }, { "reference_url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63", "reference_id": "6d0007f7b69d684879a0f598a042e40244d3cf63", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:06:51Z/" } ], "url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63" }, { "reference_url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd", "reference_id": "b2c5024b771cd1dd8175d5f6949accfadbab7edd", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:06:51Z/" } ], "url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10771", "reference_id": "RHSA-2024:10771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-39507" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ck6v-aa7m-23cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88316?format=api", "vulnerability_id": "VCID-cmba-76wf-qbh7", "summary": "In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel. Change the kexec sequence to disable AIL after other CPUs have been brought down. As a refresher, the real-mode scv interrupt vector is 0x17000, and the fixed-location head code probably couldn't easily deal with implementing such high addresses so it was just decided not to support that interrupt at all.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42230.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011", "reference_id": "21a741eb75f80397e5f7d3739e24d7d75e619011", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:14:24Z/" } ], "url": "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301547", "reference_id": "2301547", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301547" }, { "reference_url": "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3", "reference_id": "8c6506616386ce37e59b2745fc481c6713fae4f3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:14:24Z/" } ], "url": "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3" }, { "reference_url": "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c", "reference_id": "c550679d604798d9fed8a5b2bb5693448a25407c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:14:24Z/" } ], "url": "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c" }, { "reference_url": "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5", "reference_id": "d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:14:24Z/" } ], "url": "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-42230" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmba-76wf-qbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77805?format=api", "vulnerability_id": "VCID-cryk-yf4g-4bau", "summary": "kernel: drm/msm: Fix a fence leak in submit error path", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38410.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38410.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383394", "reference_id": "2383394", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38410" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cryk-yf4g-4bau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87984?format=api", "vulnerability_id": "VCID-ctk6-edz1-tfbh", "summary": "kernel: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47728.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320265", "reference_id": "2320265", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320265" }, { "reference_url": "https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f", "reference_id": "4b3786a6c5397dc220b1483d8e2f4867743e966f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T13:00:53Z/" } ], "url": "https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f" }, { "reference_url": "https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a", "reference_id": "594a9f5a8d2de2573a856e506f77ba7dd2cefc6a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T13:00:53Z/" } ], "url": "https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a" }, { "reference_url": "https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962", "reference_id": "599d15b6d03356a97bff7a76155c5604c42a2962", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T13:00:53Z/" } ], "url": "https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962" }, { "reference_url": "https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980", "reference_id": "8397bf78988f3ae9dbebb0200189a62a57264980", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T13:00:53Z/" } ], "url": "https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980" }, { "reference_url": "https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0", "reference_id": "a634fa8e480ac2423f86311a602f6295df2c8ed0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T13:00:53Z/" } ], "url": "https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-47728" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctk6-edz1-tfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87781?format=api", "vulnerability_id": "VCID-cvxx-ddda-kbc5", "summary": "kernel: uprobe: avoid out-of-bounds memory access of fetching args", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50067.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0dc3ad9ad2188da7f090b3dbe4d2fcd9ae8ae64f", "reference_id": "0dc3ad9ad2188da7f090b3dbe4d2fcd9ae8ae64f", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T14:49:09Z/" } ], "url": "https://git.kernel.org/stable/c/0dc3ad9ad2188da7f090b3dbe4d2fcd9ae8ae64f" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322072", "reference_id": "2322072", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322072" }, { "reference_url": "https://git.kernel.org/stable/c/373b9338c9722a368925d83bc622c596896b328e", "reference_id": "373b9338c9722a368925d83bc622c596896b328e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T14:49:09Z/" } ], "url": "https://git.kernel.org/stable/c/373b9338c9722a368925d83bc622c596896b328e" }, { "reference_url": "https://git.kernel.org/stable/c/537ad4a431f6dddbf15d40d19f24bb9ee12b55cb", "reference_id": "537ad4a431f6dddbf15d40d19f24bb9ee12b55cb", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T14:49:09Z/" } ], "url": "https://git.kernel.org/stable/c/537ad4a431f6dddbf15d40d19f24bb9ee12b55cb" }, { "reference_url": "https://git.kernel.org/stable/c/9e5f93788c9dd4309e75a56860a1ac44a8e117b9", "reference_id": "9e5f93788c9dd4309e75a56860a1ac44a8e117b9", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T14:49:09Z/" } ], "url": "https://git.kernel.org/stable/c/9e5f93788c9dd4309e75a56860a1ac44a8e117b9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-50067" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvxx-ddda-kbc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60750?format=api", "vulnerability_id": "VCID-cyee-gj74-1khy", "summary": "kernel: netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43085.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43085.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467020", "reference_id": "2467020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467020" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43085" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyee-gj74-1khy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79612?format=api", "vulnerability_id": "VCID-dak7-j4ff-kqb7", "summary": "kernel: virtio: break and reset virtio devices on device_shutdown()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38064.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38064.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373319", "reference_id": "2373319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373319" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-38064" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dak7-j4ff-kqb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86085?format=api", "vulnerability_id": "VCID-dks7-nav4-qkcw", "summary": "kernel: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56746.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56746.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce", "reference_id": "0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334815", "reference_id": "2334815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334815" }, { "reference_url": "https://git.kernel.org/stable/c/29216bb390e36daeebef66abaa02d9751330252b", "reference_id": "29216bb390e36daeebef66abaa02d9751330252b", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/29216bb390e36daeebef66abaa02d9751330252b" }, { "reference_url": "https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2", "reference_id": "3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2" }, { "reference_url": "https://git.kernel.org/stable/c/40f4326ed05a3b3537556ff2a844958b9e779a98", "reference_id": "40f4326ed05a3b3537556ff2a844958b9e779a98", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/40f4326ed05a3b3537556ff2a844958b9e779a98" }, { "reference_url": "https://git.kernel.org/stable/c/bad37309c8b8bf1cfc893750df0951a804009ca0", "reference_id": "bad37309c8b8bf1cfc893750df0951a804009ca0", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/bad37309c8b8bf1cfc893750df0951a804009ca0" }, { "reference_url": "https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5", "reference_id": "d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5" }, { "reference_url": "https://git.kernel.org/stable/c/d48cbfa90dce506030151915fa3346d67f964af4", "reference_id": "d48cbfa90dce506030151915fa3346d67f964af4", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/d48cbfa90dce506030151915fa3346d67f964af4" }, { "reference_url": "https://git.kernel.org/stable/c/f4fbd70e15fafe36a7583954ce189aaf5536aeec", "reference_id": "f4fbd70e15fafe36a7583954ce189aaf5536aeec", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/f4fbd70e15fafe36a7583954ce189aaf5536aeec" }, { "reference_url": "https://git.kernel.org/stable/c/f89d17ae2ac42931be2a0153fecbf8533280c927", "reference_id": "f89d17ae2ac42931be2a0153fecbf8533280c927", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T20:10:09Z/" } ], "url": "https://git.kernel.org/stable/c/f89d17ae2ac42931be2a0153fecbf8533280c927" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-56746" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dks7-nav4-qkcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88070?format=api", "vulnerability_id": "VCID-dn7j-n97s-bqgf", "summary": "kernel: x86/mm/ident_map: Use gbpages only where full GB page should be mapped.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50017.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320477", "reference_id": "2320477", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320477" }, { "reference_url": "https://git.kernel.org/stable/c/a23823098ab2c277c14fc110b97d8d5c83597195", "reference_id": "a23823098ab2c277c14fc110b97d8d5c83597195", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:27:53Z/" } ], "url": "https://git.kernel.org/stable/c/a23823098ab2c277c14fc110b97d8d5c83597195" }, { "reference_url": "https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036", "reference_id": "cc31744a294584a36bf764a0ffa3255a8e69f036", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:27:53Z/" } ], "url": "https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036" }, { "reference_url": "https://git.kernel.org/stable/c/d113f9723f2bfd9c6feeb899b8ddbee6b8a6e01f", "reference_id": "d113f9723f2bfd9c6feeb899b8ddbee6b8a6e01f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:27:53Z/" } ], "url": "https://git.kernel.org/stable/c/d113f9723f2bfd9c6feeb899b8ddbee6b8a6e01f" }, { "reference_url": "https://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740", "reference_id": "d80a99892f7a992d103138fa4636b2c33abd6740", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:27:53Z/" } ], "url": "https://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-50017" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dn7j-n97s-bqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88147?format=api", "vulnerability_id": "VCID-dpuv-bpb1-y3hy", "summary": "In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42098.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300717", "reference_id": "2300717", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300717" }, { "reference_url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8", "reference_id": "39173b04abda87872b43c331468a4a14f8f05ce8", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:18:15Z/" } ], "url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8" }, { "reference_url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9", "reference_id": "73e5984e540a76a2ee1868b91590c922da8c24c9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:18:15Z/" } ], "url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9" }, { "reference_url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975", "reference_id": "80575b252ab0358b7e93895b2a510beb3cb3f975", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:18:15Z/" } ], "url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975" }, { "reference_url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df", "reference_id": "d96187eb8e59b572a8e6a68b6a9837a867ea29df", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:18:15Z/" } ], "url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df" }, { "reference_url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d", "reference_id": "fd7ef325911eba1b7191b83cb580463242f2090d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:18:15Z/" } ], "url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-42098" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpuv-bpb1-y3hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70827?format=api", "vulnerability_id": "VCID-dr6k-wngb-gyf3", "summary": "kernel: gfs2: Fix unlikely race in gdlm_put_lock", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40242.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40242.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418819", "reference_id": "2418819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418819" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-40242" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dr6k-wngb-gyf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72714?format=api", "vulnerability_id": "VCID-du51-qgzm-t7bb", "summary": "kernel: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40107.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40107.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2411971", "reference_id": "2411971", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2411971" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-40107" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-du51-qgzm-t7bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87301?format=api", "vulnerability_id": "VCID-duaf-rgdb-wybk", "summary": "kernel: net: fix crash when config small gso_max_size/gso_ipv4_max_size", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50258.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50258.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324879", "reference_id": "2324879", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324879" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-50258" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duaf-rgdb-wybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81829?format=api", "vulnerability_id": "VCID-dxeb-ytcr-ukgu", "summary": "In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48626.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48626.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03444", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48626" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266029", "reference_id": "2266029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48626" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxeb-ytcr-ukgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60964?format=api", "vulnerability_id": "VCID-dzxk-k3kb-fkf6", "summary": "kernel: iommu/amd: move wait_on_sem() out of spinlock", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43253.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43253.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467189", "reference_id": "2467189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467189" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43253" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzxk-k3kb-fkf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69707?format=api", "vulnerability_id": "VCID-e3g9-hen2-13gx", "summary": "kernel: Linux kernel: Denial of Service during UFS power down", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68236.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68236.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422752", "reference_id": "2422752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422752" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-68236" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3g9-hen2-13gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74565?format=api", "vulnerability_id": "VCID-e8js-1wyx-7kdc", "summary": "kernel: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39873.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39873.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397568", "reference_id": "2397568", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397568" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-39873" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8js-1wyx-7kdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76785?format=api", "vulnerability_id": "VCID-e9ta-5b61-kbhb", "summary": "kernel: wifi: mac80211: reject TDLS operations when station is not associated", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38644.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38644.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390367", "reference_id": "2390367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390367" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38644" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ta-5b61-kbhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83487?format=api", "vulnerability_id": "VCID-e9w8-gjs3-zfd3", "summary": "In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49563.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49563.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49563", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01022", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348204", "reference_id": "2348204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348204" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49563" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9w8-gjs3-zfd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86146?format=api", "vulnerability_id": "VCID-e9wa-pymx-vucj", "summary": "kernel: f2fs: fix to do sanity check on node blkaddr in truncate_node()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56692.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0a5c8b3fbf6200f1c66062d307c9a52084917788", "reference_id": "0a5c8b3fbf6200f1c66062d307c9a52084917788", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:59:11Z/" } ], "url": "https://git.kernel.org/stable/c/0a5c8b3fbf6200f1c66062d307c9a52084917788" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334690", "reference_id": "2334690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334690" }, { "reference_url": "https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d", "reference_id": "27d6e7eff07f8cce8e83b162d8f21a07458c860d", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:59:11Z/" } ], "url": "https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d" }, { "reference_url": "https://git.kernel.org/stable/c/6babe00ccd34fc65b78ef8b99754e32b4385f23d", "reference_id": "6babe00ccd34fc65b78ef8b99754e32b4385f23d", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:59:11Z/" } ], "url": "https://git.kernel.org/stable/c/6babe00ccd34fc65b78ef8b99754e32b4385f23d" }, { "reference_url": "https://git.kernel.org/stable/c/c1077078ce4589b5e5387f6b0aaa0d4534b9eb57", "reference_id": "c1077078ce4589b5e5387f6b0aaa0d4534b9eb57", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:59:11Z/" } ], "url": "https://git.kernel.org/stable/c/c1077078ce4589b5e5387f6b0aaa0d4534b9eb57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-56692" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9wa-pymx-vucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69187?format=api", "vulnerability_id": "VCID-easc-nw6v-5ubv", "summary": "kernel: Linux kernel: Denial of Service in RDMA/bnxt_re driver due to race condition during QP destruction", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-54048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-54048.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425013", "reference_id": "2425013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2394", "reference_id": "RHSA-2024:2394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-54048" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-easc-nw6v-5ubv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65144?format=api", "vulnerability_id": "VCID-eauv-c843-x3gx", "summary": "kernel: Linux kernel: Denial of service due to a race condition in the TLS subsystem", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23240.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23240.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446139", "reference_id": "2446139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-23240" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eauv-c843-x3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68759?format=api", "vulnerability_id": "VCID-ebj8-ujvj-4bbr", "summary": "kernel: btrfs: remove BUG_ON()'s in add_new_free_space()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-54185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-54185.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426159", "reference_id": "2426159", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426159" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-54185" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebj8-ujvj-4bbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88907?format=api", "vulnerability_id": "VCID-ebn5-8dr8-jye1", "summary": "In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in ice_xdp() is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same resources in the following sections: * ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked * ice_vsi_rebuild() for the PF VSI - not protected * ice_vsi_open() - already rtnl-locked With an unfortunate timing, such accesses can result in a crash such as the one below: [ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14 [ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18 [Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms [ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001 [ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14 [ +0.394718] ice 0000:b1:00.0: PTP reset successful [ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ +0.000045] #PF: supervisor read access in kernel mode [ +0.000023] #PF: error_code(0x0000) - not-present page [ +0.000023] PGD 0 P4D 0 [ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1 [ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021 [ +0.000036] Workqueue: ice ice_service_task [ice] [ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice] [...] [ +0.000013] Call Trace: [ +0.000016] <TASK> [ +0.000014] ? __die+0x1f/0x70 [ +0.000029] ? page_fault_oops+0x171/0x4f0 [ +0.000029] ? schedule+0x3b/0xd0 [ +0.000027] ? exc_page_fault+0x7b/0x180 [ +0.000022] ? asm_exc_page_fault+0x22/0x30 [ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice] [ +0.000194] ice_free_tx_ring+0xe/0x60 [ice] [ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice] [ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice] [ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice] [ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice] [ +0.000145] ice_rebuild+0x18c/0x840 [ice] [ +0.000145] ? delay_tsc+0x4a/0xc0 [ +0.000022] ? delay_tsc+0x92/0xc0 [ +0.000020] ice_do_reset+0x140/0x180 [ice] [ +0.000886] ice_service_task+0x404/0x1030 [ice] [ +0.000824] process_one_work+0x171/0x340 [ +0.000685] worker_thread+0x277/0x3a0 [ +0.000675] ? preempt_count_add+0x6a/0xa0 [ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50 [ +0.000679] ? __pfx_worker_thread+0x10/0x10 [ +0.000653] kthread+0xf0/0x120 [ +0.000635] ? __pfx_kthread+0x10/0x10 [ +0.000616] ret_from_fork+0x2d/0x50 [ +0.000612] ? __pfx_kthread+0x10/0x10 [ +0.000604] ret_from_fork_asm+0x1b/0x30 [ +0.000604] </TASK> The previous way of handling this through returning -EBUSY is not viable, particularly when destroying AF_XDP socket, because the kernel proceeds with removal anyway. There is plenty of code between those calls and there is no need to create a large critical section that covers all of them, same as there is no need to protect ice_vsi_rebuild() with rtnl_lock(). Add xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp(). Leaving unprotected sections in between would result in two states that have to be considered: 1. when the VSI is closed, but not yet rebuild 2. when VSI is already rebuild, but not yet open The latter case is actually already handled through !netif_running() case, we just need to adjust flag checking a little. The former one is not as trivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of hardware interaction happens, this can make adding/deleting rings exit with an error. Luckily, VSI rebuild is pending and can apply new configuration for us in a managed fashion. Therefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to indicate that ice_x ---truncated---", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46765.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313113", "reference_id": "2313113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313113" }, { "reference_url": "https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f", "reference_id": "2504b8405768a57a71e660dbfd5abd59f679a03f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:42:47Z/" } ], "url": "https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f" }, { "reference_url": "https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3", "reference_id": "2f057db2fb29bc209c103050647562e60554d3d3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:42:47Z/" } ], "url": "https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3" }, { "reference_url": "https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f", "reference_id": "391f7dae3d836891fc6cfbde38add2d0e10c6b7f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:42:47Z/" } ], "url": "https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-46765" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebn5-8dr8-jye1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88113?format=api", "vulnerability_id": "VCID-ecuy-sdy8-hfdy", "summary": "kernel: drm/amd/display: Fix system hang while resume with TBT monitor", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50003.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50003.