{ "SchemaVersion": 2, "CreatedAt": "2025-10-19T06:17:51.222123623+01:00", "ArtifactName": "masina-dock_masina-dock:latest", "ArtifactType": "container_image", "Metadata": { "Size": 636001280, "OS": { "Family": "debian", "Name": "13.1" }, "ImageID": "sha256:ae7dfcf172e0afc353c79342b7df190feeee4f1e0ef44b04c9704c1e91f6aded", "DiffIDs": [ "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447", "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4", "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69", "sha256:b2738b04de4b7bb1dcf8fa8e5fe7f3856ba7d91a8c9a7857014163c7b8c2a84d", "sha256:14df08ab757e978bf2c7d252c443503033d939aefd18a378bef1225554a0a803", "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad", "sha256:135aaa31a9809a9851f0900a148ca08b1a68062add41ca0aa584a015669e5cd4", "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe", "sha256:ecd990c7e63c7d6ff25badd8c9c118b9a52f9d916ee4eb65c18eb12ea45f6221", "sha256:84680d3605e880d039fa40f63c5688fab228d41499ab74f882ee9efcff531db8", "sha256:6bc19984e57c6e9b1e96e7745aa94ded9a57a72b38d561d733b77be12c94bd30", "sha256:2733b51c753b6441e4d68270082589d9f0819a6025fbc7416ace2925e32bd0cb", "sha256:2733b51c753b6441e4d68270082589d9f0819a6025fbc7416ace2925e32bd0cb" ], "RepoTags": [ "masina-dock_masina-dock:latest" ], "ImageConfig": { "architecture": "amd64", "container": "1c07dd2c2f7080849bbc6da4b9c8cfdd0b192daa8f3814f34d73f1ec45fb07f8", "created": "2025-10-19T05:11:50.408226649Z", "docker_version": "28.5.1", "history": [ { "created": "2025-09-29T00:00:00Z", "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1759104000'", "comment": "debuerreotype 0.16" }, { "created": "2025-10-09T21:44:07Z", "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T21:44:07Z", "created_by": "ENV LANG=C.UTF-8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T21:44:07Z", "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-10-09T21:44:07Z", "created_by": "ENV GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T21:44:07Z", "created_by": "ENV PYTHON_VERSION=3.11.14", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T21:44:07Z", "created_by": "ENV PYTHON_SHA256=8d3ed8ec5c88c1c95f5e558612a725450d2452813ddad5e58fdb1a53b1209b78", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T21:44:07Z", "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:--Wl},--strip-all\"; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:--Wl},-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \t\tpip3 install \t\t--disable-pip-version-check \t\t--no-cache-dir \t\t--no-compile \t\t'setuptools==79.0.1' \t\t'wheel\u003c0.46' \t; \tpip3 --version # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-10-09T21:44:07Z", "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-10-09T21:44:07Z", "created_by": "CMD [\"python3\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-19T05:09:28.460301864Z", "created_by": "/bin/sh -c #(nop) WORKDIR /app" }, { "created": "2025-10-19T05:10:52.127466308Z", "created_by": "/bin/sh -c apt-get update \u0026\u0026 apt-get install -y gcc g++ libpq-dev \u0026\u0026 rm -rf /var/lib/apt/lists/*" }, { "created": "2025-10-19T05:10:57.763856282Z", "created_by": "/bin/sh -c #(nop) COPY file:15055c16f37b53bcc451b4bb02fc59f7eb033e0735fa37a3a70124b4f5d90b17 in /app/backend/requirements.txt " }, { "created": "2025-10-19T05:11:33.178231698Z", "created_by": "/bin/sh -c pip install --no-cache-dir -r /app/backend/requirements.txt" }, { "created": "2025-10-19T05:11:37.164488941Z", "created_by": "/bin/sh -c #(nop) COPY dir:5deb739158f0d66ac91f6c2636596aff66ec9b50fcfda79bf7a5a52e245fd45a in /app/backend/ " }, { "created": "2025-10-19T05:11:38.024682392Z", "created_by": "/bin/sh -c #(nop) COPY dir:55f12d5a9cf1ebc204b452da68fb1d06b470bab97b782bba6416ff3ff015f19d in /app/frontend/ " }, { "created": "2025-10-19T05:11:40.932467356Z", "created_by": "/bin/sh -c mkdir -p /app/data /app/uploads/attachments" }, { "created": "2025-10-19T05:11:42.133098086Z", "created_by": "/bin/sh -c #(nop) COPY file:94478de02181e8779cd2944fd261d04ffe2ab2e597cab1da07a1f315d05c7004 in /app/backend/entrypoint.sh " }, { "created": "2025-10-19T05:11:45.573593423Z", "created_by": "/bin/sh -c chmod +x /app/backend/entrypoint.sh" }, { "created": "2025-10-19T05:11:47.250444652Z", "created_by": "/bin/sh -c #(nop) WORKDIR /app/backend", "empty_layer": true }, { "created": "2025-10-19T05:11:48.89323885Z", "created_by": "/bin/sh -c #(nop) EXPOSE 5000", "empty_layer": true }, { "created": "2025-10-19T05:11:50.408226649Z", "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"/app/backend/entrypoint.sh\"]", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447", "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4", "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69", "sha256:b2738b04de4b7bb1dcf8fa8e5fe7f3856ba7d91a8c9a7857014163c7b8c2a84d", "sha256:14df08ab757e978bf2c7d252c443503033d939aefd18a378bef1225554a0a803", "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad", "sha256:135aaa31a9809a9851f0900a148ca08b1a68062add41ca0aa584a015669e5cd4", "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe", "sha256:ecd990c7e63c7d6ff25badd8c9c118b9a52f9d916ee4eb65c18eb12ea45f6221", "sha256:84680d3605e880d039fa40f63c5688fab228d41499ab74f882ee9efcff531db8", "sha256:6bc19984e57c6e9b1e96e7745aa94ded9a57a72b38d561d733b77be12c94bd30", "sha256:2733b51c753b6441e4d68270082589d9f0819a6025fbc7416ace2925e32bd0cb", "sha256:2733b51c753b6441e4d68270082589d9f0819a6025fbc7416ace2925e32bd0cb" ] }, "config": { "Entrypoint": [ "/app/backend/entrypoint.sh" ], "Env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", "PYTHON_VERSION=3.11.14", "PYTHON_SHA256=8d3ed8ec5c88c1c95f5e558612a725450d2452813ddad5e58fdb1a53b1209b78" ], "Image": "sha256:42837f70ef0c9b944c2606541004b0385e0b1e9012cc76c45445880b04bc28ba", "WorkingDir": "/app/backend", "ExposedPorts": { "5000/tcp": {} } } }, "Layers": [ { "Size": 81039360, "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, { "Size": 12281344, "DiffID": "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4" }, { "Size": 43838464, "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, { "Size": 5120, "DiffID": "sha256:b2738b04de4b7bb1dcf8fa8e5fe7f3856ba7d91a8c9a7857014163c7b8c2a84d" }, { "Size": 1536, "DiffID": "sha256:14df08ab757e978bf2c7d252c443503033d939aefd18a378bef1225554a0a803" }, { "Size": 279732736, "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, { "Size": 3072, "DiffID": "sha256:135aaa31a9809a9851f0900a148ca08b1a68062add41ca0aa584a015669e5cd4" }, { "Size": 218747392, "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, { "Size": 158208, "DiffID": "sha256:ecd990c7e63c7d6ff25badd8c9c118b9a52f9d916ee4eb65c18eb12ea45f6221" }, { "Size": 183808, "DiffID": "sha256:84680d3605e880d039fa40f63c5688fab228d41499ab74f882ee9efcff531db8" }, { "Size": 3072, "DiffID": "sha256:6bc19984e57c6e9b1e96e7745aa94ded9a57a72b38d561d733b77be12c94bd30" }, { "Size": 3584, "DiffID": "sha256:2733b51c753b6441e4d68270082589d9f0819a6025fbc7416ace2925e32bd0cb" }, { "Size": 3584, "DiffID": "sha256:2733b51c753b6441e4d68270082589d9f0819a6025fbc7416ace2925e32bd0cb" } ] }, "Results": [ { "Target": "masina-dock_masina-dock:latest (debian 13.1)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "adduser@3.152", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.1", "UID": "a43cd8c736fb1210" }, "Version": "3.152", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.152", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", "DependsOn": [ "passwd@1:4.17.4-2" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/doc/adduser/NEWS.Debian.gz", "/usr/share/doc/adduser/README.gz", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README", "/usr/share/doc/adduser/examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/doc/adduser/examples/deluser.conf", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/adduser.local.