{

"schema_version": "1.4.0",

"id": "GHSA-22cf-67wm-xj29",

"published": "2025-03-03T03:31:18Z",

"aliases": [

"CVE-2025-25951"

{

"type": "WEB",

"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25951"

}

],

"database_specific": {

{

"schema_version": "1.4.0",

"id": "GHSA-27hr-9v6h-xmx3",

"published": "2025-03-03T03:31:18Z",

"aliases": [

"CVE-2025-25952"

{

"type": "WEB",

"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25952"

}

],

"database_specific": {

{

"schema_version": "1.4.0",

"id": "GHSA-44rm-j4gx-rrg2",

"published": "2025-03-03T03:31:18Z",

"aliases": [

"CVE-2025-25950"

{

"type": "WEB",

"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25950"

}

],

"database_specific": {

{

"schema_version": "1.4.0",

"id": "GHSA-634g-m7q6-xphf",

"published": "2025-03-03T03:31:18Z",

"aliases": [

"CVE-2025-25953"

{

"type": "WEB",

"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25953"

}

],

"database_specific": {

{

"schema_version": "1.4.0",

"id": "GHSA-m8x3-4xx7-hm4v",

"published": "2025-03-03T03:31:17Z",

"aliases": [

"CVE-2025-25949"

{

"type": "WEB",

"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25949"

}

],

"database_specific": {

{

"schema_version": "1.4.0",

"id": "GHSA-q269-fjx3-x255",

"published": "2025-03-03T03:31:18Z",

"aliases": [

"CVE-2025-25948"

{

"type": "WEB",

"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25948"

}

],

"database_specific": {

{

"schema_version": "1.4.0",

"id": "GHSA-vmqv-3858-9wp7",

"published": "2025-04-26T15:30:31Z",

"aliases": [

"CVE-2024-53636"

{

"type": "WEB",

"url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53636"

}

],

"database_specific": {

{

"schema_version": "1.4.0",

"id": "GHSA-29x7-qr43-qqmw",

"published": "2025-09-17T15:30:39Z",

"aliases": [

"CVE-2023-53365"

],

"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6mr: Fix skb_under_panic in ip6mr_cache_report()\n\nskbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4\n head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:192!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Workqueue: ipv6_addrconf addrconf_dad_work\n RIP: 0010:skb_panic+0x152/0x1d0\n Call Trace:\n <TASK>\n skb_push+0xc4/0xe0\n ip6mr_cache_report+0xd69/0x19b0\n reg_vif_xmit+0x406/0x690\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n vlan_dev_hard_start_xmit+0x3ab/0x5c0\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n neigh_connected_output+0x3ed/0x570\n ip6_finish_output2+0x5b5/0x1950\n ip6_finish_output+0x693/0x11c0\n ip6_output+0x24b/0x880\n NF_HOOK.constprop.0+0xfd/0x530\n ndisc_send_skb+0x9db/0x1400\n ndisc_send_rs+0x12a/0x6c0\n addrconf_dad_completed+0x3c9/0xea0\n addrconf_dad_work+0x849/0x1420\n process_one_work+0xa22/0x16e0\n worker_thread+0x679/0x10c0\n ret_from_fork+0x28/0x60\n ret_from_fork_asm+0x11/0x20\n\nWhen setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().\nreg_vif_xmit()\n ip6mr_cache_report()\n skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4\nAnd skb_push declared as:\n\tvoid *skb_push(struct sk_buff *skb, unsigned int len);\n\t\tskb->data -= len;\n\t\t//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850\nskb->data is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.",

"affected": [],

"references": [

{

],

"database_specific": {

"cwe_ids": [],

"github_reviewed": false,

"github_reviewed_at": null,

"nvd_published_at": "2025-09-17T15:15:40Z"

{

"schema_version": "1.4.0",

"id": "GHSA-2h3h-p2mp-rw5q",

"published": "2025-09-18T15:30:34Z",

"aliases": [

"CVE-2023-53377"

],

"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent use-after-free by freeing the cfile later\n\nIn smb2_compound_op we have a possible use-after-free\nwhich can cause hard to debug problems later on.\n\nThis was revealed during stress testing with KASAN enabled\nkernel. Fixing it by moving the cfile free call to\na few lines below, after the usage.",

"affected": [],

"references": [

{

}

],

"database_specific": {

"github_reviewed": false,

"github_reviewed_at": null,

"nvd_published_at": "2025-09-18T14:15:40Z"

{

"schema_version": "1.4.0",

"id": "GHSA-2j59-jjwx-7c79",

"published": "2025-09-17T15:30:39Z",

"aliases": [

"CVE-2023-53363"

],

"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix use-after-free in pci_bus_release_domain_nr()\n\nCommit c14f7ccc9f5d (\"PCI: Assign PCI domain IDs by ida_alloc()\")\nintroduced a use-after-free bug in the bus removal cleanup. The issue was\nfound with kfence:\n\n [ 19.293351] BUG: KFENCE: use-after-free read in pci_bus_release_domain_nr+0x10/0x70\n\n [ 19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115):\n [ 19.309677] pci_bus_release_domain_nr+0x10/0x70\n [ 19.309691] dw_pcie_host_deinit+0x28/0x78\n [ 19.309702] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]\n [ 19.309734] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]\n [ 19.309752] platform_probe+0x90/0xd8\n ...\n\n [ 19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k\n\n [ 19.311469] allocated by task 96 on cpu 10 at 19.279323s:\n [ 19.311562] __kmem_cache_alloc_node+0x260/0x278\n [ 19.311571] kmalloc_trace+0x24/0x30\n [ 19.311580] pci_alloc_bus+0x24/0xa0\n [ 19.311590] pci_register_host_bridge+0x48/0x4b8\n [ 19.311601] pci_scan_root_bus_bridge+0xc0/0xe8\n [ 19.311613] pci_host_probe+0x18/0xc0\n [ 19.311623] dw_pcie_host_init+0x2c0/0x568\n [ 19.311630] tegra_pcie_dw_probe+0x610/0xb28 [pcie_tegra194]\n [ 19.311647] platform_probe+0x90/0xd8\n ...\n\n [ 19.311782] freed by task 96 on cpu 10 at 19.285833s:\n [ 19.311799] release_pcibus_dev+0x30/0x40\n [ 19.311808] device_release+0x30/0x90\n [ 19.311814] kobject_put+0xa8/0x120\n [ 19.311832] device_unregister+0x20/0x30\n [ 19.311839] pci_remove_bus+0x78/0x88\n [ 19.311850] pci_remove_root_bus+0x5c/0x98\n [ 19.311860] dw_pcie_host_deinit+0x28/0x78\n [ 19.311866] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]\n [ 19.311883] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]\n [ 19.311900] platform_probe+0x90/0xd8\n ...\n\n [ 19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4\n [ 19.320171] Hardware name: /, BIOS 1.0-d7fb19b 08/10/2022\n [ 19.325852] Workqueue: events_unbound deferred_probe_work_func\n\nThe stack trace is a bit misleading as dw_pcie_host_deinit() doesn't\ndirectly call pci_bus_release_domain_nr(). The issue turns out to be in\npci_remove_root_bus() which first calls pci_remove_bus() which frees the\nstruct pci_bus when its struct device is released. Then\npci_bus_release_domain_nr() is called and accesses the freed struct\npci_bus. Reordering these fixes the issue.",

"affected": [],

"references": [

{

}

],

"database_specific": {

"github_reviewed": false,

"github_reviewed_at": null,

"nvd_published_at": "2025-09-17T15:15:40Z"