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320507", "reference_id": "2320507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320507" }, { "reference_url": "https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907", "reference_id": "52d4e3fb3d340447dcdac0e14ff21a764f326907", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:29:41Z/" } ], "url": "https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907" }, { "reference_url": "https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010", "reference_id": "68d603f467a75618eeae5bfe8af32cda47097010", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:29:41Z/" } ], "url": "https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010" }, { "reference_url": "https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e", "reference_id": "722d2d8fc423108597b97efbf165187d16d9aa1e", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:29:41Z/" } ], "url": "https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e" }, { "reference_url": "https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9", "reference_id": "73e441be033d3ed0bdff09b575da3e7d4606ffc9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:29:41Z/" } ], "url": "https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9" }, { "reference_url": "https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783", "reference_id": "c2356296f546326f9f06c109e201d42201e1e783", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:29:41Z/" } ], "url": "https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783" }, { "reference_url": "https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86", "reference_id": "eb9329cd882aa274e92bdb1003bc088433fdee86", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:29:41Z/" } ], "url": "https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-50003" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecuy-sdy8-hfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81902?format=api", "vulnerability_id": "VCID-egf3-q7e7-23b5", "summary": "kernel: 9p/net: fix improper handling of bogus negative read/write replies", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37879.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37879.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365241", "reference_id": "2365241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365241" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-37879" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egf3-q7e7-23b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84473?format=api", "vulnerability_id": "VCID-eh9q-gqe8-fygj", "summary": "In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: \tsizeof(struct iwl_nvm_data) + \tsizeof(struct ieee80211_channel) + \tsizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_data', so it is fine. At the end of this structure, there is the 'channels' flex array. Each element is of type 'struct ieee80211_channel'. So only 1 element is allocated in this array. When doing: mvm->nvm_data->bands[0].channels = mvm->nvm_data->channels; We point at the first element of the 'channels' flex array. So this is fine. However, when doing: mvm->nvm_data->bands[0].bitrates = \t\t\t(void *)((u8 *)mvm->nvm_data->channels + 1); because of the \"(u8 *)\" cast, we add only 1 to the address of the beginning of the flex array. It is likely that we want point at the 'struct ieee80211_rate' allocated just after. Remove the spurious casting so that the pointer arithmetic works as expected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52531.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52531.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267786", "reference_id": "2267786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267786" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52531" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eh9q-gqe8-fygj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67761?format=api", "vulnerability_id": "VCID-ehah-7sbs-yfhn", "summary": "kernel: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71193.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436761", "reference_id": "2436761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436761" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-71193" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehah-7sbs-yfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83607?format=api", "vulnerability_id": "VCID-ekur-32hu-2fe1", "summary": "In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 (\"powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit\") the kernel now validate the addr against high_memory value. This results in the below BUG_ON with dax pfns. [ 635.798741][T26531] kernel BUG at mm/page_alloc.c:5521! 1:mon> e cpu 0x1: Vector: 700 (Program Check) at [c000000007287630] pc: c00000000055ed48: free_pages.part.0+0x48/0x110 lr: c00000000053ca70: tlb_finish_mmu+0x80/0xd0 sp: c0000000072878d0 msr: 800000000282b033 current = 0xc00000000afabe00 paca = 0xc00000037ffff300 irqmask: 0x03 irq_happened: 0x05 pid = 26531, comm = 50-landscape-sy kernel BUG at :5521! Linux version 5.19.0-rc3-14659-g4ec05be7c2e1 (kvaneesh@ltc-boston8) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #625 SMP Thu Jun 23 00:35:43 CDT 2022 1:mon> t [link register ] c00000000053ca70 tlb_finish_mmu+0x80/0xd0 [c0000000072878d0] c00000000053ca54 tlb_finish_mmu+0x64/0xd0 (unreliable) [c000000007287900] c000000000539424 exit_mmap+0xe4/0x2a0 [c0000000072879e0] c00000000019fc1c mmput+0xcc/0x210 [c000000007287a20] c000000000629230 begin_new_exec+0x5e0/0xf40 [c000000007287ae0] c00000000070b3cc load_elf_binary+0x3ac/0x1e00 [c000000007287c10] c000000000627af0 bprm_execve+0x3b0/0xaf0 [c000000007287cd0] c000000000628414 do_execveat_common.isra.0+0x1e4/0x310 [c000000007287d80] c00000000062858c sys_execve+0x4c/0x60 [c000000007287db0] c00000000002c1b0 system_call_exception+0x160/0x2c0 [c000000007287e10] c00000000000c53c system_call_common+0xec/0x250 The fix is to make sure we update high_memory on memory hotplug. This is similar to what x86 does in commit 3072e413e305 (\"mm/memory_hotplug: introduce add_pages\")", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49666.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49666.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34295", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49666" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348303", "reference_id": "2348303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2458", "reference_id": "RHSA-2023:2458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2458" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49666" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekur-32hu-2fe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80641?format=api", "vulnerability_id": "VCID-es1p-v1xf-r3bv", "summary": "In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39686.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39686.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05979", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39686" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063219", "reference_id": "2063219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063219" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-39686" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es1p-v1xf-r3bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84624?format=api", "vulnerability_id": "VCID-ev77-9v8z-bfcm", "summary": "kernel: io_uring: prevent opcode speculation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21863.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21863.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/18eae8420081ef8e043ad455937bfb470ef08607", "reference_id": "18eae8420081ef8e043ad455937bfb470ef08607", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:25:38Z/" } ], "url": "https://git.kernel.org/stable/c/18eae8420081ef8e043ad455937bfb470ef08607" }, { "reference_url": "https://git.kernel.org/stable/c/1e988c3fe1264708f4f92109203ac5b1d65de50b", "reference_id": "1e988c3fe1264708f4f92109203ac5b1d65de50b", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:25:38Z/" } ], "url": "https://git.kernel.org/stable/c/1e988c3fe1264708f4f92109203ac5b1d65de50b" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "reference_id": "2351629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351629" }, { "reference_url": "https://git.kernel.org/stable/c/506b9b5e8c2d2a411ea8fe361333f5081c56d23a", "reference_id": "506b9b5e8c2d2a411ea8fe361333f5081c56d23a", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:25:38Z/" } ], "url": "https://git.kernel.org/stable/c/506b9b5e8c2d2a411ea8fe361333f5081c56d23a" }, { "reference_url": "https://git.kernel.org/stable/c/b9826e3b26ec031e9063f64a7c735449c43955e4", "reference_id": "b9826e3b26ec031e9063f64a7c735449c43955e4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:25:38Z/" } ], "url": "https://git.kernel.org/stable/c/b9826e3b26ec031e9063f64a7c735449c43955e4" }, { "reference_url": "https://git.kernel.org/stable/c/d261ead565a080e3411b0dd04e6d58a52471cac8", "reference_id": "d261ead565a080e3411b0dd04e6d58a52471cac8", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:25:38Z/" } ], "url": "https://git.kernel.org/stable/c/d261ead565a080e3411b0dd04e6d58a52471cac8" }, { "reference_url": "https://git.kernel.org/stable/c/fdbfd52bd8b85ed6783365ff54c82ab7067bd61b", "reference_id": "fdbfd52bd8b85ed6783365ff54c82ab7067bd61b", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:25:38Z/" } ], "url": "https://git.kernel.org/stable/c/fdbfd52bd8b85ed6783365ff54c82ab7067bd61b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20095", "reference_id": "RHSA-2025:20095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1703", "reference_id": "RHSA-2026:1703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1703" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-21863" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev77-9v8z-bfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68260?format=api", "vulnerability_id": "VCID-exxx-kjcb-tqcf", "summary": "kernel: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71109.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71109.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429598", "reference_id": "2429598", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-71109" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-exxx-kjcb-tqcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87597?format=api", "vulnerability_id": "VCID-ez5a-1pyt-y7cs", "summary": "In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with their pt_regs, so both may get corrupted. Similar issue has been fixed for the primary hart, see c7cdd96eca28 (\"riscv: prevent stack corruption by reserving task_pt_regs(p) early\"). However that fix was not propagated to the secondary harts. The problem has been noticed in some CPU hotplug tests with V enabled. The function smp_callin stored several registers on stack, corrupting top of pt_regs structure including status field. As a result, kernel attempted to save or restore inexistent V context.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38667.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38667.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0c1f28c32a194303da630fca89481334b9547b80", "reference_id": "0c1f28c32a194303da630fca89481334b9547b80", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:46Z/" } ], "url": "https://git.kernel.org/stable/c/0c1f28c32a194303da630fca89481334b9547b80" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294219", "reference_id": "2294219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294219" }, { "reference_url": "https://git.kernel.org/stable/c/3090c06d50eaa91317f84bf3eac4c265e6cb8d44", "reference_id": "3090c06d50eaa91317f84bf3eac4c265e6cb8d44", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:46Z/" } ], "url": "https://git.kernel.org/stable/c/3090c06d50eaa91317f84bf3eac4c265e6cb8d44" }, { "reference_url": "https://git.kernel.org/stable/c/a638b0461b58aa3205cd9d5f14d6f703d795b4af", "reference_id": "a638b0461b58aa3205cd9d5f14d6f703d795b4af", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:46Z/" } ], "url": "https://git.kernel.org/stable/c/a638b0461b58aa3205cd9d5f14d6f703d795b4af" }, { "reference_url": "https://git.kernel.org/stable/c/ea22d4195cca13d5fdbc4d6555a2dfb8a7867a9e", "reference_id": "ea22d4195cca13d5fdbc4d6555a2dfb8a7867a9e", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:46Z/" } ], "url": "https://git.kernel.org/stable/c/ea22d4195cca13d5fdbc4d6555a2dfb8a7867a9e" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-38667" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ez5a-1pyt-y7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82582?format=api", "vulnerability_id": "VCID-f51a-6jyt-h7cw", "summary": "In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is allocated in a new PGD (one that was not present at the moment of the efi page table creation or not synced in a previous vmalloc fault), the kernel will take a trap when switching to the efi page table when the vmalloc kernel stack is accessed, resulting in a kernel panic. Fix that by updating the efi kernel mappings before switching to the efi page table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29316", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49004" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320794", "reference_id": "2320794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320794" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49004" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f51a-6jyt-h7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59240?format=api", "vulnerability_id": "VCID-f84z-phb8-8kax", "summary": "kernel: batman-adv: fix integer overflow on buff_pos", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46198.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46198.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482626", "reference_id": "2482626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482626" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46198" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f84z-phb8-8kax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59452?format=api", "vulnerability_id": "VCID-fb3f-de71-r3c5", "summary": "kernel: ipvs: skip ipv6 extension headers for csum checks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45850.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45850.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482022", "reference_id": "2482022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482022" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45850" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fb3f-de71-r3c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85114?format=api", "vulnerability_id": "VCID-fnnr-tm5p-xfh6", "summary": "kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21750.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "reference_id": "2348656", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20095", "reference_id": "RHSA-2025:20095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20095" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-21750" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnnr-tm5p-xfh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88643?format=api", "vulnerability_id": "VCID-fsg8-3wuq-77g8", "summary": "In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0 Call Trace: <TASK> __static_key_slow_dec_cpuslocked+0x16/0x70 sched_cpu_deactivate+0x26e/0x2a0 cpuhp_invoke_callback+0x3ad/0x10d0 cpuhp_thread_fun+0x3f5/0x680 smpboot_thread_fn+0x56d/0x8d0 kthread+0x309/0x400 ret_from_fork+0x41/0x70 ret_from_fork_asm+0x1b/0x30 </TASK> Because when cpuset_cpu_inactive() fails in sched_cpu_deactivate(), the cpu offline failed, but sched_smt_present is decremented before calling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so fix it by incrementing sched_smt_present in the error path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44958.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44958.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309789", "reference_id": "2309789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309789" }, { "reference_url": "https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4", "reference_id": "2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:57Z/" } ], "url": "https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4" }, { "reference_url": "https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b", "reference_id": "2cf7665efe451e48d27953e6b5bc627d518c902b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:57Z/" } ], "url": "https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b" }, { "reference_url": "https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66", "reference_id": "65727331b60197b742089855ac09464c22b96f66", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:57Z/" } ], "url": "https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66" }, { "reference_url": "https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab", "reference_id": "d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:57Z/" } ], "url": "https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab" }, { "reference_url": "https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117", "reference_id": "e22f910a26cc2a3ac9c66b8e935ef2a7dd881117", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:57Z/" } ], "url": "https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-44958" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsg8-3wuq-77g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85538?format=api", "vulnerability_id": "VCID-fwx3-j7jx-bfg3", "summary": "kernel: riscv: Fix sleeping in invalid context in die()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57939.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57939.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/10c24df2e303f517fab0359392c11b6b1d553f2b", "reference_id": "10c24df2e303f517fab0359392c11b6b1d553f2b", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:46Z/" } ], "url": "https://git.kernel.org/stable/c/10c24df2e303f517fab0359392c11b6b1d553f2b" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339137", "reference_id": "2339137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339137" }, { "reference_url": "https://git.kernel.org/stable/c/6a97f4118ac07cfdc316433f385dbdc12af5025e", "reference_id": "6a97f4118ac07cfdc316433f385dbdc12af5025e", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:46Z/" } ], "url": "https://git.kernel.org/stable/c/6a97f4118ac07cfdc316433f385dbdc12af5025e" }, { "reference_url": "https://git.kernel.org/stable/c/76ab0afcdbe8c9685b589016ee1c0e25fe596707", "reference_id": "76ab0afcdbe8c9685b589016ee1c0e25fe596707", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:46Z/" } ], "url": "https://git.kernel.org/stable/c/76ab0afcdbe8c9685b589016ee1c0e25fe596707" }, { "reference_url": "https://git.kernel.org/stable/c/8c38baa03ac8e18140faf36a3b955d30cad48e74", "reference_id": "8c38baa03ac8e18140faf36a3b955d30cad48e74", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:46Z/" } ], "url": "https://git.kernel.org/stable/c/8c38baa03ac8e18140faf36a3b955d30cad48e74" }, { "reference_url": "https://git.kernel.org/stable/c/c21df31fc2a4afc02a6e56511364e9e793ea92ec", "reference_id": "c21df31fc2a4afc02a6e56511364e9e793ea92ec", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:46Z/" } ], "url": "https://git.kernel.org/stable/c/c21df31fc2a4afc02a6e56511364e9e793ea92ec" }, { "reference_url": "https://git.kernel.org/stable/c/f48f060a4b36b5e96628f6c3fb1540f1e8dedb69", "reference_id": "f48f060a4b36b5e96628f6c3fb1540f1e8dedb69", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:46Z/" } ], "url": "https://git.kernel.org/stable/c/f48f060a4b36b5e96628f6c3fb1540f1e8dedb69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-57939" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwx3-j7jx-bfg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80031?format=api", "vulnerability_id": "VCID-fxrm-kyzh-ducy", "summary": "kernel: bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21887", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49961" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373530", "reference_id": "2373530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2458", "reference_id": "RHSA-2023:2458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2458" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49961" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrm-kyzh-ducy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59318?format=api", "vulnerability_id": "VCID-fy33-gfnq-bbc5", "summary": "kernel: slip: bound decode() reads against the compressed packet length", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45843.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45843.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481869", "reference_id": "2481869", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481869" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45843" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fy33-gfnq-bbc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66968?format=api", "vulnerability_id": "VCID-g5n6-x3hv-9fh2", "summary": "kernel: net/sched: cls_u32: use skb_header_pointer_careful()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23204.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439931", "reference_id": "2439931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10108", "reference_id": "RHSA-2026:10108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10756", "reference_id": "RHSA-2026:10756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19568", "reference_id": "RHSA-2026:19568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6036", "reference_id": "RHSA-2026:6036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6037", "reference_id": "RHSA-2026:6037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6153", "reference_id": "RHSA-2026:6153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6632", "reference_id": "RHSA-2026:6632", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6632" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8342", "reference_id": "RHSA-2026:8342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9112", "reference_id": "RHSA-2026:9112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9512", "reference_id": "RHSA-2026:9512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9513", "reference_id": "RHSA-2026:9513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9514", "reference_id": "RHSA-2026:9514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9515", "reference_id": "RHSA-2026:9515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9643", "reference_id": "RHSA-2026:9643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9644", "reference_id": "RHSA-2026:9644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9835", "reference_id": "RHSA-2026:9835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9836", "reference_id": "RHSA-2026:9836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9870", "reference_id": "RHSA-2026:9870", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9870" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-23204" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5n6-x3hv-9fh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59313?format=api", "vulnerability_id": "VCID-gdun-83ce-yyb7", "summary": "kernel: bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45839.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45839.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481865", "reference_id": "2481865", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481865" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45839" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdun-83ce-yyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82504?format=api", "vulnerability_id": "VCID-gfqj-dm4k-dkaq", "summary": "kernel: bpf: Prevent bpf program recursion for raw tracepoint probes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20655", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363365", "reference_id": "2363365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363365" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49764" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfqj-dm4k-dkaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87400?format=api", "vulnerability_id": "VCID-gqpn-14qq-m3hs", "summary": "In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. As a result, if src_pfns or dst_pfns is dereferenced, the null pointer dereference bug will happen. Moreover, the device is going away. If the kcalloc() fails, the pages mapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, Switch kcalloc() to kvcalloc() in order to avoid failing allocations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38543.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38543.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64", "reference_id": "1a21fdeea502658e315bd939409b755974f4fb64", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:10Z/" } ], "url": "https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293456", "reference_id": "2293456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293456" }, { "reference_url": "https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc", "reference_id": "3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:10Z/" } ], "url": "https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc" }, { "reference_url": "https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33", "reference_id": "65e528a69cb3ed4a286c45b4afba57461c8b5b33", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:10Z/" } ], "url": "https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33" }, { "reference_url": "https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3", "reference_id": "c2af060d1c18beaec56351cf9c9bcbbc5af341a3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:10Z/" } ], "url": "https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3" }, { "reference_url": "https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7", "reference_id": "ce47e8ead9a72834cc68431d53f8092ce69bebb7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:10Z/" } ], "url": "https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4583", "reference_id": "RHSA-2024:4583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-38543" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqpn-14qq-m3hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86566?format=api", "vulnerability_id": "VCID-gr4y-77be-fyfe", "summary": "In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_lock genpd_power_off_work_fn() genpd_lock() generic_pm_domain::power_off() clk_unprepare() clk_prepare_lock() CPU1: clk_prepare_lock --> genpd_lock clk_register() __clk_core_init() clk_prepare_lock() clk_pm_runtime_get() genpd_lock() Do a runtime PM get at the probe function to make sure clk_register() won't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg, do this on all mediatek clock controller probings because we don't believe this would cause any regression. Verified on MT8183 and MT8192 Chromebooks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27002.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27002.