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/adduser.local.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/nl/man5/adduser.conf.5.gz", "/usr/share/man/nl/man5/deluser.conf.5.gz", "/usr/share/man/nl/man8/adduser.8.gz", "/usr/share/man/nl/man8/adduser.local.8.gz", "/usr/share/man/nl/man8/deluser.8.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/adduser.local.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ro/man5/adduser.conf.5.gz", "/usr/share/man/ro/man5/deluser.conf.5.gz", "/usr/share/man/ro/man8/adduser.8.gz", "/usr/share/man/ro/man8/adduser.local.8.gz", "/usr/share/man/ro/man8/deluser.8.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/perl5/Debian/AdduserCommon.pm", "/usr/share/perl5/Debian/AdduserLogging.pm", "/usr/share/perl5/Debian/AdduserRetvalues.pm" ] }, { "ID": "apt@3.0.3", "Name": "apt", "Identifier": { "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.1", "UID": "26cbc052ac267c2" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "DependsOn": [ "adduser@3.152", "base-passwd@3.6.7", "debian-archive-keyring@2025.1", "libapt-pkg7.0@3.0.3", "libc6@2.41-12", "libgcc-s1@14.2.0-19", "libseccomp2@2.6.0-2", "libssl3t64@3.5.1-1+deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.8-1~deb13u2", "sqv@1.3.0-3" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-mark", "/usr/lib/apt/apt-extracttemplates", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/sqv", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/systemd/system/apt-daily-upgrade.service", "/usr/lib/systemd/system/apt-daily-upgrade.timer", "/usr/lib/systemd/system/apt-daily.service", "/usr/lib/systemd/system/apt-daily.timer", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/apt/default-sequoia.config", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/NEWS.Debian.gz", "/usr/share/doc/apt/README.md.gz", "/usr/share/doc/apt/changelog.gz", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/debian.sources", "/usr/share/doc/apt/examples/preferences", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man7/apt-patterns.7.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man7/apt-patterns.7.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man7/apt-patterns.7.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man7/apt-patterns.7.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ] }, { "ID": "base-files@13.8+deb13u1", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "f2c993d1e1f97238" }, "Version": "13.8+deb13u1", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "13.8+deb13u1", "Licenses": [ "GPL-2.0-or-later", "verbatim" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/NEWS.Debian.gz", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ] }, { "ID": "base-passwd@3.6.7", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.1", "UID": "e32fda680625d96d" }, "Version": "3.6.7", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.6.7", "Licenses": [ "GPL-2.0-only", "public-domain" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libdebconfclient0@0.280", "libselinux1@3.8.1-1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/base-passwd.users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ro/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ] }, { "ID": "bash@5.2.37-2+b5", "Name": "bash", "Identifier": { "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb5?arch=amd64\u0026distro=debian-13.1", "UID": "235aa9088a703d3c" }, "Version": "5.2.37", "Release": "2+b5", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.2.37", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only", "Latex2e", "BSD-4-Clause-UC", "MIT", "permissive" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "base-files@13.8+deb13u1", "debianutils@5.23.2" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/debianutils/shells.d/bash", "/usr/share/doc/bash/CHANGES.gz", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.amd64.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/changelog.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/locale/af/LC_MESSAGES/bash.mo", "/usr/share/locale/bg/LC_MESSAGES/bash.mo", "/usr/share/locale/ca/LC_MESSAGES/bash.mo", "/usr/share/locale/cs/LC_MESSAGES/bash.mo", "/usr/share/locale/da/LC_MESSAGES/bash.mo", "/usr/share/locale/de/LC_MESSAGES/bash.mo", "/usr/share/locale/el/LC_MESSAGES/bash.mo", "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", "/usr/share/locale/eo/LC_MESSAGES/bash.mo", "/usr/share/locale/es/LC_MESSAGES/bash.mo", "/usr/share/locale/et/LC_MESSAGES/bash.mo", "/usr/share/locale/fi/LC_MESSAGES/bash.mo", "/usr/share/locale/fr/LC_MESSAGES/bash.mo", "/usr/share/locale/ga/LC_MESSAGES/bash.mo", "/usr/share/locale/gl/LC_MESSAGES/bash.mo", "/usr/share/locale/hr/LC_MESSAGES/bash.mo", "/usr/share/locale/hu/LC_MESSAGES/bash.mo", "/usr/share/locale/id/LC_MESSAGES/bash.mo", "/usr/share/locale/it/LC_MESSAGES/bash.mo", "/usr/share/locale/ja/LC_MESSAGES/bash.mo", "/usr/share/locale/ko/LC_MESSAGES/bash.mo", "/usr/share/locale/lt/LC_MESSAGES/bash.mo", "/usr/share/locale/nb/LC_MESSAGES/bash.mo", "/usr/share/locale/nl/LC_MESSAGES/bash.mo", "/usr/share/locale/pl/LC_MESSAGES/bash.mo", "/usr/share/locale/pt/LC_MESSAGES/bash.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", "/usr/share/locale/ro/LC_MESSAGES/bash.mo", "/usr/share/locale/ru/LC_MESSAGES/bash.mo", "/usr/share/locale/sk/LC_MESSAGES/bash.mo", "/usr/share/locale/sl/LC_MESSAGES/bash.mo", "/usr/share/locale/sr/LC_MESSAGES/bash.mo", "/usr/share/locale/sv/LC_MESSAGES/bash.mo", "/usr/share/locale/tr/LC_MESSAGES/bash.mo", "/usr/share/locale/uk/LC_MESSAGES/bash.mo", "/usr/share/locale/vi/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ] }, { "ID": "binutils@2.44-3", "Name": "binutils", "Identifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GFDL-1.3-or-later" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "binutils-common@2.44-3", "binutils-x86-64-linux-gnu@2.44-3", "libbinutils@2.44-3", "libc6@2.41-12", "libgcc-s1@14.2.0-19", "libgprofng0@2.44-3", "libstdc++6@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/etc/gprofng.rc", "/usr/bin/gprofng", "/usr/bin/gprofng-archive", "/usr/bin/gprofng-collect-app", "/usr/bin/gprofng-display-html", "/usr/bin/gprofng-display-src", "/usr/bin/gprofng-display-text", "/usr/share/bug/binutils/presubj", "/usr/share