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/165d226472575b213dd90dfda19d1605dd7c19a8", "reference_id": "165d226472575b213dd90dfda19d1605dd7c19a8", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:44:46Z/" } ], "url": "https://git.kernel.org/stable/c/165d226472575b213dd90dfda19d1605dd7c19a8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278295", "reference_id": "2278295", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278295" }, { "reference_url": "https://git.kernel.org/stable/c/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3", "reference_id": "2f7b1d8b5505efb0057cd1ab85fca206063ea4c3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:44:46Z/" } ], "url": "https://git.kernel.org/stable/c/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3" }, { "reference_url": "https://git.kernel.org/stable/c/b62ed25feb342eab052822eff0c554873799a4f5", "reference_id": "b62ed25feb342eab052822eff0c554873799a4f5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:44:46Z/" } ], "url": "https://git.kernel.org/stable/c/b62ed25feb342eab052822eff0c554873799a4f5" }, { "reference_url": "https://git.kernel.org/stable/c/c0dcd5c072e2a3fff886f673e6a5d9bf8090c4cc", "reference_id": "c0dcd5c072e2a3fff886f673e6a5d9bf8090c4cc", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:44:46Z/" } ], "url": "https://git.kernel.org/stable/c/c0dcd5c072e2a3fff886f673e6a5d9bf8090c4cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-27002" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr4y-77be-fyfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60690?format=api", "vulnerability_id": "VCID-h33e-7zet-9kdx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43262.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43262.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-43262" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h33e-7zet-9kdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86770?format=api", "vulnerability_id": "VCID-h6p7-7zen-2ydz", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear the gart page table entry and leave valid mapping entry pointing to the stale system page. Then if GPU access the gart address mistakely, it will read undefined value instead page fault, harder to debug and reproduce the real issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35817.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35817.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281202", "reference_id": "2281202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281202" }, { "reference_url": "https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe", "reference_id": "589c414138a1bed98e652c905937d8f790804efe", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:39:20Z/" } ], "url": "https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe" }, { "reference_url": "https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d", "reference_id": "5cdce3dda3b3dacde902f63a8ee72c2b7f91912d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:39:20Z/" } ], "url": "https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d" }, { "reference_url": "https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb", "reference_id": "5d5f1a7f3b1039925f79c7894f153c2a905201fb", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:39:20Z/" } ], "url": "https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb" }, { "reference_url": "https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3", "reference_id": "6c6064cbe58b43533e3451ad6a8ba9736c109ac3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:39:20Z/" } ], "url": "https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3" }, { "reference_url": "https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3", "reference_id": "6fcd12cb90888ef2d8af8d4c04e913252eee4ef3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:39:20Z/" } ], "url": "https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3" }, { "reference_url": "https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6", "reference_id": "e8d27caef2c829a306e1f762fb95f06e8ec676f6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:39:20Z/" } ], "url": "https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-35817" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6p7-7zen-2ydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81942?format=api", "vulnerability_id": "VCID-hara-qajw-wye1", "summary": "kernel: drm/amdkfd: debugfs hang_hws skip GPU with MES", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37853.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37853.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365261", "reference_id": "2365261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365261" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-37853" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hara-qajw-wye1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60619?format=api", "vulnerability_id": "VCID-hcs7-nykt-gben", "summary": "kernel: bonding: fix type confusion in bond_setup_by_slave()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43456.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43456.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468255", "reference_id": "2468255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43456" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcs7-nykt-gben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73953?format=api", "vulnerability_id": "VCID-hd8u-3r16-u7bv", "summary": "kernel: hwmon: (xgene) Fix ioremap and memremap leak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53682.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53682.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402302", "reference_id": "2402302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402302" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53682" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hd8u-3r16-u7bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82407?format=api", "vulnerability_id": "VCID-hk1c-qpfa-j7hd", "summary": "kernel: net: dsa: free routing table on probe failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37786.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363302", "reference_id": "2363302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363302" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-37786" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk1c-qpfa-j7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68311?format=api", "vulnerability_id": "VCID-hnff-8amj-5qdk", "summary": "kernel: Bluetooth: btusb: revert use of devm_kzalloc in btusb", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71082.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429054", "reference_id": "2429054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429054" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-71082" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnff-8amj-5qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85864?format=api", "vulnerability_id": "VCID-hnnk-ptwy-bqgg", "summary": "kernel: drm/dp_mst: Fix resetting msg rx state after topology removal", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57876.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337142", "reference_id": "2337142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6583", "reference_id": "RHSA-2023:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7077", "reference_id": "RHSA-2023:7077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8248", "reference_id": "RHSA-2025:8248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8248" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-57876" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnnk-ptwy-bqgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84895?format=api", "vulnerability_id": "VCID-hvet-44h5-j3bq", "summary": "In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the \"struct can_priv::echoo_skb\" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message and return with an error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52878.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282680", "reference_id": "2282680", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4211", "reference_id": "RHSA-2024:4211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4352", "reference_id": "RHSA-2024:4352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4342", "reference_id": "RHSA-2025:4342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4342" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52878" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvet-44h5-j3bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59087?format=api", "vulnerability_id": "VCID-j2jm-ctxk-fubr", "summary": "kernel: xfrm: ah: account for ESN high bits in async callbacks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46193.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482525", "reference_id": "2482525", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482525" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46193" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2jm-ctxk-fubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88897?format=api", "vulnerability_id": "VCID-j47x-37fw-qyap", "summary": "In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't have the full backref flag set. This is unexpected and should never happen (save for bugs or a potential bad memory).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46752.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46752.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac", "reference_id": "0fbac73a97286a7ec72229cb9b42d760a2c717ac", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:47:19Z/" } ], "url": "https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313100", "reference_id": "2313100", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313100" }, { "reference_url": "https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491", "reference_id": "41a0f85e268d72fe04f731b8ceea4748c2d65491", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:47:19Z/" } ], "url": "https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491" }, { "reference_url": "https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688", "reference_id": "b50857b96429a09fd3beed9f7f21b7bb7c433688", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:47:19Z/" } ], "url": "https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688" }, { "reference_url": "https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675", "reference_id": "b56329a782314fde5b61058e2a25097af7ccb675", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:47:19Z/" } ], "url": "https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675" }, { "reference_url": "https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563", "reference_id": "f895db00c65e5d77c437cce946da9ec29dcdf563", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T14:47:19Z/" } ], "url": "https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-46752" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j47x-37fw-qyap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59935?format=api", "vulnerability_id": "VCID-j4ws-js7c-w3fn", "summary": "kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43501.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43501.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480457", "reference_id": "2480457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43501" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4ws-js7c-w3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64476?format=api", "vulnerability_id": "VCID-jd15-6q7g-m7dw", "summary": "kernel: net/sched: act_ife: Fix metalist update behavior", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23378.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23378.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451271", "reference_id": "2451271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451271" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-23378" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jd15-6q7g-m7dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86348?format=api", "vulnerability_id": "VCID-jejs-azgt-ukev", "summary": "kernel: sched/deadline: Fix warning in migrate_enable for boosted tasks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56583.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56583.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334485", "reference_id": "2334485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334485" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-56583" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jejs-azgt-ukev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80407?format=api", "vulnerability_id": "VCID-jjqk-at35-r7f3", "summary": "Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.414", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24504" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930376", "reference_id": "1930376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930376" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4140", "reference_id": "RHSA-2021:4140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4356", "reference_id": "RHSA-2021:4356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4356" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2020-24504" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjqk-at35-r7f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87753?format=api", "vulnerability_id": "VCID-jrja-34ut-bkg1", "summary": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40967.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40967.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297551", "reference_id": "2297551", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297551" }, { "reference_url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701", "reference_id": "53b2c95547427c358f45515a9f144efee95e3701", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:03:07Z/" } ], "url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701" }, { "reference_url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7", "reference_id": "7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:03:07Z/" } ], "url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7" }, { "reference_url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916", "reference_id": "7f9e70c68b7ace0141fe3bc94bf7b61296b71916", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:03:07Z/" } ], "url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916" }, { "reference_url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44", "reference_id": "982ae3376c4c91590d38dc8a676c10f7df048a44", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:03:07Z/" } ], "url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44" }, { "reference_url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2", "reference_id": "e533e4c62e9993e62e947ae9bbec34e4c7ae81c2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:03:07Z/" } ], "url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-40967" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrja-34ut-bkg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62372?format=api", "vulnerability_id": "VCID-jvjt-nfaf-eqeh", "summary": "kernel: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31451.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31451.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460690", "reference_id": "2460690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460690" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31451" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvjt-nfaf-eqeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59172?format=api", "vulnerability_id": "VCID-jztf-3qsy-87ca", "summary": "kernel: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46127.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46127.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482582", "reference_id": "2482582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482582" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46127" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jztf-3qsy-87ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88354?format=api", "vulnerability_id": "VCID-k61a-prs6-87cu", "summary": "In the Linux kernel, the following vulnerability has been resolved: closures: Change BUG_ON() to WARN_ON() If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON() For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------[ cut here ]------------ 03240 kernel BUG at lib/closure.c:21! 03240 kernel BUG at lib/closure.c:21! 03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP 03240 Modules linked in: 03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #25570 03240 Hardware name: linux,dummy-virt (DT) 03240 Workqueue: btree_update btree_interior_update_work 03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--) 03240 pc : closure_put+0x224/0x2a0 03240 lr : closure_put+0x24/0x2a0 03240 sp : ffff0000d12071c0 03240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d1207360 03240 x26: 0000000000000040 x25: 0000000000000040 x24: 0000000000000040 03240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f20168 03240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 0000000000000001 03240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c326974 03240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d 03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e 03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b 03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff800081391954 03240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a8000000 03240 Call trace: 03240 closure_put+0x224/0x2a0 03240 bch2_check_for_deadlock+0x910/0x1028 03240 bch2_six_check_for_deadlock+0x1c/0x30 03240 six_lock_slowpath.isra.0+0x29c/0xed0 03240 six_lock_ip_waiter+0xa8/0xf8 03240 __bch2_btree_node_lock_write+0x14c/0x298 03240 bch2_trans_lock_write+0x6d4/0xb10 03240 __bch2_trans_commit+0x135c/0x5520 03240 btree_interior_update_work+0x1248/0x1c10 03240 process_scheduled_works+0x53c/0xd90 03240 worker_thread+0x370/0x8c8 03240 kthread+0x258/0x2e8 03240 ret_from_fork+0x10/0x20 03240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000) 03240 ---[ end trace 0000000000000000 ]--- 03240 Kernel panic - not syncing: Oops - BUG: Fatal exception 03240 SMP: stopping secondary CPUs 03241 SMP: failed to stop secondary CPUs 13,15 03241 Kernel Offset: disabled 03241 CPU features: 0x00,00000003,80000008,4240500b 03241 Memory Limit: none 03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]--- 03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42252.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303633", "reference_id": "2303633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303633" }, { "reference_url": "https://git.kernel.org/stable/c/339b84ab6b1d66900c27bd999271cb2ae40ce812", "reference_id": "339b84ab6b1d66900c27bd999271cb2ae40ce812", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:13:12Z/" } ], "url": "https://git.kernel.org/stable/c/339b84ab6b1d66900c27bd999271cb2ae40ce812" }, { "reference_url": "https://git.kernel.org/stable/c/5d85f2ab79d5918a66539ebf046c099f7448db8d", "reference_id": "5d85f2ab79d5918a66539ebf046c099f7448db8d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:13:12Z/" } ], "url": "https://git.kernel.org/stable/c/5d85f2ab79d5918a66539ebf046c099f7448db8d" }, { "reference_url": "https://git.kernel.org/stable/c/c894a74756478bb7aec894bcc513add3d554c0cf", "reference_id": "c894a74756478bb7aec894bcc513add3d554c0cf", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:13:12Z/" } ], "url": "https://git.kernel.org/stable/c/c894a74756478bb7aec894bcc513add3d554c0cf" }, { "reference_url": "https://git.kernel.org/stable/c/ecb4aaa658da760fb83afd79cc5fd4360aa60635", "reference_id": "ecb4aaa658da760fb83afd79cc5fd4360aa60635", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:13:12Z/" } ], "url": "https://git.kernel.org/stable/c/ecb4aaa658da760fb83afd79cc5fd4360aa60635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-42252" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k61a-prs6-87cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82870?format=api", "vulnerability_id": "VCID-k822-e7be-3ua3", "summary": "In the Linux kernel, the following vulnerability has been resolved: parisc: Fix non-access data TLB cache flush faults When a page is not present, we get non-access data TLB faults from the fdc and fic instructions in flush_user_dcache_range_asm and flush_user_icache_range_asm. When these occur, the cache line is not invalidated and potentially we get memory corruption. The problem was hidden by the nullification of the flush instructions. These faults also affect performance. With pa8800/pa8900 processors, there will be 32 faults per 4 KB page since the cache line is 128 bytes. There will be more faults with earlier processors. The problem is fixed by using flush_cache_pages(). It does the flush using a tmp alias mapping. The flush_cache_pages() call in flush_cache_range() flushed too large a range. V2: Remove unnecessary preempt_disable() and preempt_enable() calls.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49172.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49172.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30793", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49172" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348134", "reference_id": "2348134", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49172" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k822-e7be-3ua3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64481?format=api", "vulnerability_id": "VCID-k8xd-kuyr-ufff", "summary": "kernel: nfc: nci: complete pending data exchange on device close", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23330.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23330.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451276", "reference_id": "2451276", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451276" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-23330" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8xd-kuyr-ufff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79729?format=api", "vulnerability_id": "VCID-kb19-r7ye-27dw", "summary": "kernel: Linux kernel: Denial of Service due to sleepable page allocation in KASAN", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38029.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38029.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373378", "reference_id": "2373378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-38029" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb19-r7ye-27dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88042?format=api", "vulnerability_id": "VCID-kcp6-8edz-93h7", "summary": "kernel: drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49915.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0d94d9cbd9fec7344d230c4f7b781826f7799c60", "reference_id": "0d94d9cbd9fec7344d230c4f7b781826f7799c60", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:07Z/" } ], "url": "https://git.kernel.org/stable/c/0d94d9cbd9fec7344d230c4f7b781826f7799c60" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320456", "reference_id": "2320456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320456" }, { "reference_url": "https://git.kernel.org/stable/c/7d1854c86d02cea8f8a0c0ca05f4ab14292baf3d", "reference_id": "7d1854c86d02cea8f8a0c0ca05f4ab14292baf3d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:07Z/" } ], "url": "https://git.kernel.org/stable/c/7d1854c86d02cea8f8a0c0ca05f4ab14292baf3d" }, { "reference_url": "https://git.kernel.org/stable/c/c395fd47d1565bd67671f45cca281b3acc2c31ef", "reference_id": "c395fd47d1565bd67671f45cca281b3acc2c31ef", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:07Z/" } ], "url": "https://git.kernel.org/stable/c/c395fd47d1565bd67671f45cca281b3acc2c31ef" }, { "reference_url": "https://git.kernel.org/stable/c/ec1be3c527b4a5fc85bcc1b0be7cec08bf60c796", "reference_id": "ec1be3c527b4a5fc85bcc1b0be7cec08bf60c796", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:07Z/" } ], "url": "https://git.kernel.org/stable/c/ec1be3c527b4a5fc85bcc1b0be7cec08bf60c796" }, { "reference_url": "https://git.kernel.org/stable/c/f0454b3cb0584a6bf275aeb49be61a760fd546a2", "reference_id": "f0454b3cb0584a6bf275aeb49be61a760fd546a2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:07Z/" } ], "url": "https://git.kernel.org/stable/c/f0454b3cb0584a6bf275aeb49be61a760fd546a2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-49915" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcp6-8edz-93h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88160?format=api", "vulnerability_id": "VCID-kj9d-s2x9-17cj", "summary": "kernel: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49891.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320540", "reference_id": "2320540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320540" }, { "reference_url": "https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3", "reference_id": "232a138bd843d48cb2368f604646d990db7640f3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:44:17Z/" } ], "url": "https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3" }, { "reference_url": "https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca", "reference_id": "2be1d4f11944cd6283cb97268b3e17c4424945ca", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:44:17Z/" } ], "url": "https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca" }, { "reference_url": "https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0", "reference_id": "5873aa7f814754085d418848b2089ef406a02dd0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:44:17Z/" } ], "url": "https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0" }, { "reference_url": "https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f", "reference_id": "99a801e2fca39a6f31e543fc3383058a8955896f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:44:17Z/" } ], "url": "https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f" }, { "reference_url": "https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366", "reference_id": "fd665c8dbdb19548965b0ae80c490de00e906366", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:44:17Z/" } ], "url": "https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-49891" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj9d-s2x9-17cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88108?format=api", "vulnerability_id": "VCID-kp39-xewx-vuf1", "summary": "kernel: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49911.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49911.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/02411e9359297512946705b1cd8cf5e6b0806fa0", "reference_id": "02411e9359297512946705b1cd8cf5e6b0806fa0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:37Z/" } ], "url": "https://git.kernel.org/stable/c/02411e9359297512946705b1cd8cf5e6b0806fa0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320504", "reference_id": "2320504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320504" }, { "reference_url": "https://git.kernel.org/stable/c/62ed6f0f198da04e884062264df308277628004f", "reference_id": "62ed6f0f198da04e884062264df308277628004f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:37Z/" } ], "url": "https://git.kernel.org/stable/c/62ed6f0f198da04e884062264df308277628004f" }, { "reference_url": "https://git.kernel.org/stable/c/827380b114f83c30b3e56d1a675980b6d65f7c88", "reference_id": "827380b114f83c30b3e56d1a675980b6d65f7c88", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:37Z/" } ], "url": "https://git.kernel.org/stable/c/827380b114f83c30b3e56d1a675980b6d65f7c88" }, { "reference_url": "https://git.kernel.org/stable/c/8c854138b593efbbd8fa46a25f3288c121c1d1a1", "reference_id": "8c854138b593efbbd8fa46a25f3288c121c1d1a1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:37Z/" } ], "url": "https://git.kernel.org/stable/c/8c854138b593efbbd8fa46a25f3288c121c1d1a1" }, { "reference_url": "https://git.kernel.org/stable/c/e8a24767899c86f4c5f1e4d3b2608942d054900f", "reference_id": "e8a24767899c86f4c5f1e4d3b2608942d054900f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:41:37Z/" } ], "url": "https://git.kernel.org/stable/c/e8a24767899c86f4c5f1e4d3b2608942d054900f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-49911" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kp39-xewx-vuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68004?format=api", "vulnerability_id": "VCID-ks8n-b3r7-dkf2", "summary": "kernel: net: marvell: prestera: fix NULL dereference on devlink_alloc() failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23019.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23019.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435666", "reference_id": "2435666", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-23019" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ks8n-b3r7-dkf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87198?format=api", "vulnerability_id": "VCID-kspf-2bhp-nbcu", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36897.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c", "reference_id": "02f5300f6827206f6e48a77f51e6264993695e5c", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T14:04:54Z/" } ], "url": "https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284553", "reference_id": "2284553", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284553" }, { "reference_url": "https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a", "reference_id": "3c7013a87124bab54216d9b99f77e8b6de6fbc1a", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T14:04:54Z/" } ], "url": "https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a" }, { "reference_url": "https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b", "reference_id": "7e3030774431eb093165a31baff040d35446fb8b", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T14:04:54Z/" } ], "url": "https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b" }, { "reference_url": "https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60", "reference_id": "9a35d205f466501dcfe5625ca313d944d0ac2d60", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T14:04:54Z/" } ], "url": "https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60" }, { "reference_url": "https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0", "reference_id": "c2797ec16d9072327e7578d09ee05bcab52fffd0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T14:04:54Z/" } ], "url": "https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-36897" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kspf-2bhp-nbcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69146?format=api", "vulnerability_id": "VCID-ktfn-1dcd-u3cx", "summary": "kernel: btrfs: fix race between balance and cancel/pause", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-54023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-54023.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424976", "reference_id": "2424976", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-54023" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktfn-1dcd-u3cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74855?format=api", "vulnerability_id": "VCID-kx41-5jh2-27gh", "summary": "kernel: USB: dwc3: fix memory leak with using debugfs_lookup()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53415.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53415.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396466", "reference_id": "2396466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2394", "reference_id": "RHSA-2024:2394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53415" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx41-5jh2-27gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59234?format=api", "vulnerability_id": "VCID-ky7g-3phc-vbg8", "summary": "kernel: KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46147.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46147.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482620", "reference_id": "2482620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-46147" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky7g-3phc-vbg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86493?format=api", "vulnerability_id": "VCID-kyqq-4eb6-mqbq", "summary": "In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 (\"arm: extend pfn_valid to take into account freed memory map alignment\") changes the semantics of pfn_valid() to check presence of the memory map for a PFN. A valid page for an address which is reserved but not mapped by the kernel[1], the system crashed during some uio test with the following memory layout: node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff] node 0: [mem 0x00000000d0000000-0x00000000da1fffff] the uio layout is:0xc0900000, 0x100000 the crash backtrace like: Unable to handle kernel paging request at virtual address bff00000 [...] CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1 Hardware name: Generic DT based system PC is at b15_flush_kern_dcache_area+0x24/0x3c LR is at __sync_icache_dcache+0x6c/0x98 [...] (b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98) (__sync_icache_dcache) from (set_pte_at+0x28/0x54) (set_pte_at) from (remap_pfn_range+0x1a0/0x274) (remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio]) (uio_mmap [uio]) from (__mmap_region+0x264/0x5f4) (__mmap_region) from (__do_mmap_mm+0x3ec/0x440) (__do_mmap_mm) from (do_mmap+0x50/0x58) (do_mmap) from (vm_mmap_pgoff+0xfc/0x188) (vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4) (ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c) Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e) ---[ end trace 09cf0734c3805d52 ]--- Kernel panic - not syncing: Fatal exception So check if PG_reserved was set to solve this issue. [1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26947.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26947.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0c027c2bad7f5111c51a358b5d392e1a695dabff", "reference_id": "0c027c2bad7f5111c51a358b5d392e1a695dabff", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:40:49Z/" } ], "url": "https://git.kernel.org/stable/c/0c027c2bad7f5111c51a358b5d392e1a695dabff" }, { "reference_url": "https://git.kernel.org/stable/c/0c66c6f4e21cb22220cbd8821c5c73fc157d20dc", "reference_id": "0c66c6f4e21cb22220cbd8821c5c73fc157d20dc", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:40:49Z/" } ], "url": "https://git.kernel.org/stable/c/0c66c6f4e21cb22220cbd8821c5c73fc157d20dc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278167", "reference_id": "2278167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278167" }, { "reference_url": "https://git.kernel.org/stable/c/9f7ddc222cae8254e93d5c169a8ae11a49d912a7", "reference_id": "9f7ddc222cae8254e93d5c169a8ae11a49d912a7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:40:49Z/" } ], "url": "https://git.kernel.org/stable/c/9f7ddc222cae8254e93d5c169a8ae11a49d912a7" }, { "reference_url": "https://git.kernel.org/stable/c/fb3a122a978626b33de3367ee1762da934c0f512", "reference_id": "fb3a122a978626b33de3367ee1762da934c0f512", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:40:49Z/" } ], "url": "https://git.kernel.org/stable/c/fb3a122a978626b33de3367ee1762da934c0f512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5066", "reference_id": "RHSA-2024:5066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5067", "reference_id": "RHSA-2024:5067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6997", "reference_id": "RHSA-2024:6997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6997" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-26947" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyqq-4eb6-mqbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79188?format=api", "vulnerability_id": "VCID-m6a5-nxvq-qfe4", "summary": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38129.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38129.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034", "reference_id": "2376034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3066", "reference_id": "RHSA-2026:3066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3083", "reference_id": "RHSA-2026:3083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3110", "reference_id": "RHSA-2026:3110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4011", "reference_id": "RHSA-2026:4011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4111", "reference_id": "RHSA-2026:4111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4242", "reference_id": "RHSA-2026:4242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4243", "reference_id": "RHSA-2026:4243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4244", "reference_id": "RHSA-2026:4244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4245", "reference_id": "RHSA-2026:4245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4246", "reference_id": "RHSA-2026:4246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4444", "reference_id": "RHSA-2026:4444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5690", "reference_id": "RHSA-2026:5690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5813", "reference_id": "RHSA-2026:5813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5821", "reference_id": "RHSA-2026:5821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5821" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38129" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6a5-nxvq-qfe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61974?format=api", "vulnerability_id": "VCID-m9cq-ejf2-mqef", "summary": "kernel: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31623.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461478", "reference_id": "2461478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31623" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9cq-ejf2-mqef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64391?format=api", "vulnerability_id": "VCID-mdmt-exws-27hm", "summary": "kernel: net: annotate data-races around sk->sk_{data_ready,write_space}", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23302.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451200", "reference_id": "2451200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451200" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-23302" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdmt-exws-27hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59656?format=api", "vulnerability_id": "VCID-mmv3-bhb7-jka9", "summary": "kernel: md/raid5: validate payload size before accessing journal metadata", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46070.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46070.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482173", "reference_id": "2482173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482173" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46070" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmv3-bhb7-jka9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73181?format=api", "vulnerability_id": "VCID-n2zj-7hnv-dkem", "summary": "kernel: f2fs: fix UAF issue in f2fs_merge_page_bio()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40054.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406765", "reference_id": "2406765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406765" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-40054" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2zj-7hnv-dkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72257?format=api", "vulnerability_id": "VCID-n3jk-kfwn-zbhb", "summary": "kernel: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40126.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40126.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414510", "reference_id": "2414510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414510" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-40126" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3jk-kfwn-zbhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60631?format=api", "vulnerability_id": "VCID-n8mr-48hk-27f7", "summary": "kernel: btrfs: fix transaction abort when snapshotting received subvolumes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43361.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43361.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468264", "reference_id": "2468264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468264" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-43361" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8mr-48hk-27f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85561?format=api", "vulnerability_id": "VCID-n9fy-6a59-ubcq", "summary": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25742.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25742.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270836", "reference_id": "2270836", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270836" }, { "reference_url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html", "reference_id": "amd-sb-3008.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T14:09:31Z/" } ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html" }, { "reference_url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9", "reference_id": "ChangeLog-6.9", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T14:09:31Z/" } ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9" }, { "reference_url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f", "reference_id": "e3ef461af35a8c74f2f4ce6616491ddb355a208f", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T14:09:31Z/" } ], "url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f" }, { "reference_url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f", "reference_id": "?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-20T14:09:31Z/" } ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2627", "reference_id": "RHSA-2024:2627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2628", "reference_id": "RHSA-2024:2628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2758", "reference_id": "RHSA-2024:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2950", "reference_id": "RHSA-2024:2950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3138", "reference_id": "RHSA-2024:3138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3421", "reference_id": "RHSA-2024:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3810", "reference_id": "RHSA-2024:3810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-25742" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9fy-6a59-ubcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60740?format=api", "vulnerability_id": "VCID-n9qz-8rsq-fkav", "summary": "kernel: wifi: brcmfmac: validate bsscfg indices in IF events", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43110.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43110.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467014", "reference_id": "2467014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21556", "reference_id": "RHSA-2026:21556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21557", "reference_id": "RHSA-2026:21557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23237", "reference_id": "RHSA-2026:23237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23237" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43110" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9qz-8rsq-fkav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84201?format=api", "vulnerability_id": "VCID-nggz-zw65-2ygm", "summary": "A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32255.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32255.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385884", "reference_id": "2385884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385884" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-32255" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nggz-zw65-2ygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87160?format=api", "vulnerability_id": "VCID-ntzs-vtzt-pkbm", "summary": "In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done Test result: BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: <TASK> lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues(): nullb_device_power_store\tnullb_apply_submit_queues null_del_dev del_gendisk \t\t\t\t nullb_update_nr_hw_queues \t\t\t\t if (!dev->nullb) \t\t\t\t // still set while gendisk is deleted \t\t\t\t return 0 \t\t\t\t blk_mq_update_nr_hw_queues dev->nullb = NULL Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36478.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36478.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/1d4c8baef435c98e8d5aa7027dc5a9f70834ba16", "reference_id": "1d4c8baef435c98e8d5aa7027dc5a9f70834ba16", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:31Z/" } ], "url": "https://git.kernel.org/stable/c/1d4c8baef435c98e8d5aa7027dc5a9f70834ba16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293710", "reference_id": "2293710", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293710" }, { "reference_url": "https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47", "reference_id": "5d0495473ee4c1d041b5a917f10446a22c047f47", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:31Z/" } ], "url": "https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47" }, { "reference_url": "https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2", "reference_id": "a2db328b0839312c169eb42746ec46fc1ab53ed2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:31Z/" } ], "url": "https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2" }, { "reference_url": "https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9", "reference_id": "aaadb755f2d684f715a6eb85cb7243aa0c67dfa9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:09:31Z/" } ], "url": "https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-36478" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntzs-vtzt-pkbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72252?format=api", "vulnerability_id": "VCID-nu94-8cqs-akgq", "summary": "kernel: net: use dst_dev_rcu() in sk_setup_caps()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40170.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40170.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414506", "reference_id": "2414506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1690", "reference_id": "RHSA-2026:1690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2212", "reference_id": "RHSA-2026:2212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2264", "reference_id": "RHSA-2026:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22964", "reference_id": "RHSA-2026:22964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23237", "reference_id": "RHSA-2026:23237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2378", "reference_id": "RHSA-2026:2378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-40170" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nu94-8cqs-akgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84515?format=api", "vulnerability_id": "VCID-nwev-wj4e-rfgk", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering the vblank irq callback. v4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a parameter of dpu_encoder_phys. -Switch from atomic refcnt to a simple int counter as mutex has now been added v3: Mistakenly did not change wording in last version. It is done now. v2: Slightly changed wording of commit message Patchwork: https://patchwork.freedesktop.org/patch/571854/", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52586.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52586.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268333", "reference_id": "2268333", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268333" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2023-52586" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwev-wj4e-rfgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84982?format=api", "vulnerability_id": "VCID-nysg-nhqs-8ybn", "summary": "kernel: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21768.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348539", "reference_id": "2348539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348539" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-21768" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nysg-nhqs-8ybn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87813?format=api", "vulnerability_id": "VCID-nz9j-mg8z-yuf3", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major changes are: - vm->task_info is a dynamically allocated ptr now, and its uasge is reference counted. - introducing two new helper funcs for task_info lifecycle management - amdgpu_vm_get_task_info: reference counts up task_info before returning this info - amdgpu_vm_put_task_info: reference counts down task_info - last put to task_info() frees task_info from the vm. This patch also does logistical changes required for existing usage of vm->task_info. V2: Do not block all the prints when task_info not found (Felix) V3: Fixed review comments from Felix - Fix wrong indentation - No debug message for -ENOMEM - Add NULL check for task_info - Do not duplicate the debug messages (ti vs no ti) - Get first reference of task_info in vm_init(), put last in vm_fini() V4: Fixed review comments from Felix - fix double reference increment in create_task_info - change amdgpu_vm_get_task_info_pasid - additional changes in amdgpu_gem.c while porting", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41008.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41008.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298079", "reference_id": "2298079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298079" }, { "reference_url": "https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c", "reference_id": "b8f67b9ddf4f8fe6dd536590712b5912ad78f99c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:00:49Z/" } ], "url": "https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10771", "reference_id": "RHSA-2024:10771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7000", "reference_id": "RHSA-2024:7000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7001", "reference_id": "RHSA-2024:7001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-41008" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nz9j-mg8z-yuf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87840?format=api", "vulnerability_id": "VCID-p28h-q5ze-gyfg", "summary": "In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. Now use spin_(un)lock_bh for TX queue related locking to avoid execution of softirq work synchronously that would lead to a deadlock.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41036.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41036.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c", "reference_id": "0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:23:30Z/" } ], "url": "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c" }, { "reference_url": "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0", "reference_id": "10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:23:30Z/" } ], "url": "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300404", "reference_id": "2300404", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300404" }, { "reference_url": "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05", "reference_id": "80ece00137300d74642f2038c8fe5440deaf9f05", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:23:30Z/" } ], "url": "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05" }, { "reference_url": "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4", "reference_id": "a0c69c492f4a8fad52f0a97565241c926160c9a4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:23:30Z/" } ], "url": "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-41036" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p28h-q5ze-gyfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59597?format=api", "vulnerability_id": "VCID-p6y2-zt7h-qudd", "summary": "kernel: KVM: SVM: Add missing save/restore handling of LBR MSRs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46014.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46014.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482128", "reference_id": "2482128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-46014" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6y2-zt7h-qudd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59643?format=api", "vulnerability_id": "VCID-p7n5-md78-1qf9", "summary": "kernel: net: stmmac: fix oops when split header is enabled", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45940.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45940.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482164", "reference_id": "2482164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45940" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7n5-md78-1qf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88649?format=api", "vulnerability_id": "VCID-p7wj-qg2x-euc1", "summary": "In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON(). The error most likely to happen is -ENOMEM, and we have a comment mentioning that only -ENOMEM can happen, but that is not true, because in case qgroups are enabled any error returned from btrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned from btrfs_search_slot() for example) can be propagated back to btrfs_free_tree_block(). So stop doing a BUG_ON() and return the error to the callers and make them abort the transaction to prevent leaking space. Syzbot was triggering this, likely due to memory allocation failure injection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44963.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44963.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b", "reference_id": "22d907bcd283d69d5e60497fc0d51969545c583b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:41Z/" } ], "url": "https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309794", "reference_id": "2309794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309794" }, { "reference_url": "https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f", "reference_id": "98251cd60b4d702a8a81de442ab621e83a3fb24f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:41Z/" } ], "url": "https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f" }, { "reference_url": "https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11", "reference_id": "bb3868033a4cccff7be57e9145f2117cbdc91c11", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:39:41Z/" } ], "url": "https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-44963" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7wj-qg2x-euc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82522?format=api", "vulnerability_id": "VCID-pbfj-s62j-fbe2", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix array index out of bound error in DCN32 DML [Why&How] LinkCapacitySupport array is indexed with the number of voltage states and not the number of max DPPs. Fix the error by changing the array declaration to use the correct (larger) array size of total number of voltage states.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48979.