/doc/binutils/changelog.Debian.gz", "/usr/share/doc/binutils/copyright", "/usr/share/lintian/overrides/binutils", "/usr/share/man/man1/gprofng-archive.1.gz", "/usr/share/man/man1/gprofng-collect-app.1.gz", "/usr/share/man/man1/gprofng-display-html.1.gz", "/usr/share/man/man1/gprofng-display-src.1.gz", "/usr/share/man/man1/gprofng-display-text.1.gz", "/usr/share/man/man1/gprofng.1.gz" ] }, { "ID": "binutils-common@2.44-3", "Name": "binutils-common", "Identifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GFDL-1.3-or-later" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/doc/binutils-common/changelog.Debian.gz", "/usr/share/doc/binutils-common/copyright", "/usr/share/doc/binutils/NEWS.gz", "/usr/share/doc/binutils/README.cross.gz", "/usr/share/doc/binutils/bfd/ChangeLog.gz", "/usr/share/doc/binutils/bfd/PORTING.gz", "/usr/share/doc/binutils/bfd/TODO.gz", "/usr/share/doc/binutils/changelog.gz", "/usr/share/doc/binutils/gas/ChangeLog.gz", "/usr/share/doc/binutils/gas/NEWS.gz", "/usr/share/doc/binutils/gprof/ChangeLog.gz", "/usr/share/doc/binutils/gprof/TEST.gz", "/usr/share/doc/binutils/gprof/TODO.gz", "/usr/share/doc/binutils/gprof/bbconv.pl", "/usr/share/doc/binutils/ld/ChangeLog.gz", "/usr/share/doc/binutils/ld/NEWS.gz", "/usr/share/doc/binutils/ld/TODO.gz", "/usr/share/lintian/overrides/binutils-common", "/usr/share/locale/bg/LC_MESSAGES/binutils.mo", "/usr/share/locale/bg/LC_MESSAGES/gprof.mo", "/usr/share/locale/bg/LC_MESSAGES/ld.mo", "/usr/share/locale/ca/LC_MESSAGES/binutils.mo", "/usr/share/locale/da/LC_MESSAGES/bfd.mo", "/usr/share/locale/da/LC_MESSAGES/binutils.mo", "/usr/share/locale/da/LC_MESSAGES/gprof.mo", "/usr/share/locale/da/LC_MESSAGES/ld.mo", "/usr/share/locale/da/LC_MESSAGES/opcodes.mo", "/usr/share/locale/de/LC_MESSAGES/gprof.mo", "/usr/share/locale/de/LC_MESSAGES/ld.mo", "/usr/share/locale/de/LC_MESSAGES/opcodes.mo", "/usr/share/locale/eo/LC_MESSAGES/gprof.mo", "/usr/share/locale/es/LC_MESSAGES/bfd.mo", "/usr/share/locale/es/LC_MESSAGES/binutils.mo", "/usr/share/locale/es/LC_MESSAGES/gas.mo", "/usr/share/locale/es/LC_MESSAGES/gprof.mo", "/usr/share/locale/es/LC_MESSAGES/ld.mo", "/usr/share/locale/es/LC_MESSAGES/opcodes.mo", "/usr/share/locale/fi/LC_MESSAGES/bfd.mo", "/usr/share/locale/fi/LC_MESSAGES/binutils.mo", "/usr/share/locale/fi/LC_MESSAGES/gas.mo", "/usr/share/locale/fi/LC_MESSAGES/gprof.mo", "/usr/share/locale/fi/LC_MESSAGES/ld.mo", "/usr/share/locale/fi/LC_MESSAGES/opcodes.mo", "/usr/share/locale/fr/LC_MESSAGES/bfd.mo", "/usr/share/locale/fr/LC_MESSAGES/binutils.mo", "/usr/share/locale/fr/LC_MESSAGES/gas.mo", "/usr/share/locale/fr/LC_MESSAGES/gprof.mo", "/usr/share/locale/fr/LC_MESSAGES/ld.mo", "/usr/share/locale/fr/LC_MESSAGES/opcodes.mo", "/usr/share/locale/ga/LC_MESSAGES/gprof.mo", "/usr/share/locale/ga/LC_MESSAGES/ld.mo", "/usr/share/locale/ga/LC_MESSAGES/opcodes.mo", "/usr/share/locale/hr/LC_MESSAGES/bfd.mo", "/usr/share/locale/hr/LC_MESSAGES/binutils.mo", "/usr/share/locale/hu/LC_MESSAGES/gprof.mo", "/usr/share/locale/id/LC_MESSAGES/bfd.mo", "/usr/share/locale/id/LC_MESSAGES/binutils.mo", "/usr/share/locale/id/LC_MESSAGES/gas.mo", "/usr/share/locale/id/LC_MESSAGES/gprof.mo", "/usr/share/locale/id/LC_MESSAGES/ld.mo", "/usr/share/locale/id/LC_MESSAGES/opcodes.mo", "/usr/share/locale/it/LC_MESSAGES/binutils.mo", "/usr/share/locale/it/LC_MESSAGES/gprof.mo", "/usr/share/locale/it/LC_MESSAGES/ld.mo", "/usr/share/locale/it/LC_MESSAGES/opcodes.mo", "/usr/share/locale/ja/LC_MESSAGES/bfd.mo", "/usr/share/locale/ja/LC_MESSAGES/binutils.mo", "/usr/share/locale/ja/LC_MESSAGES/gas.mo", "/usr/share/locale/ja/LC_MESSAGES/gprof.mo", "/usr/share/locale/ja/LC_MESSAGES/ld.mo", "/usr/share/locale/ka/LC_MESSAGES/bfd.mo", "/usr/share/locale/ka/LC_MESSAGES/gprof.mo", "/usr/share/locale/ka/LC_MESSAGES/ld.mo", "/usr/share/locale/ms/LC_MESSAGES/bfd.mo", "/usr/share/locale/ms/LC_MESSAGES/gprof.mo", "/usr/share/locale/nl/LC_MESSAGES/gprof.mo", "/usr/share/locale/nl/LC_MESSAGES/opcodes.mo", "/usr/share/locale/pt/LC_MESSAGES/bfd.mo", "/usr/share/locale/pt/LC_MESSAGES/binutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/gprof.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/ld.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/opcodes.mo", "/usr/share/locale/ro/LC_MESSAGES/bfd.mo", "/usr/share/locale/ro/LC_MESSAGES/binutils.mo", "/usr/share/locale/ro/LC_MESSAGES/gas.mo", "/usr/share/locale/ro/LC_MESSAGES/gprof.mo", "/usr/share/locale/ro/LC_MESSAGES/ld.mo", "/usr/share/locale/ro/LC_MESSAGES/opcodes.mo", "/usr/share/locale/ru/LC_MESSAGES/bfd.mo", "/usr/share/locale/ru/LC_MESSAGES/binutils.mo", "/usr/share/locale/ru/LC_MESSAGES/gas.mo", "/usr/share/locale/ru/LC_MESSAGES/gprof.mo", "/usr/share/locale/ru/LC_MESSAGES/ld.mo", "/usr/share/locale/rw/LC_MESSAGES/bfd.mo", "/usr/share/locale/rw/LC_MESSAGES/binutils.mo", "/usr/share/locale/rw/LC_MESSAGES/gas.mo", "/usr/share/locale/rw/LC_MESSAGES/gprof.mo", "/usr/share/locale/sk/LC_MESSAGES/binutils.mo", "/usr/share/locale/sr/LC_MESSAGES/bfd.mo", "/usr/share/locale/sr/LC_MESSAGES/binutils.mo", "/usr/share/locale/sr/LC_MESSAGES/gprof.mo", "/usr/share/locale/sr/LC_MESSAGES/ld.mo", "/usr/share/locale/sr/LC_MESSAGES/opcodes.mo", "/usr/share/locale/sv/LC_MESSAGES/bfd.mo", "/usr/share/locale/sv/LC_MESSAGES/binutils.mo", "/usr/share/locale/sv/LC_MESSAGES/gas.mo", "/usr/share/locale/sv/LC_MESSAGES/gprof.mo", "/usr/share/locale/sv/LC_MESSAGES/ld.mo", "/usr/share/locale/sv/LC_MESSAGES/opcodes.mo", "/usr/share/locale/tr/LC_MESSAGES/bfd.mo", "/usr/share/locale/tr/LC_MESSAGES/binutils.mo", "/usr/share/locale/tr/LC_MESSAGES/gas.mo", "/usr/share/locale/tr/LC_MESSAGES/gprof.mo", "/usr/share/locale/tr/LC_MESSAGES/ld.mo", "/usr/share/locale/tr/LC_MESSAGES/opcodes.mo", "/usr/share/locale/uk/LC_MESSAGES/bfd.mo", "/usr/share/locale/uk/LC_MESSAGES/binutils.mo", "/usr/share/locale/uk/LC_MESSAGES/gas.mo", "/usr/share/locale/uk/LC_MESSAGES/gprof.mo", "/usr/share/locale/uk/LC_MESSAGES/ld.mo", "/usr/share/locale/uk/LC_MESSAGES/opcodes.mo", "/usr/share/locale/vi/LC_MESSAGES/bfd.mo", "/usr/share/locale/vi/LC_MESSAGES/binutils.mo", "/usr/share/locale/vi/LC_MESSAGES/gprof.mo", "/usr/share/locale/vi/LC_MESSAGES/ld.mo", "/usr/share/locale/vi/LC_MESSAGES/opcodes.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/bfd.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/binutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/gas.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/ld.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/opcodes.