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48979", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00709", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48979" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320739", "reference_id": "2320739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320739" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48979" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbfj-s62j-fbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86224?format=api", "vulnerability_id": "VCID-pens-udz3-skdp", "summary": "kernel: smb: client: fix use-after-free of signing key", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53179.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53179.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0e2b654a3848bf9da3b0d54c1ccf3f1b8c635591", "reference_id": "0e2b654a3848bf9da3b0d54c1ccf3f1b8c635591", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:13:09Z/" } ], "url": "https://git.kernel.org/stable/c/0e2b654a3848bf9da3b0d54c1ccf3f1b8c635591" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334401", "reference_id": "2334401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334401" }, { "reference_url": "https://git.kernel.org/stable/c/343d7fe6df9e247671440a932b6a73af4fa86d95", "reference_id": "343d7fe6df9e247671440a932b6a73af4fa86d95", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:13:09Z/" } ], "url": "https://git.kernel.org/stable/c/343d7fe6df9e247671440a932b6a73af4fa86d95" }, { "reference_url": "https://git.kernel.org/stable/c/39619c65ab4bbb3e78c818f537687653e112764d", "reference_id": "39619c65ab4bbb3e78c818f537687653e112764d", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T17:13:09Z/" } ], "url": "https://git.kernel.org/stable/c/39619c65ab4bbb3e78c818f537687653e112764d" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-53179" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pens-udz3-skdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82929?format=api", "vulnerability_id": "VCID-pm3q-zyj6-5bdh", "summary": "In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asix_read_cmd() reads less bytes, than was requested by caller. Since all read requests are performed via asix_read_cmd() let's catch usb related error there and add __must_check notation to be sure all callers actually check return value. So, this patch adds sanity check inside asix_read_cmd(), that simply checks if bytes read are not less, than was requested and adds missing error handling of asix_read_cmd() all across the driver code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49226.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01915", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49226" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347965", "reference_id": "2347965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7000", "reference_id": "RHSA-2024:7000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49226" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm3q-zyj6-5bdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84592?format=api", "vulnerability_id": "VCID-pnyj-7kdm-ruhw", "summary": "kernel: ibmvnic: Don't reference skb after sending to VIOS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21855.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/093b0e5c90592773863f300b908b741622eef597", "reference_id": "093b0e5c90592773863f300b908b741622eef597", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:22:53Z/" } ], "url": "https://git.kernel.org/stable/c/093b0e5c90592773863f300b908b741622eef597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "reference_id": "2351608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351608" }, { "reference_url": "https://git.kernel.org/stable/c/25dddd01dcc8ef3acff964dbb32eeb0d89f098e9", "reference_id": "25dddd01dcc8ef3acff964dbb32eeb0d89f098e9", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:22:53Z/" } ], "url": "https://git.kernel.org/stable/c/25dddd01dcc8ef3acff964dbb32eeb0d89f098e9" }, { "reference_url": "https://git.kernel.org/stable/c/501ac6a7e21b82e05207c6b4449812d82820f306", "reference_id": "501ac6a7e21b82e05207c6b4449812d82820f306", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:22:53Z/" } ], "url": "https://git.kernel.org/stable/c/501ac6a7e21b82e05207c6b4449812d82820f306" }, { "reference_url": "https://git.kernel.org/stable/c/abaff2717470e4b5b7c0c3a90e128b211a23da09", "reference_id": "abaff2717470e4b5b7c0c3a90e128b211a23da09", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:22:53Z/" } ], "url": "https://git.kernel.org/stable/c/abaff2717470e4b5b7c0c3a90e128b211a23da09" }, { "reference_url": "https://git.kernel.org/stable/c/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9", "reference_id": "bdf5d13aa05ec314d4385b31ac974d6c7e0997c9", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:22:53Z/" } ], "url": "https://git.kernel.org/stable/c/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20095", "reference_id": "RHSA-2025:20095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-21855" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnyj-7kdm-ruhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59326?format=api", "vulnerability_id": "VCID-pr8b-krvb-z7gw", "summary": "kernel: hwrng: core - use RCU and work_struct to fix race condition", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45949.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45949.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481908", "reference_id": "2481908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481908" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-45949" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr8b-krvb-z7gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85528?format=api", "vulnerability_id": "VCID-ps19-1mnv-abe1", "summary": "kernel: riscv: mm: Fix the out of bound issue of vmemmap address", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57945.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57945.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339131", "reference_id": "2339131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-57945" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ps19-1mnv-abe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62408?format=api", "vulnerability_id": "VCID-pt17-5xvc-27ar", "summary": "kernel: xfrm: prevent policy_hthresh.work from racing with netns teardown", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31516.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460720", "reference_id": "2460720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460720" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31516" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pt17-5xvc-27ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59309?format=api", "vulnerability_id": "VCID-pvk8-ufgp-aug8", "summary": "kernel: openvswitch: cap upcall PID array size and pre-size vport replies", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45840.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481862", "reference_id": "2481862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481862" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45840" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvk8-ufgp-aug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88156?format=api", "vulnerability_id": "VCID-q1mq-7s3x-kkdc", "summary": "kernel: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49901.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49901.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f", "reference_id": "16007768551d5bfe53426645401435ca8d2ef54f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:42:53Z/" } ], "url": "https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320537", "reference_id": "2320537", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320537" }, { "reference_url": "https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a", "reference_id": "9288a9676c529ad9c856096db68fad812499bc4a", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:42:53Z/" } ], "url": "https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a" }, { "reference_url": "https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb", "reference_id": "9773737375b20070ea935203fd66cb9fa17c5acb", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:42:53Z/" } ], "url": "https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb" }, { "reference_url": "https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85", "reference_id": "e8ac2060597a5768e4699bb61d604b4c09927b85", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:42:53Z/" } ], "url": "https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-49901" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1mq-7s3x-kkdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60691?format=api", "vulnerability_id": "VCID-q4td-fnf4-5kfn", "summary": "kernel: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43075.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466979", "reference_id": "2466979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466979" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43075" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4td-fnf4-5kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87223?format=api", "vulnerability_id": "VCID-q81f-7vrq-ukeh", "summary": "In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000; Add the overflow validation now.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36917.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36917.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "reference_id": "2284519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284519" }, { "reference_url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155", "reference_id": "22d24a544b0d49bbcbd61c8c0eaf77d3c9297155", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T14:26:26Z/" } ], "url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155" }, { "reference_url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee", "reference_id": "507d526a98c355e6f3fb2c47aacad44a69784bee", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T14:26:26Z/" } ], "url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee" }, { "reference_url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6", "reference_id": "8a26198186e97ee5fc4b42fde82629cff8c75cd6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T14:26:26Z/" } ], "url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6" }, { "reference_url": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b", "reference_id": "e1d38cde2b7b0fbd1c48082e7a98c37d750af59b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T14:26:26Z/" } ], "url": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5101", "reference_id": "RHSA-2024:5101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5102", "reference_id": "RHSA-2024:5102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9584", "reference_id": "RHSA-2025:9584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9584" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-36917" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q81f-7vrq-ukeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88291?format=api", "vulnerability_id": "VCID-q8h2-fc69-j7ay", "summary": "In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/debugfs - Fix debugfs uninit process issue During the zip probe process, the debugfs failure does not stop the probe. When debugfs initialization fails, jumping to the error branch will also release regs, in addition to its own rollback operation. As a result, it may be released repeatedly during the regs uninit process. Therefore, the null check needs to be added to the regs uninit process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42147.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301513", "reference_id": "2301513", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301513" }, { "reference_url": "https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e", "reference_id": "7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:15:37Z/" } ], "url": "https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e" }, { "reference_url": "https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739", "reference_id": "8be0913389718e8d27c4f1d4537b5e1b99ed7739", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:15:37Z/" } ], "url": "https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739" }, { "reference_url": "https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3", "reference_id": "e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:15:37Z/" } ], "url": "https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3" }, { "reference_url": "https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c", "reference_id": "eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:15:37Z/" } ], "url": "https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-42147" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8h2-fc69-j7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60725?format=api", "vulnerability_id": "VCID-q8pn-a6a2-vye5", "summary": "kernel: xsk: tighten UMEM headroom validation to account for tailroom and min frame", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43093.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43093.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467004", "reference_id": "2467004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43093" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8pn-a6a2-vye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72278?format=api", "vulnerability_id": "VCID-q8w9-mm3d-jug3", "summary": "kernel: ipv6: use RCU in ip6_output()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40158.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414523", "reference_id": "2414523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1690", "reference_id": "RHSA-2026:1690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2212", "reference_id": "RHSA-2026:2212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2264", "reference_id": "RHSA-2026:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22964", "reference_id": "RHSA-2026:22964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23237", "reference_id": "RHSA-2026:23237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2378", "reference_id": "RHSA-2026:2378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-40158" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8w9-mm3d-jug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83024?format=api", "vulnerability_id": "VCID-q9zt-7wn8-fban", "summary": "In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49289.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49289.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29703", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49289" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348170", "reference_id": "2348170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348170" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49289" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9zt-7wn8-fban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82877?format=api", "vulnerability_id": "VCID-qaf1-k25n-e3gg", "summary": "In the Linux kernel, the following vulnerability has been resolved: memstick/mspro_block: fix handling of read-only devices Use set_disk_ro to propagate the read-only state to the block layer instead of checking for it in ->open and leaking a reference in case of a read-only device.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01756", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347935", "reference_id": "2347935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347935" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49178" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qaf1-k25n-e3gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59595?format=api", "vulnerability_id": "VCID-qb5u-abf3-cubv", "summary": "kernel: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46043.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46043.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482127", "reference_id": "2482127", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46043" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb5u-abf3-cubv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79295?format=api", "vulnerability_id": "VCID-qmpc-u417-hqfu", "summary": "kernel: ice: fix Tx scheduler error handling in XDP callback", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38127.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38127.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376087", "reference_id": "2376087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38127" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmpc-u417-hqfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83195?format=api", "vulnerability_id": "VCID-qp2v-18yp-afdv", "summary": "kernel: spufs: fix gang directory lifetimes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22072.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360245", "reference_id": "2360245", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360245" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-22072" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp2v-18yp-afdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62418?format=api", "vulnerability_id": "VCID-qrwc-h3he-afd8", "summary": "kernel: xfs: avoid dereferencing log items after push callbacks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31453.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31453.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460731", "reference_id": "2460731", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460731" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-31453" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrwc-h3he-afd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82974?format=api", "vulnerability_id": "VCID-qtzs-8pbg-4qdf", "summary": "In the Linux kernel, the following vulnerability has been resolved: block: fix rq-qos breakage from skipping rq_qos_done_bio() a647a524a467 (\"block: don't call rq_qos_ops->done_bio if the bio isn't tracked\") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set. While this fixed a potential oops, it also broke blk-iocost by skipping the done_bio callback for merged bios. Before, whether a bio goes through rq_qos_throttle() or rq_qos_merge(), rq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED distinguishing the former from the latter. rq_qos_done_bio() is not called for bios which wenth through rq_qos_merge(). This royally confuses blk-iocost as the merged bios never finish and are considered perpetually in-flight. One reliably reproducible failure mode is an intermediate cgroup geting stuck active preventing its children from being activated due to the leaf-only rule, leading to loss of control. The following is from resctl-bench protection scenario which emulates isolating a web server like workload from a memory bomb run on an iocost configuration which should yield a reasonable level of protection. # cat /sys/block/nvme2n1/device/model Samsung SSD 970 PRO 512GB # cat /sys/fs/cgroup/io.cost.model 259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025 # cat /sys/fs/cgroup/io.cost.qos 259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00 # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1 ... Memory Hog Summary ================== IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m Isolation and Request Latency Impact Distributions: min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev isol% 15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82 lat-imp% 0 0 0 0 0 4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6 Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96% The isolation result of 58.12% is close to what this device would show without any IO control. Fix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and calling rq_qos_done_bio() on them too. For consistency and clarity, rename BIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into rq_qos_done_bio() so that it's next to the code paths that set the flags. With the patch applied, the above same benchmark shows: # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1 ... Memory Hog Summary ================== IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m Isolation and Request Latency Impact Distributions: min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev isol% 84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42 2.81 lat-imp% 0 0 0 0 0 2.81 5.73 11.11 13.92 17.53 22.61 4.10 4.68 Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49266.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49266.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01915", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49266" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347985", "reference_id": "2347985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347985" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49266" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtzs-8pbg-4qdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82920?format=api", "vulnerability_id": "VCID-r2d7-u7fx-fuew", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The link_status array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a -Warray-bounds build: drivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_get_adjust_request_post_cursor': drivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds] 59 | return link_status[r - DP_LANE0_1_STATUS]; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing 'link_status' 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE], | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Replace the only user of the helper with an open-coded fetch and decode, similar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01476", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49218" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348078", "reference_id": "2348078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348078" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49218" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2d7-u7fx-fuew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75423?format=api", "vulnerability_id": "VCID-r3d1-rg6p-p3dz", "summary": "kernel: net: rose: convert 'use' field to refcount_t", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39826.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39826.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395799", "reference_id": "2395799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395799" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-39826" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3d1-rg6p-p3dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83061?format=api", "vulnerability_id": "VCID-r4u1-rwcy-hbhv", "summary": "In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid infinite loop to flush node pages xfstests/generic/475 can give EIO all the time which give an infinite loop to flush node page like below. Let's avoid it. [16418.518551] Call Trace: [16418.518553] ? dm_submit_bio+0x48/0x400 [16418.518574] ? submit_bio_checks+0x1ac/0x5a0 [16418.525207] __submit_bio+0x1a9/0x230 [16418.525210] ? kmem_cache_alloc+0x29e/0x3c0 [16418.525223] submit_bio_noacct+0xa8/0x2b0 [16418.525226] submit_bio+0x4d/0x130 [16418.525238] __submit_bio+0x49/0x310 [f2fs] [16418.525339] ? bio_add_page+0x6a/0x90 [16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs] [16418.525365] read_node_page+0x125/0x1b0 [f2fs] [16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs] [16418.525409] __get_node_page+0x2f/0x60 [f2fs] [16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs] [16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30 [16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40 [16418.525467] ? __xa_set_mark+0x57/0x70 [16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs] [16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs] [16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90 [16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs] [16418.525545] ? blk_flush_plug_list+0x47/0x100 [16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs] [16418.525569] do_writepages+0xd5/0x210 [16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0 [16418.525655] filemap_fdatawrite+0x50/0x70 [16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs] [16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs] [16418.525699] ? ttwu_do_wakeup+0x1c/0x160 [16418.525709] ? ttwu_do_activate+0x6d/0xd0 [16418.525711] ? __wait_for_common+0x11d/0x150 [16418.525715] kill_f2fs_super+0xca/0x100 [f2fs] [16418.525733] deactivate_locked_super+0x3b/0xb0 [16418.525739] deactivate_super+0x40/0x50 [16418.525741] cleanup_mnt+0x139/0x190 [16418.525747] __cleanup_mnt+0x12/0x20 [16418.525749] task_work_run+0x6d/0xa0 [16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0 [16418.525771] syscall_exit_to_user_mode+0x27/0x50 [16418.525774] do_syscall_64+0x48/0xc0 [16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49317.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01648", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49317" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347754", "reference_id": "2347754", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347754" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49317" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4u1-rwcy-hbhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73923?format=api", "vulnerability_id": "VCID-r5d8-hm9u-vyet", "summary": "kernel: netfilter: conntrack: fix wrong ct->timeout value", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53635.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402285", "reference_id": "2402285", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6583", "reference_id": "RHSA-2023:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-53635" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5d8-hm9u-vyet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85095?format=api", "vulnerability_id": "VCID-r5m7-c2ex-c3av", "summary": "kernel: btrfs: do proper folio cleanup when cow_file_range() failed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57976.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57976.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348637", "reference_id": "2348637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348637" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-57976" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5m7-c2ex-c3av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59506?format=api", "vulnerability_id": "VCID-r648-kgz5-vfds", "summary": "kernel: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46088.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482059", "reference_id": "2482059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482059" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46088" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r648-kgz5-vfds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76228?format=api", "vulnerability_id": "VCID-r9np-y9qs-uqd2", "summary": "kernel: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39706.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39706.