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/binutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/ld.mo", "/usr/share/man/man1/addr2line.1.gz", "/usr/share/man/man1/ar.1.gz", "/usr/share/man/man1/as.1.gz", "/usr/share/man/man1/c++filt.1.gz", "/usr/share/man/man1/elfedit.1.gz", "/usr/share/man/man1/gprof.1.gz", "/usr/share/man/man1/ld.bfd.1.gz", "/usr/share/man/man1/nm.1.gz", "/usr/share/man/man1/objcopy.1.gz", "/usr/share/man/man1/objdump.1.gz", "/usr/share/man/man1/ranlib.1.gz", "/usr/share/man/man1/readelf.1.gz", "/usr/share/man/man1/size.1.gz", "/usr/share/man/man1/strings.1.gz", "/usr/share/man/man1/strip.1.gz" ] }, { "ID": "binutils-x86-64-linux-gnu@2.44-3", "Name": "binutils-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "binutils-common@2.44-3", "libbinutils@2.44-3", "libc6@2.41-12", "libctf-nobfd0@2.44-3", "libctf0@2.44-3", "libjansson4@2.14-2+b3", "libsframe1@2.44-3", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/x86_64-linux-gnu-addr2line", "/usr/bin/x86_64-linux-gnu-ar", "/usr/bin/x86_64-linux-gnu-as", "/usr/bin/x86_64-linux-gnu-c++filt", "/usr/bin/x86_64-linux-gnu-elfedit", "/usr/bin/x86_64-linux-gnu-gprof", "/usr/bin/x86_64-linux-gnu-ld.bfd", "/usr/bin/x86_64-linux-gnu-nm", "/usr/bin/x86_64-linux-gnu-objcopy", "/usr/bin/x86_64-linux-gnu-objdump", "/usr/bin/x86_64-linux-gnu-ranlib", "/usr/bin/x86_64-linux-gnu-readelf", "/usr/bin/x86_64-linux-gnu-size", "/usr/bin/x86_64-linux-gnu-strings", "/usr/bin/x86_64-linux-gnu-strip", "/usr/lib/x86_64-linux-gnu/bfd-plugins/libdep.so", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.x", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xbn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xd", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xdc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xdce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xdcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xde", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xder", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xdw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xdwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xdwer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xr", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xs", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xsc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xsce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xscer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xse", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xser", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xsw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xswe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xswer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xu", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf32_x86_64.xwer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.x", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xbn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xd", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xdc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xdce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xdcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xde", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xder", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xdw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xdwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xdwer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xr", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xs", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xsc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xsce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xscer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xse", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xser", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xsw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xswe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xswer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xu", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_i386.xwer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.x", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xbn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xd", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xdc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xdce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xdcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xde", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xder", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xdw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xdwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xdwer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xr", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xs", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xsc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xsce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xscer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xse", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xser", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xsw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xswe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xswer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xu", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_iamcu.xwer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.x", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xbn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xd", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xdc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xdce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xdcer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xde", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xder", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xdw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xdwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xdwer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xn", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xr", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xs", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xsc", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xsce", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xscer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xse", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xser", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xsw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xswe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xswer", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xu", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xw", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xwe", "/usr/lib/x86_64-linux-gnu/ldscripts/elf_x86_64.xwer", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.x", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.xa", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.xbn", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.xe", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.xer", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.xn", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.xr", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pe.xu", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.x", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.xa", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.xbn", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.xe", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.xer", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.xn", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.xr", "/usr/lib/x86_64-linux-gnu/ldscripts/i386pep.xu", "/usr/lib/x86_64-linux-gnu/ldscripts/stamp", "/usr/share/doc/binutils/test-summary-amd64.gz", "/usr/share/lintian/overrides/binutils-x86-64-linux-gnu" ] }, { "ID": "bsdutils@1:2.41-5", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "c9de60be80a96a27" }, "Version": "2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptlive", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptlive", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/NEWS.Debian.gz", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/changelog.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptlive.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ] }, { "ID": "ca-certificates@20250419", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.1", "UID": "bcbbfb6dcdbd65a7" }, "Version": "20250419", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20250419", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", "DependsOn": [ "debconf@1.5.91", "openssl@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ] }, { "ID": "coreutils@9.7-3", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.1", "UID": "a90cbdbcbab1768e" }, "Version": "9.7", "Release": "3", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "9.7", "SrcRelease": "3", "Licenses": [ "GPL-3.0-or-later", "BSD-4-Clause-UC", "GPL-3.0-only", "ISC", "FSFULLR", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only" ], "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/basenc", "/usr/bin/cat", "/usr/bin/chcon", "/usr/bin/chgrp", "/usr/bin/chmod", "/usr/bin/chown", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/cp", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/date", "/usr/bin/dd", "/usr/bin/df", "/usr/bin/dir", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/echo", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/false", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/ln", "/usr/bin/logname", "/usr/bin/ls", "/usr/bin/md5sum", "/usr/bin/mkdir", "/usr/bin/mkfifo", "/usr/bin/mknod", "/usr/bin/mktemp", "/usr/bin/mv", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/pwd", "/usr/bin/readlink", "/usr/bin/realpath", "/usr/bin/rm", "/usr/bin/rmdir", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sleep", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/stty", "/usr/bin/sum", "/usr/bin/sync", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/touch", "/usr/bin/tr", "/usr/bin/true", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/uname", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/vdir", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/libexec/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/changelog.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/lintian/overrides/coreutils", "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/basenc.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ] }, { "ID": "cpp@4:14.2.0-1", "Name": "cpp", "Identifier": { "PURL": "pkg:deb/debian/cpp@14.2.0-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=4", "UID": "82d4426126261072" }, "Version": "14.2.0", "Release": "1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.220", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "cpp-14@14.2.0-19", "cpp-x86-64-linux-gnu@4:14.2.0-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/lintian/overrides/cpp" ] }, { "ID": "cpp-14@14.2.0-19", "Name": "cpp-14", "Identifier": { "PURL": "pkg:deb/debian/cpp-14@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "4686e9baa23abd0c" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "cpp-14-x86-64-linux-gnu@14.2.0-19", "gcc-14-base@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/lintian/overrides/cpp-14" ] }, { "ID": "cpp-14-x86-64-linux-gnu@14.2.0-19", "Name": "cpp-14-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/debian/cpp-14-x86-64-linux-gnu@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "518095faa4c9e3d6" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgmp10@2:6.3.0+dfsg-3", "libisl23@0.27-1", "libmpc3@1.3.1-1+b3", "libmpfr6@4.2.2-1", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/x86_64-linux-gnu-cpp-14", "/usr/libexec/gcc/x86_64-linux-gnu/14/cc1", "/usr/share/lintian/overrides/cpp-14-x86-64-linux-gnu" ] }, { "ID": "cpp-x86-64-linux-gnu@4:14.2.0-1", "Name": "cpp-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/debian/cpp-x86-64-linux-gnu@14.2.0-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=4", "UID": "ce2cac73528db47f" }, "Version": "14.2.0", "Release": "1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.220", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "cpp-14-x86-64-linux-gnu@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/doc/cpp-x86-64-linux-gnu/changelog.gz", "/usr/share/doc/cpp-x86-64-linux-gnu/copyright", "/usr/share/lintian/overrides/cpp-x86-64-linux-gnu" ] }, { "ID": "dash@0.5.12-12", "Name": "dash", "Identifier": { "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.1", "UID": "89c835b0985cdc5c" }, "Version": "0.5.12", "Release": "12", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.12", "SrcRelease": "12", "Licenses": [ "BSD-3-Clause", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "DependsOn": [ "debianutils@5.23.2" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/dash", "/usr/share/debianutils/shells.d/dash", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/changelog.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ] }, { "ID": "debconf@1.5.91", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.1", "UID": "dbd74d1c32616a65" }, "Version": "1.5.91", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.91", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ] }, { "ID": "debian-archive-keyring@2025.1", "Name": "debian-archive-keyring", "Identifier": { "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.1", "UID": "3d23f3bc34b84a13" }, "Version": "2025.1", "Arch": "all", "SrcName": "debian-archive-keyring", "SrcVersion": "2025.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", "/usr/share/doc/debian-archive-keyring/README", "/usr/share/doc/debian-archive-keyring/changelog.gz", "/usr/share/doc/debian-archive-keyring/copyright", "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", "/usr/share/keyrings/debian-archive-keyring.pgp", "/usr/share/keyrings/debian-archive-removed-keys.pgp", "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-stable.pgp" ] }, { "ID": "debianutils@5.23.2", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.1", "UID": "1faaee83f4beb2af" }, "Version": "5.23.2", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.23.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "SMAIL-GPL" ], "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/ischroot", "/usr/bin/run-parts", "/usr/bin/savelog", "/usr/bin/tempfile", "/usr/bin/which.debianutils", "/usr/sbin/add-shell", "/usr/sbin/installkernel", "/usr/sbin/remove-shell", "/usr/sbin/update-shells", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/which.debianutils.