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393545", "reference_id": "2393545", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393545" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-39706" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9np-y9qs-uqd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69289?format=api", "vulnerability_id": "VCID-r9qv-pqj1-s7g9", "summary": "kernel: btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08353", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50766" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425094", "reference_id": "2425094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50766" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9qv-pqj1-s7g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88197?format=api", "vulnerability_id": "VCID-rbpg-vfh2-ckd9", "summary": "kernel: drm/amd/display: Initialize denominators' default to 1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49899.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49899.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320566", "reference_id": "2320566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320566" }, { "reference_url": "https://git.kernel.org/stable/c/7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb", "reference_id": "7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:09Z/" } ], "url": "https://git.kernel.org/stable/c/7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb" }, { "reference_url": "https://git.kernel.org/stable/c/9be768f08b16f020da376538b08463ac3a2ce8cd", "reference_id": "9be768f08b16f020da376538b08463ac3a2ce8cd", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:09Z/" } ], "url": "https://git.kernel.org/stable/c/9be768f08b16f020da376538b08463ac3a2ce8cd" }, { "reference_url": "https://git.kernel.org/stable/c/9f35cec5e4b9759b38c663d18eae4eaf30f36527", "reference_id": "9f35cec5e4b9759b38c663d18eae4eaf30f36527", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:09Z/" } ], "url": "https://git.kernel.org/stable/c/9f35cec5e4b9759b38c663d18eae4eaf30f36527" }, { "reference_url": "https://git.kernel.org/stable/c/b995c0a6de6c74656a0c39cd57a0626351b13e3c", "reference_id": "b995c0a6de6c74656a0c39cd57a0626351b13e3c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:09Z/" } ], "url": "https://git.kernel.org/stable/c/b995c0a6de6c74656a0c39cd57a0626351b13e3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-49899" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rbpg-vfh2-ckd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78823?format=api", "vulnerability_id": "VCID-rq8c-8qhc-kkf4", "summary": "kernel: riscv: save the SR_SUM status over switches", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38261.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38261.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378994", "reference_id": "2378994", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378994" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-38261" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rq8c-8qhc-kkf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81311?format=api", "vulnerability_id": "VCID-s49t-g697-3yaf", "summary": "In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files \"rvu_debugfs.c\" and \"rvu_nix.c\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09302", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47484" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282938", "reference_id": "2282938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282938" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-47484" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s49t-g697-3yaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88216?format=api", "vulnerability_id": "VCID-s76c-q3zh-k3a3", "summary": "kernel: drm/amd/display: Check null pointers before multiple uses", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49920.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49920.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320579", "reference_id": "2320579", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320579" }, { "reference_url": "https://git.kernel.org/stable/c/26787fb6c2b2ee0d1a7e1574b36f4711ae40fe27", "reference_id": "26787fb6c2b2ee0d1a7e1574b36f4711ae40fe27", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:29Z/" } ], "url": "https://git.kernel.org/stable/c/26787fb6c2b2ee0d1a7e1574b36f4711ae40fe27" }, { "reference_url": "https://git.kernel.org/stable/c/fdd5ecbbff751c3b9061d8ebb08e5c96119915b4", "reference_id": "fdd5ecbbff751c3b9061d8ebb08e5c96119915b4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:29Z/" } ], "url": "https://git.kernel.org/stable/c/fdd5ecbbff751c3b9061d8ebb08e5c96119915b4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-49920" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s76c-q3zh-k3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76668?format=api", "vulnerability_id": "VCID-s82g-aypv-gfh3", "summary": "kernel: media: venus: Fix OOB read due to missing payload bound check", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38679.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38679.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393207", "reference_id": "2393207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393207" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38679" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s82g-aypv-gfh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85108?format=api", "vulnerability_id": "VCID-saze-qk8p-47gf", "summary": "kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58012.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "reference_id": "2348650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348650" }, { "reference_url": "https://git.kernel.org/stable/c/569922b82ca660f8b24e705f6cf674e6b1f99cc7", "reference_id": "569922b82ca660f8b24e705f6cf674e6b1f99cc7", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:08:27Z/" } ], "url": "https://git.kernel.org/stable/c/569922b82ca660f8b24e705f6cf674e6b1f99cc7" }, { "reference_url": "https://git.kernel.org/stable/c/789a2fbf0900982788408d3b0034e0e3f914fb3b", "reference_id": "789a2fbf0900982788408d3b0034e0e3f914fb3b", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:08:27Z/" } ], "url": "https://git.kernel.org/stable/c/789a2fbf0900982788408d3b0034e0e3f914fb3b" }, { "reference_url": "https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5", "reference_id": "e012a77e4d7632cf615ba9625b1600ed8985c3b5", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T20:08:27Z/" } ], "url": "https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20095", "reference_id": "RHSA-2025:20095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-58012" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-saze-qk8p-47gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84023?format=api", "vulnerability_id": "VCID-sb5q-pcew-wufr", "summary": "kernel: uprobes: Reject the shared zeropage in uprobe_write_opcode()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21881.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21881.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355422", "reference_id": "2355422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-21881" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sb5q-pcew-wufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88083?format=api", "vulnerability_id": "VCID-scra-yzvv-43au", "summary": "kernel: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49991.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49991.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320486", "reference_id": "2320486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320486" }, { "reference_url": "https://git.kernel.org/stable/c/30ceb873cc2e97348d9da2265b2d1ddf07f682e1", "reference_id": "30ceb873cc2e97348d9da2265b2d1ddf07f682e1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:31:14Z/" } ], "url": "https://git.kernel.org/stable/c/30ceb873cc2e97348d9da2265b2d1ddf07f682e1" }, { "reference_url": "https://git.kernel.org/stable/c/6c9289806591807e4e3be9a23df8ee2069180055", "reference_id": "6c9289806591807e4e3be9a23df8ee2069180055", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:31:14Z/" } ], "url": "https://git.kernel.org/stable/c/6c9289806591807e4e3be9a23df8ee2069180055" }, { "reference_url": "https://git.kernel.org/stable/c/71f3240f82987f0f070ea5bed559033de7d4c0e1", "reference_id": "71f3240f82987f0f070ea5bed559033de7d4c0e1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:31:14Z/" } ], "url": "https://git.kernel.org/stable/c/71f3240f82987f0f070ea5bed559033de7d4c0e1" }, { "reference_url": "https://git.kernel.org/stable/c/c86ad39140bbcb9dc75a10046c2221f657e8083b", "reference_id": "c86ad39140bbcb9dc75a10046c2221f657e8083b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:31:14Z/" } ], "url": "https://git.kernel.org/stable/c/c86ad39140bbcb9dc75a10046c2221f657e8083b" }, { "reference_url": "https://git.kernel.org/stable/c/e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c", "reference_id": "e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:31:14Z/" } ], "url": "https://git.kernel.org/stable/c/e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-49991" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scra-yzvv-43au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79716?format=api", "vulnerability_id": "VCID-sdpu-jraw-k3g4", "summary": "kernel: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38069.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373370", "reference_id": "2373370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373370" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38069" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdpu-jraw-k3g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70252?format=api", "vulnerability_id": "VCID-snfm-69er-dkgq", "summary": "kernel: RDMA/siw: Fix QP destroy to wait for all references dropped", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50666.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50666.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08353", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50666" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420334", "reference_id": "2420334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50666" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snfm-69er-dkgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82037?format=api", "vulnerability_id": "VCID-ss63-xq4f-87bv", "summary": "kernel: bpf: Fix kmemleak warning for percpu hashmap", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37807.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37807.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365021", "reference_id": "2365021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-37807" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ss63-xq4f-87bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59553?format=api", "vulnerability_id": "VCID-sst2-r5h8-pbbv", "summary": "kernel: mm: fix deferred split queue races during migration", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46017.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482097", "reference_id": "2482097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-46017" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sst2-r5h8-pbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85878?format=api", "vulnerability_id": "VCID-t12f-yjct-3kes", "summary": "In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash whatever this register is used for. Looking at the assembly I found that this happens sometimes in emulate_ldd(). To solve the issue, the easiest solution would be if it somehow is possible to tell the fault handler which register is used to hold the error code. Using %0 or %1 in the inline assembly is not posssible as it will show up as e.g. %r29 (with the \"%r\" prefix), which the GNU assembler can not convert to an integer. This patch takes another, better and more flexible approach: We extend the __ex_table (which is out of the execution path) by one 32-word. In this word we tell the compiler to insert the assembler instruction \"or %r0,%r0,%reg\", where %reg references the register which the compiler choosed for the error return code. In case of an access failure, the fault handler finds the __ex_table entry and can examine the opcode. The used register is encoded in the lowest 5 bits, and the fault handler can then store -EFAULT into this register. Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT config option any longer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26706.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26706.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273170", "reference_id": "2273170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273170" }, { "reference_url": "https://git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592", "reference_id": "23027309b099ffc4efca5477009a11dccbdae592", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:29:32Z/" } ], "url": "https://git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592" }, { "reference_url": "https://git.kernel.org/stable/c/8b1d72395635af45410b66cc4c4ab37a12c4a831", "reference_id": "8b1d72395635af45410b66cc4c4ab37a12c4a831", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:29:32Z/" } ], "url": "https://git.kernel.org/stable/c/8b1d72395635af45410b66cc4c4ab37a12c4a831" }, { "reference_url": "https://git.kernel.org/stable/c/ce31d79aa1f13a2345791f84935281a2c194e003", "reference_id": "ce31d79aa1f13a2345791f84935281a2c194e003", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:29:32Z/" } ], "url": "https://git.kernel.org/stable/c/ce31d79aa1f13a2345791f84935281a2c194e003" }, { "reference_url": "https://git.kernel.org/stable/c/fa69a8063f8b27f3c7434a0d4f464a76a62f24d2", "reference_id": "fa69a8063f8b27f3c7434a0d4f464a76a62f24d2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:29:32Z/" } ], "url": "https://git.kernel.org/stable/c/fa69a8063f8b27f3c7434a0d4f464a76a62f24d2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-26706" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t12f-yjct-3kes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87164?format=api", "vulnerability_id": "VCID-t3cn-bs3k-zfdw", "summary": "In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer dereference while attempting to get the bridge if the parent device does not have a driver. To address this problem, add a module owner pointer to the fpga_bridge struct and use it to take the module's refcount. Modify the function for registering a bridge to take an additional owner module parameter and rename it to avoid conflicts. Use the old function name for a helper macro that automatically sets the module that registers the bridge as the owner. This ensures compatibility with existing low-level control modules and reduces the chances of registering a bridge without setting the owner. Also, update the documentation to keep it consistent with the new interface for registering an fpga bridge. Other changes: opportunistically move put_device() from __fpga_bridge_get() to fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since the bridge device is taken in these functions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36479.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36479.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/18dc8366abb6cadcb77668b1a16434654e355d49", "reference_id": "18dc8366abb6cadcb77668b1a16434654e355d49", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:33Z/" } ], "url": "https://git.kernel.org/stable/c/18dc8366abb6cadcb77668b1a16434654e355d49" }, { "reference_url": "https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529", "reference_id": "1da11f822042eb6ef4b6064dc048f157a7852529", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:33Z/" } ], "url": "https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294212", "reference_id": "2294212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294212" }, { "reference_url": "https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125", "reference_id": "6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:33Z/" } ], "url": "https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125" }, { "reference_url": "https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b", "reference_id": "d7c4081c54a1d4068de9440957303a76f9e5c95b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:08:33Z/" } ], "url": "https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-36479" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t3cn-bs3k-zfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84648?format=api", "vulnerability_id": "VCID-t4sq-mg85-2ufc", "summary": "In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52680.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52680.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281324", "reference_id": "2281324", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52680" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4sq-mg85-2ufc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85598?format=api", "vulnerability_id": "VCID-t5t5-jfpa-6ugt", "summary": "In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 [...] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26595.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26595.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265799", "reference_id": "2265799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265799" }, { "reference_url": "https://git.kernel.org/stable/c/75fa2d8b3c0175b519c99ace54ab8474cfd0077e", "reference_id": "75fa2d8b3c0175b519c99ace54ab8474cfd0077e", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T16:34:10Z/" } ], "url": "https://git.kernel.org/stable/c/75fa2d8b3c0175b519c99ace54ab8474cfd0077e" }, { "reference_url": "https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39", "reference_id": "817840d125a370626895df269c50c923b79b0a39", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T16:34:10Z/" } ], "url": "https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39" }, { "reference_url": "https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f", "reference_id": "d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T16:34:10Z/" } ], "url": "https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f" }, { "reference_url": "https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809", "reference_id": "efeb7dfea8ee10cdec11b6b6ba4e405edbe75809", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T16:34:10Z/" } ], "url": "https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7000", "reference_id": "RHSA-2024:7000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7001", "reference_id": "RHSA-2024:7001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-26595" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5t5-jfpa-6ugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87052?format=api", "vulnerability_id": "VCID-t6hn-t795-f3ea", "summary": "In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The dev_tracker is added to ax25_cb in ax25_bind(). When the ax25 device is detaching, the dev_tracker of ax25_cb should be deallocated in ax25_kill_by_device() instead of the dev_tracker of ax25_dev. The log reported by ref_tracker is shown below: [ 80.884935] ref_tracker: reference already released. [ 80.885150] ref_tracker: allocated in: [ 80.885349] ax25_dev_device_up+0x105/0x540 [ 80.885730] ax25_device_event+0xa4/0x420 [ 80.885730] notifier_call_chain+0xc9/0x1e0 [ 80.885730] __dev_notify_flags+0x138/0x280 [ 80.885730] dev_change_flags+0xd7/0x180 [ 80.885730] dev_ifsioc+0x6a9/0xa30 [ 80.885730] dev_ioctl+0x4d8/0xd90 [ 80.885730] sock_do_ioctl+0x1c2/0x2d0 [ 80.885730] sock_ioctl+0x38b/0x4f0 [ 80.885730] __se_sys_ioctl+0xad/0xf0 [ 80.885730] do_syscall_64+0xc4/0x1b0 [ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 80.885730] ref_tracker: freed in: [ 80.885730] ax25_device_event+0x272/0x420 [ 80.885730] notifier_call_chain+0xc9/0x1e0 [ 80.885730] dev_close_many+0x272/0x370 [ 80.885730] unregister_netdevice_many_notify+0x3b5/0x1180 [ 80.885730] unregister_netdev+0xcf/0x120 [ 80.885730] sixpack_close+0x11f/0x1b0 [ 80.885730] tty_ldisc_kill+0xcb/0x190 [ 80.885730] tty_ldisc_hangup+0x338/0x3d0 [ 80.885730] __tty_hangup+0x504/0x740 [ 80.885730] tty_release+0x46e/0xd80 [ 80.885730] __fput+0x37f/0x770 [ 80.885730] __x64_sys_close+0x7b/0xb0 [ 80.885730] do_syscall_64+0xc4/0x1b0 [ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 80.893739] ------------[ cut here ]------------ [ 80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0 [ 80.894297] Modules linked in: [ 80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11 [ 80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4 [ 80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0 [ 80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9 [ 80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286 [ 80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000 [ 80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518 [ 80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a [ 80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4 [ 80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518 [ 80.898279] FS: 00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000 [ 80.899436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0 ... [ 80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at [ 80.935774] ax25_bind+0x424/0x4e0 [ 80.935774] __sys_bind+0x1d9/0x270 [ 80.935774] __x64_sys_bind+0x75/0x80 [ 80.935774] do_syscall_64+0xc4/0x1b0 [ 80.935774] entry_SYSCALL_64_after_hwframe+0x67/0x6f Change ax25_dev->dev_tracker to the dev_tracker of ax25_cb in order to mitigate the bug.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36009.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851", "reference_id": "0d14f104027e30720582448706c7d6b43065c851", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T20:06:19Z/" } ], "url": "https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281981", "reference_id": "2281981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281981" }, { "reference_url": "https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b", "reference_id": "467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T20:06:19Z/" } ], "url": "https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b" }, { "reference_url": "https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530", "reference_id": "4fee8fa86a15d7790268eea458b1aec69c695530", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T20:06:19Z/" } ], "url": "https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530" }, { "reference_url": "https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8", "reference_id": "c42b073d9af4a5329b25b17390c63ab3847f30e8", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T20:06:19Z/" } ], "url": "https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-36009" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6hn-t795-f3ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59472?format=api", "vulnerability_id": "VCID-t9vv-6jgv-m7a6", "summary": "kernel: spi: fix resource leaks on device setup failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46083.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46083.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482034", "reference_id": "2482034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482034" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46083" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9vv-6jgv-m7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83080?format=api", "vulnerability_id": "VCID-tdz5-t67u-p3e5", "summary": "kernel: jfs: add check read-only before txBeginAnon() call", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58095.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58095.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360197", "reference_id": "2360197", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-58095" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdz5-t67u-p3e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83592?format=api", "vulnerability_id": "VCID-tgdn-s2bu-pbda", "summary": "In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49651.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49651.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03808", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49651" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347649", "reference_id": "2347649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2458", "reference_id": "RHSA-2023:2458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2458" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49651" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgdn-s2bu-pbda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73138?format=api", "vulnerability_id": "VCID-tnm2-t55t-myb3", "summary": "kernel: ipv4: start using dst_dev_rcu()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40074.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40074.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406739", "reference_id": "2406739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406739" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-40074" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnm2-t55t-myb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69643?format=api", "vulnerability_id": "VCID-tsys-hcgy-uffj", "summary": "kernel: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68190.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68190.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422701", "reference_id": "2422701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422701" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-68190" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tsys-hcgy-uffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61969?format=api", "vulnerability_id": "VCID-tudw-p4k5-j7c2", "summary": "kernel: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31615.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31615.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461475", "reference_id": "2461475", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31615" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tudw-p4k5-j7c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79149?format=api", "vulnerability_id": "VCID-tvuw-dgrw-5qcx", "summary": "kernel: net: clear the dst when changing skb protocol", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38192.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38192.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376403", "reference_id": "2376403", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376403" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38192" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvuw-dgrw-5qcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84641?format=api", "vulnerability_id": "VCID-tx7p-duny-t7ee", "summary": "In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_values[].", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52674.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52674.