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/which.debianutils.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/which.debianutils.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/which.debianutils.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/which.debianutils.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.debianutils.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/man8/update-shells.8.gz", "/usr/share/man/pl/man1/which.debianutils.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/pt/man1/which.debianutils.1.gz", "/usr/share/man/pt/man8/add-shell.8.gz", "/usr/share/man/pt/man8/installkernel.8.gz", "/usr/share/man/pt/man8/remove-shell.8.gz", "/usr/share/man/pt/man8/run-parts.8.gz", "/usr/share/man/pt/man8/savelog.8.gz", "/usr/share/man/sl/man1/which.debianutils.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ] }, { "ID": "diffutils@1:3.10-4", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "6ae1b70a720e3ebb" }, "Version": "3.10", "Release": "4", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.10", "SrcRelease": "4", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "FSFULLR", "LGPL-2.1-or-later", "GPL-3.0-with-autoconf-exception+", "GPL-3.0-only", "GPL-3+ with texinfo exception", "LGPL-2.0-or-later", "GPL-2.0-or-later", "X11", "FSFAP", "GFDL-1.3-no-invariants-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "public-domain", "LGPL-2.0-only", "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/changelog.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ] }, { "ID": "dpkg@1.22.21", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/debian/dpkg@1.22.21?arch=amd64\u0026distro=debian-13.1", "UID": "cc27f3afd091dba3" }, "Version": "1.22.21", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.22.21", "Licenses": [ "GPL-2.0-or-later", "public-domain-s-s-d", "GPL-2.0-only" ], "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", "DependsOn": [ "tar@1.35+dfsg-3.1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-realpath", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/lib/systemd/system/dpkg-db-backup.service", "/usr/lib/systemd/system/dpkg-db-backup.timer", "/usr/libexec/dpkg/dpkg-db-backup", "/usr/libexec/dpkg/dpkg-db-keeper", "/usr/sbin/start-stop-daemon", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.api", "/usr/share/doc/dpkg/README.bug-usertags.gz", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/sh/dpkg-error.sh", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-realpath.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-realpath.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/it/man5/dpkg.cfg.5.gz", "/usr/share/man/ja/man5/dpkg.cfg.5.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-realpath.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-realpath.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man1/dpkg-deb.1.gz", "/usr/share/man/pt/man1/dpkg-divert.1.gz", "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/pt/man1/dpkg-query.1.gz", "/usr/share/man/pt/man1/dpkg-realpath.1.gz", "/usr/share/man/pt/man1/dpkg-split.1.gz", "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", "/usr/share/man/pt/man1/dpkg-trigger.1.gz", "/usr/share/man/pt/man1/dpkg.1.gz", "/usr/share/man/pt/man1/update-alternatives.1.gz", "/usr/share/man/pt/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man8/start-stop-daemon.8.gz", "/usr/share/man/sv/man1/dpkg-deb.1.gz", "/usr/share/man/sv/man1/dpkg-divert.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-query.1.gz", "/usr/share/man/sv/man1/dpkg-realpath.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/dpkg.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/man/sv/man5/dpkg.cfg.5.gz", "/usr/share/man/sv/man8/start-stop-daemon.8.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ] }, { "ID": "findutils@4.10.0-3", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.1", "UID": "111949a4800741f1" }, "Version": "4.10.0", "Release": "3", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.10.0", "SrcRelease": "3", "Licenses": [ "GFDL-1.3-no-invariants-or-later", "GPL-3.0-or-later", "FSFAP", "GPL-2+ with Autoconf-data exception", "GPL-3+ with Autoconf-data exception", "FSFULLR", "GPL-2.0-or-later", "X11", "public-domain", "LGPL-2.1-or-later", "GPL with automake exception", "LGPL-2.0-or-later", "LGPL-3.0-or-later", "BSD-3-Clause", "GPL-3+ with Bison-2.2 exception", "LGPL-3.0-only", "ISC", "GFDL-1.3-only", "GPL-2.0-only", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils.findutils", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/changelog.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info.gz", "/usr/share/locale/be/LC_MESSAGES/findutils.mo", "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", "/usr/share/locale/da/LC_MESSAGES/findutils.mo", "/usr/share/locale/de/LC_MESSAGES/findutils.mo", "/usr/share/locale/el/LC_MESSAGES/findutils.mo", "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", "/usr/share/locale/es/LC_MESSAGES/findutils.mo", "/usr/share/locale/et/LC_MESSAGES/findutils.mo", "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", "/usr/share/locale/id/LC_MESSAGES/findutils.mo", "/usr/share/locale/it/LC_MESSAGES/findutils.mo", "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ] }, { "ID": "g++@4:14.2.0-1", "Name": "g++", "Identifier": { "PURL": "pkg:deb/debian/g%2B%2B@14.2.0-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=4", "UID": "2b229762949da3ae" }, "Version": "14.2.0", "Release": "1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.220", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "cpp-x86-64-linux-gnu@4:14.2.0-1", "cpp@4:14.2.0-1", "g++-14@14.2.0-19", "g++-x86-64-linux-gnu@4:14.2.0-1", "gcc-14@14.2.0-19", "gcc@4:14.2.0-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/lintian/overrides/g++" ] }, { "ID": "g++-14@14.2.0-19", "Name": "g++-14", "Identifier": { "PURL": "pkg:deb/debian/g%2B%2B-14@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "39cc0b31d662bc3f" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "g++-14-x86-64-linux-gnu@14.2.0-19", "gcc-14-base@14.2.0-19", "gcc-14@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/C++/README.C++", "/usr/share/doc/gcc-14-base/C++/changelog.gz", "/usr/share/lintian/overrides/g++-14" ] }, { "ID": "g++-14-x86-64-linux-gnu@14.2.0-19", "Name": "g++-14-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/debian/g%2B%2B-14-x86-64-linux-gnu@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "947656f6d171f94d" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "gcc-14-x86-64-linux-gnu@14.2.0-19", "libc6@2.41-12", "libgmp10@2:6.3.0+dfsg-3", "libisl23@0.27-1", "libmpc3@1.3.1-1+b3", "libmpfr6@4.2.2-1", "libstdc++-14-dev@14.2.0-19", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/x86_64-linux-gnu-g++-14", "/usr/libexec/gcc/x86_64-linux-gnu/14/cc1plus", "/usr/libexec/gcc/x86_64-linux-gnu/14/g++-mapper-server", "/usr/share/lintian/overrides/g++-14-x86-64-linux-gnu" ] }, { "ID": "g++-x86-64-linux-gnu@4:14.2.0-1", "Name": "g++-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/debian/g%2B%2B-x86-64-linux-gnu@14.2.0-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=4", "UID": "73db41d17c52a0d4" }, "Version": "14.2.0", "Release": "1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.220", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "cpp-x86-64-linux-gnu@4:14.2.0-1", "g++-14-x86-64-linux-gnu@14.2.0-19", "gcc-x86-64-linux-gnu@4:14.2.0-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/lintian/overrides/g++-x86-64-linux-gnu" ] }, { "ID": "gcc@4:14.2.0-1", "Name": "gcc", "Identifier": { "PURL": "pkg:deb/debian/gcc@14.2.0-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=4", "UID": "9e68a9df2aac053f" }, "Version": "14.2.0", "Release": "1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.220", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "cpp-x86-64-linux-gnu@4:14.2.0-1", "cpp@4:14.2.0-1", "gcc-14@14.2.0-19", "gcc-x86-64-linux-gnu@4:14.2.0-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/c89-gcc", "/usr/bin/c99-gcc", "/usr/share/lintian/overrides/gcc", "/usr/share/man/man1/c89-gcc.1.gz", "/usr/share/man/man1/c99-gcc.1.gz" ] }, { "ID": "gcc-14@14.2.0-19", "Name": "gcc-14", "Identifier": { "PURL": "pkg:deb/debian/gcc-14@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "94c77041d0d0a76c" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "binutils@2.44-3", "cpp-14@14.2.0-19", "gcc-14-base@14.2.0-19", "gcc-14-x86-64-linux-gnu@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/NEWS.gz", "/usr/share/doc/gcc-14-base/NEWS.html", "/usr/share/doc/gcc-14-base/README.Bugs", "/usr/share/doc/gcc-14-base/README.ssp", "/usr/share/doc/gcc-14-base/changelog.gz", "/usr/share/doc/gcc-14-base/gcc/changelog.gz", "/usr/share/doc/gcc-14-base/gomp/changelog.gz", "/usr/share/doc/gcc-14-base/itm/changelog.gz", "/usr/share/doc/gcc-14-base/quadmath/changelog.gz", "/usr/share/doc/gcc-14-base/sanitizer/changelog.gz", "/usr/share/lintian/overrides/gcc-14" ] }, { "ID": "gcc-14-base@14.2.0-19", "Name": "gcc-14-base", "Identifier": { "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "a2d64c6b5f038075" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-14-base/TODO.Debian", "/usr/share/doc/gcc-14-base/changelog.Debian.gz", "/usr/share/doc/gcc-14-base/copyright" ] }, { "ID": "gcc-14-x86-64-linux-gnu@14.2.0-19", "Name": "gcc-14-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/debian/gcc-14-x86-64-linux-gnu@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "bb6ed42cf3450b1b" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "binutils-x86-64-linux-gnu@2.44-3", "cpp-14-x86-64-linux-gnu@14.2.0-19", "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libcc1-0@14.2.0-19", "libgcc-14-dev@14.2.0-19", "libgcc-s1@14.2.0-19", "libgmp10@2:6.3.0+dfsg-3", "libisl23@0.27-1", "libmpc3@1.3.1-1+b3", "libmpfr6@4.2.2-1", "libstdc++6@14.2.0-19", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/x86_64-linux-gnu-gcc-14", "/usr/bin/x86_64-linux-gnu-gcc-ar-14", "/usr/bin/x86_64-linux-gnu-gcc-nm-14", "/usr/bin/x86_64-linux-gnu-gcc-ranlib-14", "/usr/bin/x86_64-linux-gnu-gcov-14", "/usr/bin/x86_64-linux-gnu-gcov-dump-14", "/usr/bin/x86_64-linux-gnu-gcov-tool-14", "/usr/bin/x86_64-linux-gnu-lto-dump-14", "/usr/lib/gcc/x86_64-linux-gnu/14/libgomp.spec", "/usr/lib/gcc/x86_64-linux-gnu/14/libhwasan_preinit.o", "/usr/lib/gcc/x86_64-linux-gnu/14/libitm.spec", "/usr/lib/gcc/x86_64-linux-gnu/14/libsanitizer.spec", "/usr/lib/gcc/x86_64-linux-gnu/14/plugin/libcc1plugin.so.0.0.0", "/usr/lib/gcc/x86_64-linux-gnu/14/plugin/libcp1plugin.so.0.0.0", "/usr/libexec/gcc/x86_64-linux-gnu/14/collect2", "/usr/libexec/gcc/x86_64-linux-gnu/14/liblto_plugin.so", "/usr/libexec/gcc/x86_64-linux-gnu/14/lto-wrapper", "/usr/libexec/gcc/x86_64-linux-gnu/14/lto1", "/usr/share/lintian/overrides/gcc-14-x86-64-linux-gnu", "/usr/share/man/man1/x86_64-linux-gnu-gcc-ar-14.1.gz", "/usr/share/man/man1/x86_64-linux-gnu-gcc-nm-14.1.gz", "/usr/share/man/man1/x86_64-linux-gnu-gcc-ranlib-14.1.gz" ] }, { "ID": "gcc-x86-64-linux-gnu@4:14.2.0-1", "Name": "gcc-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/debian/gcc-x86-64-linux-gnu@14.2.0-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=4", "UID": "9f312ceb4cf34c4f" }, "Version": "14.2.0", "Release": "1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.220", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "cpp-x86-64-linux-gnu@4:14.2.0-1", "gcc-14-x86-64-linux-gnu@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/lintian/overrides/gcc-x86-64-linux-gnu" ] }, { "ID": "grep@3.11-4", "Name": "grep", "Identifier": { "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.1", "UID": "d450e0ea7fae458f" }, "Version": "3.11", "Release": "4", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.11", "SrcRelease": "4", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/egrep", "/usr/bin/fgrep", "/usr/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.Debian.gz", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/changelog.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/locale/af/LC_MESSAGES/grep.mo", "/usr/share/locale/be/LC_MESSAGES/grep.mo", "/usr/share/locale/bg/LC_MESSAGES/grep.mo", "/usr/share/locale/ca/LC_MESSAGES/grep.mo", "/usr/share/locale/cs/LC_MESSAGES/grep.mo", "/usr/share/locale/da/LC_MESSAGES/grep.mo", "/usr/share/locale/de/LC_MESSAGES/grep.mo", "/usr/share/locale/el/LC_MESSAGES/grep.mo", "/usr/share/locale/eo/LC_MESSAGES/grep.mo", "/usr/share/locale/es/LC_MESSAGES/grep.mo", "/usr/share/locale/et/LC_MESSAGES/grep.mo", "/usr/share/locale/eu/LC_MESSAGES/grep.mo", "/usr/share/locale/fi/LC_MESSAGES/grep.mo", "/usr/share/locale/fr/LC_MESSAGES/grep.mo", "/usr/share/locale/ga/LC_MESSAGES/grep.mo", "/usr/share/locale/gl/LC_MESSAGES/grep.mo", "/usr/share/locale/he/LC_MESSAGES/grep.mo", "/usr/share/locale/hr/LC_MESSAGES/grep.mo", "/usr/share/locale/hu/LC_MESSAGES/grep.mo", "/usr/share/locale/id/LC_MESSAGES/grep.mo", "/usr/share/locale/it/LC_MESSAGES/grep.mo", "/usr/share/locale/ja/LC_MESSAGES/grep.mo", "/usr/share/locale/ka/LC_MESSAGES/grep.mo", "/usr/share/locale/ko/LC_MESSAGES/grep.mo", "/usr/share/locale/ky/LC_MESSAGES/grep.mo", "/usr/share/locale/lt/LC_MESSAGES/grep.mo", "/usr/share/locale/nb/LC_MESSAGES/grep.mo", "/usr/share/locale/nl/LC_MESSAGES/grep.mo", "/usr/share/locale/pa/LC_MESSAGES/grep.mo", "/usr/share/locale/pl/LC_MESSAGES/grep.mo", "/usr/share/locale/pt/LC_MESSAGES/grep.