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281336", "reference_id": "2281336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52674" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx7p-duny-t7ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82512?format=api", "vulnerability_id": "VCID-u4dz-m5yc-4qfg", "summary": "In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochip_setup_dev() Here is a backtrace report about memory leak detected in gpiochip_setup_dev(): unreferenced object 0xffff88810b406400 (size 512): comm \"python3\", pid 1682, jiffies 4295346908 (age 24.090s) backtrace: kmalloc_trace device_add\t\tdevice_private_init at drivers/base/core.c:3361 \t\t\t(inlined by) device_add at drivers/base/core.c:3411 cdev_device_add gpiolib_cdev_register gpiochip_setup_dev gpiochip_add_data_with_key gcdev_register() & gcdev_unregister() would call device_add() & device_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to register/unregister device. However, if device_add() succeeds, some resource (like struct device_private allocated by device_private_init()) is not released by device_del(). Therefore, after device_add() succeeds by gcdev_register(), it needs to call put_device() to release resource in the error handle path. Here we move forward the register of release function, and let it release every piece of resource by put_device() instead of kfree(). While at it, fix another subtle issue, i.e. when gc->ngpio is equal to 0, we still call kcalloc() and, in case of further error, kfree() on the ZERO_PTR pointer, which is not NULL. It's not a bug per se, but rather waste of the resources and potentially wrong expectation about contents of the gdev->descs variable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48975.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03708", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48975" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320704", "reference_id": "2320704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6583", "reference_id": "RHSA-2023:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48975" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4dz-m5yc-4qfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87525?format=api", "vulnerability_id": "VCID-u6c6-12q4-hka2", "summary": "kernel: bpf: Use raw_spinlock_t in ringbuf", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50138.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323951", "reference_id": "2323951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323951" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-50138" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6c6-12q4-hka2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63620?format=api", "vulnerability_id": "VCID-uc6h-awgm-t7hz", "summary": "kernel: netfilter: conntrack: add missing netlink policy validations", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31407.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31407.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455331", "reference_id": "2455331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455331" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-31407" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uc6h-awgm-t7hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81329?format=api", "vulnerability_id": "VCID-ud3q-2rua-tfbv", "summary": "In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure task_work gets run as part of cancelations If we successfully cancel a work item but that work item needs to be processed through task_work, then we can be sleeping uninterruptibly in io_uring_cancel_generic() and never process it. Hence we don't make forward progress and we end up with an uninterruptible sleep warning. While in there, correct a comment that should be IFF, not IIF.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-47504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04302", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-47504" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283450", "reference_id": "2283450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283450" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2021-47504" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud3q-2rua-tfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75390?format=api", "vulnerability_id": "VCID-udt2-whuw-mue9", "summary": "kernel: net: rose: include node references in rose_neigh refcount", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39827.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-39827.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395782", "reference_id": "2395782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-39827" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udt2-whuw-mue9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87260?format=api", "vulnerability_id": "VCID-uesd-nu7f-vbbk", "summary": "In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36949.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36949.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284456", "reference_id": "2284456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284456" }, { "reference_url": "https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58", "reference_id": "b6f6626528fe724b512c34f3fb5946c36a135f58", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T15:33:14Z/" } ], "url": "https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58" }, { "reference_url": "https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d", "reference_id": "d06af584be5a769d124b7302b32a033e9559761d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T15:33:14Z/" } ], "url": "https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d" }, { "reference_url": "https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14", "reference_id": "ed28ef3840bbf93a64376ea7814ce39f86352e14", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T15:33:14Z/" } ], "url": "https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-36949" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uesd-nu7f-vbbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86297?format=api", "vulnerability_id": "VCID-un22-d3z3-1ye5", "summary": "kernel: f2fs: fix to drop all discards after creating snapshot on lvm device", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56565.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56565.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334447", "reference_id": "2334447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334447" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-56565" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-un22-d3z3-1ye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61528?format=api", "vulnerability_id": "VCID-uqwc-gv9m-qkgw", "summary": "kernel: usb: cdns3: gadget: fix state inconsistency on gadget init failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31754.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464459", "reference_id": "2464459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464459" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-31754" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqwc-gv9m-qkgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81836?format=api", "vulnerability_id": "VCID-uqye-h3n4-zygx", "summary": "In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex gets destroyed by drm_gem_object_release() move the drm_gem_object_release() call in psb_gem_free_object() to after the unpin to fix the below warning: [ 79.693962] ------------[ cut here ]------------ [ 79.693992] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ 79.694015] WARNING: CPU: 0 PID: 240 at kernel/locking/mutex.c:582 __ww_mutex_lock.constprop.0+0x569/0xfb0 [ 79.694052] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer qrtr bnep ath9k ath9k_common ath9k_hw snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel ath3k snd_intel_dspcfg mac80211 snd_intel_sdw_acpi btusb snd_hda_codec btrtl btbcm btintel btmtk bluetooth at24 snd_hda_core snd_hwdep uvcvideo snd_seq libarc4 videobuf2_vmalloc ath videobuf2_memops videobuf2_v4l2 videobuf2_common snd_seq_device videodev acer_wmi intel_powerclamp coretemp mc snd_pcm joydev sparse_keymap ecdh_generic pcspkr wmi_bmof cfg80211 i2c_i801 i2c_smbus snd_timer snd r8169 rfkill lpc_ich soundcore acpi_cpufreq zram rtsx_pci_sdmmc mmc_core serio_raw rtsx_pci gma500_gfx(E) video wmi ip6_tables ip_tables i2c_dev fuse [ 79.694436] CPU: 0 PID: 240 Comm: plymouthd Tainted: G W E 6.0.0-rc3+ #490 [ 79.694457] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013 [ 79.694469] RIP: 0010:__ww_mutex_lock.constprop.0+0x569/0xfb0 [ 79.694496] Code: ff 85 c0 0f 84 15 fb ff ff 8b 05 ca 3c 11 01 85 c0 0f 85 07 fb ff ff 48 c7 c6 30 cb 84 aa 48 c7 c7 a3 e1 82 aa e8 ac 29 f8 ff <0f> 0b e9 ed fa ff ff e8 5b 83 8a ff 85 c0 74 10 44 8b 0d 98 3c 11 [ 79.694513] RSP: 0018:ffffad1dc048bbe0 EFLAGS: 00010282 [ 79.694623] RAX: 0000000000000028 RBX: 0000000000000000 RCX: 0000000000000000 [ 79.694636] RDX: 0000000000000001 RSI: ffffffffaa8b0ffc RDI: 00000000ffffffff [ 79.694650] RBP: ffffad1dc048bc80 R08: 0000000000000000 R09: ffffad1dc048ba90 [ 79.694662] R10: 0000000000000003 R11: ffffffffaad62fe8 R12: ffff9ff302103138 [ 79.694675] R13: ffff9ff306ec8000 R14: ffff9ff307779078 R15: ffff9ff3014c0270 [ 79.694690] FS: 00007ff1cccf1740(0000) GS:ffff9ff3bc200000(0000) knlGS:0000000000000000 [ 79.694705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.694719] CR2: 0000559ecbcb4420 CR3: 0000000013210000 CR4: 00000000000006f0 [ 79.694734] Call Trace: [ 79.694749] <TASK> [ 79.694761] ? __schedule+0x47f/0x1670 [ 79.694796] ? psb_gem_unpin+0x27/0x1a0 [gma500_gfx] [ 79.694830] ? lock_is_held_type+0xe3/0x140 [ 79.694864] ? ww_mutex_lock+0x38/0xa0 [ 79.694885] ? __cond_resched+0x1c/0x30 [ 79.694902] ww_mutex_lock+0x38/0xa0 [ 79.694925] psb_gem_unpin+0x27/0x1a0 [gma500_gfx] [ 79.694964] psb_gem_unpin+0x199/0x1a0 [gma500_gfx] [ 79.694996] drm_gem_object_release_handle+0x50/0x60 [ 79.695020] ? drm_gem_object_handle_put_unlocked+0xf0/0xf0 [ 79.695042] idr_for_each+0x4b/0xb0 [ 79.695066] ? _raw_spin_unlock_irqrestore+0x30/0x60 [ 79.695095] drm_gem_release+0x1c/0x30 [ 79.695118] drm_file_free.part.0+0x1ea/0x260 [ 79.695150] drm_release+0x6a/0x120 [ 79.695175] __fput+0x9f/0x260 [ 79.695203] task_work_run+0x59/0xa0 [ 79.695227] do_exit+0x387/0xbe0 [ 79.695250] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 79.695275] ? lockdep_hardirqs_on+0x7d/0x100 [ 79.695304] do_group_exit+0x33/0xb0 [ 79.695331] __x64_sys_exit_group+0x14/0x20 [ 79.695353] do_syscall_64+0x58/0x80 [ 79.695376] ? up_read+0x17/0x20 [ 79.695401] ? lock_is_held_type+0xe3/0x140 [ 79.695429] ? asm_exc_page_fault+0x22/0x30 [ 79.695450] ? lockdep_hardirqs_on+0x7d/0x100 [ 79.695473] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.695493] RIP: 0033:0x7ff1ccefe3f1 [ 79.695516] Code: Unable to access opcode bytes at RIP 0x7ff1ccefe3c7. [ 79.695607] RSP: 002b:00007ffed4413378 EFLAGS: ---truncated---", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48633", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00233", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48633" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277839", "reference_id": "2277839", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277839" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48633" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqye-h3n4-zygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76818?format=api", "vulnerability_id": "VCID-urjj-xcn1-m7d7", "summary": "kernel: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38665.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38665.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390409", "reference_id": "2390409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390409" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38665" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urjj-xcn1-m7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69213?format=api", "vulnerability_id": "VCID-uwtm-s61u-cbca", "summary": "kernel: Linux kernel: Denial of Service in qla2xxx SCSI driver due to improper command handling after chip reset", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68745.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68745.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425039", "reference_id": "2425039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425039" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-68745" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwtm-s61u-cbca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84825?format=api", "vulnerability_id": "VCID-uy12-c5r2-q3a4", "summary": "In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUG_ON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUG_ON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on. Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52811.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52811.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "reference_id": "2282743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10771", "reference_id": "RHSA-2024:10771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4823", "reference_id": "RHSA-2024:4823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4831", "reference_id": "RHSA-2024:4831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5101", "reference_id": "RHSA-2024:5101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5102", "reference_id": "RHSA-2024:5102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6993", "reference_id": "RHSA-2024:6993", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6993" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-52811" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uy12-c5r2-q3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59939?format=api", "vulnerability_id": "VCID-v1kp-gtk5-5yfw", "summary": "kernel: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43496.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43496.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480459", "reference_id": "2480459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480459" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43496" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kp-gtk5-5yfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60899?format=api", "vulnerability_id": "VCID-v6p9-myq9-xbhu", "summary": "kernel: alpha: fix user-space corruption during memory compaction", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43258.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43258.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467146", "reference_id": "2467146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467146" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43258" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6p9-myq9-xbhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87404?format=api", "vulnerability_id": "VCID-vas8-fy9j-abdy", "summary": "In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_lock() to protect the CQ refcount.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38545.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38545.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293454", "reference_id": "2293454", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293454" }, { "reference_url": "https://git.kernel.org/stable/c/330c825e66ef65278e4ebe57fd49c1d6f3f4e34e", "reference_id": "330c825e66ef65278e4ebe57fd49c1d6f3f4e34e", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:07Z/" } ], "url": "https://git.kernel.org/stable/c/330c825e66ef65278e4ebe57fd49c1d6f3f4e34e" }, { "reference_url": "https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507", "reference_id": "37a7559dc1358a8d300437e99ed8ecdab0671507", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:07Z/" } ], "url": "https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507" }, { "reference_url": "https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911", "reference_id": "39d26cf46306bdc7ae809ecfdbfeff5aa1098911", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:07Z/" } ], "url": "https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911" }, { "reference_url": "https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08", "reference_id": "63da190eeb5c9d849b71f457b15b308c94cbaf08", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:07Z/" } ], "url": "https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08" }, { "reference_url": "https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf", "reference_id": "763780ef0336a973e933e40e919339381732dcaf", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:07Z/" } ], "url": "https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf" }, { "reference_url": "https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42", "reference_id": "a942ec2745ca864cd8512142100e4027dc306a42", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:15:07Z/" } ], "url": "https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-38545" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vas8-fy9j-abdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69174?format=api", "vulnerability_id": "VCID-vkpq-cp8f-zkhk", "summary": "kernel: HSI: ssi_protocol: fix potential resource leak in ssip_pn_open()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50708.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08126", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424998", "reference_id": "2424998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424998" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50708" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkpq-cp8f-zkhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58979?format=api", "vulnerability_id": "VCID-vkt4-bbnd-4bbm", "summary": "kernel: regulator: core: fix locking in regulator_resolve_supply() error path", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46252.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484457", "reference_id": "2484457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-46252" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkt4-bbnd-4bbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85861?format=api", "vulnerability_id": "VCID-vqkf-4a3h-kug1", "summary": "kernel: nvme-rdma: unquiesce admin_q before destroy it", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49569.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49569.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337136", "reference_id": "2337136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-49569" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqkf-4a3h-kug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76812?format=api", "vulnerability_id": "VCID-vxe2-m4at-yfbk", "summary": "kernel: PCI: pnv_php: Fix surprise plug detection and recovery", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38623.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390402", "reference_id": "2390402", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390402" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38623" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxe2-m4at-yfbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59320?format=api", "vulnerability_id": "VCID-vxpa-m3jt-8uet", "summary": "kernel: bpf: fix end-of-list detection in cgroup_storage_get_next_key()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45838.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45838.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481870", "reference_id": "2481870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481870" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-45838" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxpa-m3jt-8uet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79760?format=api", "vulnerability_id": "VCID-w582-7cs3-z7gc", "summary": "kernel: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38040.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373385", "reference_id": "2373385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38040" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w582-7cs3-z7gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60611?format=api", "vulnerability_id": "VCID-w5a1-myx4-a3b1", "summary": "kernel: nvme-pci: Fix race bug in nvme_poll_irqdisable()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43448.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43448.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468248", "reference_id": "2468248", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468248" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-43448" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5a1-myx4-a3b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85534?format=api", "vulnerability_id": "VCID-w9u4-m7t4-cqad", "summary": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24855.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262983", "reference_id": "2262983", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262983" }, { "reference_url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8149", "reference_id": "show_bug.cgi?id=8149", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:37:53Z/" } ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8149" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-24855" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9u4-m7t4-cqad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79659?format=api", "vulnerability_id": "VCID-war3-svzv-skdd", "summary": "kernel: espintcp: fix skb leaks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38057.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38057.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373338", "reference_id": "2373338", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373338" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38057" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-war3-svzv-skdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88016?format=api", "vulnerability_id": "VCID-wf7a-4euk-fkhx", "summary": "kernel: drm/amd/display: Check null-initialized variables", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49898.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/115b1a3b0944b4d8ef0b4b0c5a625bdd9474131f", "reference_id": "115b1a3b0944b4d8ef0b4b0c5a625bdd9474131f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:17Z/" } ], "url": "https://git.kernel.org/stable/c/115b1a3b0944b4d8ef0b4b0c5a625bdd9474131f" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320437", "reference_id": "2320437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320437" }, { "reference_url": "https://git.kernel.org/stable/c/26d262b79a3587aaa84368586a55e9026c67841b", "reference_id": "26d262b79a3587aaa84368586a55e9026c67841b", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:17Z/" } ], "url": "https://git.kernel.org/stable/c/26d262b79a3587aaa84368586a55e9026c67841b" }, { "reference_url": "https://git.kernel.org/stable/c/367cd9ceba1933b63bc1d87d967baf6d9fd241d2", "reference_id": "367cd9ceba1933b63bc1d87d967baf6d9fd241d2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:17Z/" } ], "url": "https://git.kernel.org/stable/c/367cd9ceba1933b63bc1d87d967baf6d9fd241d2" }, { "reference_url": "https://git.kernel.org/stable/c/3fc70ae048fe0936761b73b50700a810ff61e853", "reference_id": "3fc70ae048fe0936761b73b50700a810ff61e853", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:17Z/" } ], "url": "https://git.kernel.org/stable/c/3fc70ae048fe0936761b73b50700a810ff61e853" }, { "reference_url": "https://git.kernel.org/stable/c/c3a3b6d9a9383e3c1a4a08878ba5046e68647595", "reference_id": "c3a3b6d9a9383e3c1a4a08878ba5046e68647595", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:43:17Z/" } ], "url": "https://git.kernel.org/stable/c/c3a3b6d9a9383e3c1a4a08878ba5046e68647595" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-49898" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wf7a-4euk-fkhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81932?format=api", "vulnerability_id": "VCID-wnuy-wf8k-skes", "summary": "In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48703.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48703.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48703", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00848", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48703" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278960", "reference_id": "2278960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48703" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wnuy-wf8k-skes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77348?format=api", "vulnerability_id": "VCID-wta9-n4x7-dkdh", "summary": "kernel: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0899", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387390", "reference_id": "2387390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387390" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50233" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wta9-n4x7-dkdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60501?format=api", "vulnerability_id": "VCID-wyky-zzga-v7de", "summary": "kernel: powerpc, perf: Check that current->mm is alive before getting user callchain", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43416.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43416.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468165", "reference_id": "2468165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468165" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2026-43416" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyky-zzga-v7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72185?format=api", "vulnerability_id": "VCID-x4q6-jsjv-zbh7", "summary": "kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40139.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40139.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414464", "reference_id": "2414464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414464" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-40139" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4q6-jsjv-zbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83101?format=api", "vulnerability_id": "VCID-x5ex-c6c6-yke7", "summary": "kernel: spufs: fix a leak in spufs_create_context()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22071.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360207", "reference_id": "2360207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360207" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-22071" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5ex-c6c6-yke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83955?format=api", "vulnerability_id": "VCID-x6fw-mmsb-nydr", "summary": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1192.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07797", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1192" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178", "reference_id": "2154178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7539", "reference_id": "RHSA-2023:7539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7548", "reference_id": "RHSA-2023:7548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7549", "reference_id": "RHSA-2023:7549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7749", "reference_id": "RHSA-2023:7749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0412", "reference_id": "RHSA-2024:0412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0439", "reference_id": "RHSA-2024:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0448", "reference_id": "RHSA-2024:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0562", "reference_id": "RHSA-2024:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0562" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0563", "reference_id": "RHSA-2024:0563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1250", "reference_id": "RHSA-2024:1250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1306", "reference_id": "RHSA-2024:1306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2006", "reference_id": "RHSA-2024:2006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2008", "reference_id": "RHSA-2024:2008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2023-1192" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6fw-mmsb-nydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82150?format=api", "vulnerability_id": "VCID-x75k-dk59-9qey", "summary": "kernel: KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1313", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363684", "reference_id": "2363684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49932" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x75k-dk59-9qey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86269?format=api", "vulnerability_id": "VCID-x9jq-hs51-nfhb", "summary": "kernel: Bluetooth: hci_conn: Use disable_delayed_work_sync", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56591.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56591.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334426", "reference_id": "2334426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6966", "reference_id": "RHSA-2025:6966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-56591" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9jq-hs51-nfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82953?format=api", "vulnerability_id": "VCID-xje7-3bkv-fkdq", "summary": "In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in snd_proto_probe The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This function only calls of_node_put() in the regular path. And it will cause refcount leak in error paths. Fix this by calling of_node_put() in error handling too.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49246.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49246.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29051", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49246" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347811", "reference_id": "2347811", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347811" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49246" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xje7-3bkv-fkdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59908?format=api", "vulnerability_id": "VCID-xmy4-ksbp-h7b4", "summary": "kernel: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45835.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45835.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481560", "reference_id": "2481560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481560" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-45835" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmy4-ksbp-h7b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83320?format=api", "vulnerability_id": "VCID-xsr2-1kkv-3ycu", "summary": "In the Linux kernel, the following vulnerability has been resolved: module: fix [e_shstrndx].sh_size=0 OOB access It is trivial to craft a module to trigger OOB access in this line: \tif (info->secstrings[strhdr->sh_size - 1] != '\\0') { BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:load_module+0x19b/0x2391 [rebased patch onto modules-next]", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49444.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02811", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348257", "reference_id": "2348257", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348257" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-49444" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsr2-1kkv-3ycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77947?format=api", "vulnerability_id": "VCID-xx65-dxjz-qkex", "summary": "kernel: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38438.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383490", "reference_id": "2383490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20095", "reference_id": "RHSA-2025:20095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20518", "reference_id": "RHSA-2025:20518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20518" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38438" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xx65-dxjz-qkex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61025?format=api", "vulnerability_id": "VCID-xzy4-ghsd-s7aq", "summary": "kernel: dlm: validate length in dlm_search_rsb_tree", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43125.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43125.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467234", "reference_id": "2467234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43125" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzy4-ghsd-s7aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81849?format=api", "vulnerability_id": "VCID-ydpf-xvam-jfew", "summary": "In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_rd(), enetc_port_wr(). Port registers are a region of the ENETC memory map which are only accessible from the PCIe Physical Function. They are not accessible from the Virtual Functions. Moreover, attempting to access these registers crashes the kernel: $ echo 1 > /sys/bus/pci/devices/0000\\:00\\:00.0/sriov_numvfs pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001 fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15 fsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002) fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0 $ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \\ \tqueues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \\ \tsched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2 Unable to handle kernel paging request at virtual address ffff800009551a08 Internal error: Oops: 96000007 [#1] PREEMPT SMP pc : enetc_setup_tc_taprio+0x170/0x47c lr : enetc_setup_tc_taprio+0x16c/0x47c Call trace: enetc_setup_tc_taprio+0x170/0x47c enetc_setup_tc+0x38/0x2dc taprio_change+0x43c/0x970 taprio_init+0x188/0x1e0 qdisc_create+0x114/0x470 tc_modify_qdisc+0x1fc/0x6c0 rtnetlink_rcv_msg+0x12c/0x390 Split enetc_setup_tc() into separate functions for the PF and for the VF drivers. Also remove enetc_qos.o from being included into enetc-vf.ko, since it serves absolutely no purpose there.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48645.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48645.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48645", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03344", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48645" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277818", "reference_id": "2277818", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-48645" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ydpf-xvam-jfew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79259?format=api", "vulnerability_id": "VCID-ygvp-qhm7-8fd8", "summary": "kernel: bpf: fix ktls panic with sockmap", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38166.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376065", "reference_id": "2376065", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18134", "reference_id": "RHSA-2026:18134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18587", "reference_id": "RHSA-2026:18587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18587" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38166" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygvp-qhm7-8fd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68360?format=api", "vulnerability_id": "VCID-ykt3-9fsa-wucd", "summary": "kernel: iommu: disable SVA when CONFIG_X86 is set", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71089.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71089.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429104", "reference_id": "2429104", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21556", "reference_id": "RHSA-2026:21556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23237", "reference_id": "RHSA-2026:23237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23237" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-71089" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykt3-9fsa-wucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83071?format=api", "vulnerability_id": "VCID-ymwr-msjt-sbd6", "summary": "kernel: f2fs: quota: fix to avoid warning in dquot_writeback_dquots()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23132.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23132.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360191", "reference_id": "2360191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360191" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-23132" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymwr-msjt-sbd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59116?format=api", "vulnerability_id": "VCID-yn8x-2eqt-2bfh", "summary": "kernel: staging: media: atomisp: Disallow all private IOCTLs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46205.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482544", "reference_id": "2482544", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482544" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46205" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn8x-2eqt-2bfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69171?format=api", "vulnerability_id": "VCID-z2uw-ty5u-dkc2", "summary": "kernel: USB: gadget: Fix use-after-free during usb config switch", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-50704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08126", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-50704" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424995", "reference_id": "2424995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424995" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6583", "reference_id": "RHSA-2023:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2022-50704" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2uw-ty5u-dkc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79678?format=api", "vulnerability_id": "VCID-z7uh-avjr-augj", "summary": "kernel: btrfs: avoid NULL pointer dereference if no valid csum tree", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38059.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373350", "reference_id": "2373350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373350" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2025-38059" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7uh-avjr-augj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68363?format=api", "vulnerability_id": "VCID-zc8x-3a6m-w7g6", "summary": "kernel: Kernel: Denial of Service via NULL pointer dereference in drm/ttm", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71083.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71083.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429107", "reference_id": "2429107", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429107" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-71083" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc8x-3a6m-w7g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59677?format=api", "vulnerability_id": "VCID-zcn5-uyym-nfdx", "summary": "kernel: ibmasm: fix heap over-read in ibmasm_send_i2o_message()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46064.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46064.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482190", "reference_id": "2482190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-46064" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zcn5-uyym-nfdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59480?format=api", "vulnerability_id": "VCID-zdb5-yqsu-eqhs", "summary": "kernel: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45997.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45997.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482039", "reference_id": "2482039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482039" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-45997" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdb5-yqsu-eqhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87078?format=api", "vulnerability_id": "VCID-zdcv-5u23-6bcm", "summary": "kernel: media: av7110: fix a spectre vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50289.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50289.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327185", "reference_id": "2327185", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327185" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-50289" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdcv-5u23-6bcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60584?format=api", "vulnerability_id": "VCID-zej7-fnqf-4kgw", "summary": "kernel: usb: gadget: f_ncm: Fix net_device lifecycle with device_move", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43421.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43421.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468230", "reference_id": "2468230", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468230" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2026-43421" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zej7-fnqf-4kgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87570?format=api", "vulnerability_id": "VCID-zj8c-cyr7-n7de", "summary": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP and Primary controllers, as only HCI_PRIMARY is left, this also remove hdev->dev_type altogether.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38620.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293275", "reference_id": "2293275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293275" }, { "reference_url": "https://git.kernel.org/stable/c/5af2e235b0d5b797e9531a00c50058319130e156", "reference_id": "5af2e235b0d5b797e9531a00c50058319130e156", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:21:10Z/" } ], "url": "https://git.kernel.org/stable/c/5af2e235b0d5b797e9531a00c50058319130e156" }, { "reference_url": "https://git.kernel.org/stable/c/84a4bb6548a29326564f0e659fb8064503ecc1c7", "reference_id": "84a4bb6548a29326564f0e659fb8064503ecc1c7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:21:10Z/" } ], "url": "https://git.kernel.org/stable/c/84a4bb6548a29326564f0e659fb8064503ecc1c7" }, { "reference_url": "https://git.kernel.org/stable/c/af1d425b6dc67cd67809f835dd7afb6be4d43e03", "reference_id": "af1d425b6dc67cd67809f835dd7afb6be4d43e03", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:21:10Z/" } ], "url": "https://git.kernel.org/stable/c/af1d425b6dc67cd67809f835dd7afb6be4d43e03" }, { "reference_url": "https://git.kernel.org/stable/c/d3c7b012d912b31ad23b9349c0e499d6dddd48ec", "reference_id": "d3c7b012d912b31ad23b9349c0e499d6dddd48ec", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:21:10Z/" } ], "url": "https://git.kernel.org/stable/c/d3c7b012d912b31ad23b9349c0e499d6dddd48ec" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-38620" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8c-cyr7-n7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76810?format=api", "vulnerability_id": "VCID-zpau-gbbm-9keh", "summary": "kernel: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38630.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-38630.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390397", "reference_id": "2390397", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390397" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2025-38630" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpau-gbbm-9keh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86880?format=api", "vulnerability_id": "VCID-zpdg-wp4m-kbe3", "summary": "In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted and may actively work against guests to extract secrets or manipulate computation. Since a malicious host can modify or observe nearly all inputs to guests, the only remaining source of entropy for CoCo guests is RDRAND. If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole is meant to gracefully continue on gathering entropy from other sources, but since there aren't other sources on CoCo, this is catastrophic. This is mostly a concern at boot time when initially seeding the RNG, as after that the consequences of a broken RDRAND are much more theoretical. So, try at boot to seed the RNG using 256 bits of RDRAND output. If this fails, panic(). This will also trigger if the system is booted without RDRAND, as RDRAND is essential for a safe CoCo boot. Add this deliberately to be \"just a CoCo x86 driver feature\" and not part of the RNG itself. Many device drivers and platforms have some desire to contribute something to the RNG, and add_device_randomness() is specifically meant for this purpose. Any driver can call it with seed data of any quality, or even garbage quality, and it can only possibly make the quality of the RNG better or have no effect, but can never make it worse. Rather than trying to build something into the core of the RNG, consider the particular CoCo issue just a CoCo issue, and therefore separate it all out into driver (well, arch/platform) code. [ bp: Massage commit message. ]", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35875.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e", "reference_id": "08044b08b37528b82f70a87576c692b4e4b7716e", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:38:48Z/" } ], "url": "https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281727", "reference_id": "2281727", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281727" }, { "reference_url": "https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374", "reference_id": "22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:38:48Z/" } ], "url": "https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374" }, { "reference_url": "https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5", "reference_id": "453b5f2dec276c1bb4ea078bf8c0da57ee4627e5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:38:48Z/" } ], "url": "https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5" }, { "reference_url": "https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584", "reference_id": "99485c4c026f024e7cb82da84c7951dbe3deb584", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:38:48Z/" } ], "url": "https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6267", "reference_id": "RHSA-2024:6267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6268", "reference_id": "RHSA-2024:6268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6567", "reference_id": "RHSA-2024:6567", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6567" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2024-35875" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpdg-wp4m-kbe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69586?format=api", "vulnerability_id": "VCID-zpkv-xd42-abge", "summary": "kernel: sysfs: check visibility before changing group attribute ownership", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40355.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40355.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422664", "reference_id": "2422664", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195391?format=api", "purl": "pkg:deb/debian/linux@6.12.88-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.12.88-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-40355" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpkv-xd42-abge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85821?format=api", "vulnerability_id": "VCID-zt77-2zhc-r7ch", "summary": "kernel: f2fs: fix to shrink read extent node in batches", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41935.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41935.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337108", "reference_id": "2337108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337108" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-41935" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zt77-2zhc-r7ch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85973?format=api", "vulnerability_id": "VCID-zuf7-p8px-eff7", "summary": "In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore read-only array in md_check_recovery() Usually if the array is not read-write, md_check_recovery() won't register new sync_thread in the first place. And if the array is read-write and sync_thread is registered, md_set_readonly() will unregister sync_thread before setting the array read-only. md/raid follow this behavior hence there is no problem. After commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following hang can be triggered by test shell/integrity-caching.sh: 1) array is read-only. dm-raid update super block: rs_update_sbs ro = mddev->ro mddev->ro = 0 -> set array read-write md_update_sb 2) register new sync thread concurrently. 3) dm-raid set array back to read-only: rs_update_sbs mddev->ro = ro 4) stop the array: raid_dtr md_stop stop_sync_thread set_bit(MD_RECOVERY_INTR, &mddev->recovery); md_wakeup_thread_directly(mddev->sync_thread); wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)) 5) sync thread done: md_do_sync set_bit(MD_RECOVERY_DONE, &mddev->recovery); md_wakeup_thread(mddev->thread); 6) daemon thread can't unregister sync thread: md_check_recovery if (!md_is_rdwr(mddev) && !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery)) return; -> -> MD_RECOVERY_RUNNING can't be cleared, hence step 4 hang; The root cause is that dm-raid manipulate 'mddev->ro' by itself, however, dm-raid really should stop sync thread before setting the array read-only. Unfortunately, I need to read more code before I can refacter the handler of 'mddev->ro' in dm-raid, hence let's fix the problem the easy way for now to prevent dm-raid regression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26757.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273208", "reference_id": "2273208", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273208" }, { "reference_url": "https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3", "reference_id": "2ea169c5a0b1134d573d07fc27a16f327ad0e7d3", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:35:42Z/" } ], "url": "https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3" }, { "reference_url": "https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b", "reference_id": "55a48ad2db64737f7ffc0407634218cc6e4c513b", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T19:35:42Z/" } ], "url": "https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9315", "reference_id": "RHSA-2024:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9315" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-26757" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zuf7-p8px-eff7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83305?format=api", "vulnerability_id": "VCID-zv37-z9rq-g3ab", "summary": "kernel: wifi: ath11k: fix RCU stall while reaping monitor destination ring", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58097.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-58097.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d", "reference_id": "16c6c35c03ea73054a1f6d3302a4ce4a331b427d", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:05:53Z/" } ], "url": "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360307", "reference_id": "2360307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360307" }, { "reference_url": "https://git.kernel.org/stable/c/8db5de0cf02fccf4c759aa58edbe65659daf607c", "reference_id": "8db5de0cf02fccf4c759aa58edbe65659daf607c", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:05:53Z/" } ], "url": "https://git.kernel.org/stable/c/8db5de0cf02fccf4c759aa58edbe65659daf607c" }, { "reference_url": "https://git.kernel.org/stable/c/9f1a002f0171d27f3554e529f3c70df438f05dfe", "reference_id": "9f1a002f0171d27f3554e529f3c70df438f05dfe", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:05:53Z/" } ], "url": "https://git.kernel.org/stable/c/9f1a002f0171d27f3554e529f3c70df438f05dfe" }, { "reference_url": "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378", "reference_id": "b4991fc41745645f8050506f5a8578bd11e6b378", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:05:53Z/" } ], "url": "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-58097" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv37-z9rq-g3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63622?format=api", "vulnerability_id": "VCID-zwjc-1aur-pbb2", "summary": "kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31408.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455334", "reference_id": "2455334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19569", "reference_id": "RHSA-2026:19569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21556", "reference_id": "RHSA-2026:21556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21706", "reference_id": "RHSA-2026:21706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21745", "reference_id": "RHSA-2026:21745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21745" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" } ], "aliases": [ "CVE-2026-31408" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwjc-1aur-pbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88210?format=api", "vulnerability_id": "VCID-zyhz-n7b9-bkfh", "summary": "kernel: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49918.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49918.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320575", "reference_id": "2320575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320575" }, { "reference_url": "https://git.kernel.org/stable/c/4f47292f488fa7041284dca1f1244116c18721f1", "reference_id": "4f47292f488fa7041284dca1f1244116c18721f1", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:44Z/" } ], "url": "https://git.kernel.org/stable/c/4f47292f488fa7041284dca1f1244116c18721f1" }, { "reference_url": "https://git.kernel.org/stable/c/96d4c2ee18d732a248d053aae8c4a27cb1d68d1c", "reference_id": "96d4c2ee18d732a248d053aae8c4a27cb1d68d1c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:44Z/" } ], "url": "https://git.kernel.org/stable/c/96d4c2ee18d732a248d053aae8c4a27cb1d68d1c" }, { "reference_url": "https://git.kernel.org/stable/c/ac2140449184a26eac99585b7f69814bd3ba8f2d", "reference_id": "ac2140449184a26eac99585b7f69814bd3ba8f2d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T13:40:44Z/" } ], "url": "https://git.kernel.org/stable/c/ac2140449184a26eac99585b7f69814bd3ba8f2d" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195353?format=api", "purl": "pkg:deb/debian/linux@6.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/195355?format=api", "purl": "pkg:deb/debian/linux@6.1.172-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@6.1.172-1" } ], "aliases": [ "CVE-2024-49918" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyhz-n7b9-bkfh" } ], "fixing_vulnerabilities": [], "risk_score": "3.8", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/linux@5.10.223-1" }