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", "/usr/share/locale/ro/LC_MESSAGES/grep.mo", "/usr/share/locale/ru/LC_MESSAGES/grep.mo", "/usr/share/locale/sk/LC_MESSAGES/grep.mo", "/usr/share/locale/sl/LC_MESSAGES/grep.mo", "/usr/share/locale/sr/LC_MESSAGES/grep.mo", "/usr/share/locale/sv/LC_MESSAGES/grep.mo", "/usr/share/locale/ta/LC_MESSAGES/grep.mo", "/usr/share/locale/th/LC_MESSAGES/grep.mo", "/usr/share/locale/tr/LC_MESSAGES/grep.mo", "/usr/share/locale/uk/LC_MESSAGES/grep.mo", "/usr/share/locale/vi/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", "/usr/share/man/man1/grep.1.gz" ] }, { "ID": "gzip@1.13-1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.1", "UID": "60254b2bea6a1f09" }, "Version": "1.13", "Release": "1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.13", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GFDL-1.3+-no-invariant", "FSF-manpages", "GPL-3.0-only", "GFDL-3" ], "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/gunzip", "/usr/bin/gzexe", "/usr/bin/gzip", "/usr/bin/zcat", "/usr/bin/zcmp", "/usr/bin/zdiff", "/usr/bin/zegrep", "/usr/bin/zfgrep", "/usr/bin/zforce", "/usr/bin/zgrep", "/usr/bin/zless", "/usr/bin/zmore", "/usr/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/changelog.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ] }, { "ID": "hostname@3.25", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.1", "UID": "87ef62957d44b2c" }, "Version": "3.25", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.25", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ] }, { "ID": "init-system-helpers@1.69~deb13u1", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.1", "UID": "317be9d9c6744acd" }, "Version": "1.69~deb13u1", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.69~deb13u1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/lintian/overrides/init-system-helpers", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ] }, { "ID": "krb5-locales@1.21.3-5", "Name": "krb5-locales", "Identifier": { "PURL": "pkg:deb/debian/krb5-locales@1.21.3-5?arch=all\u0026distro=debian-13.1", "UID": "e9e09fdd7f36416e" }, "Version": "1.21.3", "Release": "5", "Arch": "all", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/doc/krb5-locales/changelog.Debian.gz", "/usr/share/doc/krb5-locales/copyright", "/usr/share/locale/de/LC_MESSAGES/mit-krb5.mo", "/usr/share/locale/en_US/LC_MESSAGES/mit-krb5.mo", "/usr/share/locale/ka/LC_MESSAGES/mit-krb5.mo" ] }, { "ID": "libacl1@2.3.2-2+b1", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.1", "UID": "c595e244e31bea2f" }, "Version": "2.3.2", "Release": "2+b1", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.2", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/changelog.gz", "/usr/share/doc/libacl1/copyright", "/usr/share/lintian/overrides/libacl1" ] }, { "ID": "libapt-pkg7.0@3.0.3", "Name": "libapt-pkg7.0", "Identifier": { "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.1", "UID": "80dd2636db3e0564" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "DependsOn": [ "libbz2-1.0@1.0.8-6", "libc6@2.41-12", "libgcc-s1@14.2.0-19", "liblz4-1@1.10.0-4", "liblzma5@5.8.1-1", "libssl3t64@3.5.1-1+deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.8-1~deb13u2", "libudev1@257.8-1~deb13u2", "libxxhash0@0.8.3-2", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg7.0/changelog.gz", "/usr/share/doc/libapt-pkg7.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" ] }, { "ID": "libasan8@14.2.0-19", "Name": "libasan8", "Identifier": { "PURL": "pkg:deb/debian/libasan8@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "eac28e46f74adda0" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgcc-s1@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libasan.so.8.0.0", "/usr/share/lintian/overrides/libasan8" ] }, { "ID": "libatomic1@14.2.0-19", "Name": "libatomic1", "Identifier": { "PURL": "pkg:deb/debian/libatomic1@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "d5bb9ad2f9cf9047" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libatomic.so.1.2.0" ] }, { "ID": "libattr1@1:2.5.2-3", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "6e85fd1e20e432a1" }, "Version": "2.5.2", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.2", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/changelog.gz", "/usr/share/doc/libattr1/copyright", "/usr/share/lintian/overrides/libattr1" ] }, { "ID": "libaudit-common@1:4.0.2-2", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.1\u0026epoch=1", "UID": "4845289e49197cbd" }, "Version": "4.0.2", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/changelog.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ] }, { "ID": "libaudit1@1:4.0.2-2+b2", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "60f29d52a96eceff" }, "Version": "4.0.2", "Release": "2+b2", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "DependsOn": [ "libaudit-common@1:4.0.2-2", "libc6@2.41-12", "libcap-ng0@0.8.5-4+b1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/changelog.gz", "/usr/share/doc/libaudit1/copyright" ] }, { "ID": "libbinutils@2.44-3", "Name": "libbinutils", "Identifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "binutils-common@2.44-3", "libc6@2.41-12", "libsframe1@2.44-3", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbfd-2.44-system.so", "/usr/lib/x86_64-linux-gnu/libopcodes-2.44-system.so", "/usr/share/lintian/overrides/libbinutils" ] }, { "ID": "libblkid1@2.41-5", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "6c9693ac78293e63" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/NEWS.Debian.gz", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/changelog.gz", "/usr/share/doc/libblkid1/copyright", "/usr/share/lintian/overrides/libblkid1" ] }, { "ID": "libbsd0@0.12.2-2", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.1", "UID": "b5c78e91ff2e46a4" }, "Version": "0.12.2", "Release": "2", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.12.2", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain", "Beerware" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libmd0@1.1.0-2+b1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/changelog.gz", "/usr/share/doc/libbsd0/copyright", "/usr/share/lintian/overrides/libbsd0" ] }, { "ID": "libbz2-1.0@1.0.8-6", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.1", "UID": "6fdb2eb525b1d46" }, "Version": "1.0.8", "Release": "6", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "6", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/changelog.gz", "/usr/share/doc/libbz2-1.0/copyright" ] }, { "ID": "libc-bin@2.41-12", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "Version": "2.41", "Release": "12", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.utf8/LC_ADDRESS", "/usr/lib/locale/C.utf8/LC_COLLATE", "/usr/lib/locale/C.utf8/LC_CTYPE", "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", "/usr/lib/locale/C.utf8/LC_MEASUREMENT", "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.utf8/LC_MONETARY", "/usr/lib/locale/C.utf8/LC_NAME", "/usr/lib/locale/C.utf8/LC_NUMERIC", "/usr/lib/locale/C.utf8/LC_PAPER", "/usr/lib/locale/C.utf8/LC_TELEPHONE", "/usr/lib/locale/C.utf8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/ldconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/changelog.Debian.gz", "/usr/share/doc/libc-bin/changelog.gz", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ] }, { "ID": "libc-dev-bin@2.41-12", "Name": "libc-dev-bin", "Identifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "Version": "2.41", "Release": "12", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/gencat", "/usr/share/doc/libc-dev-bin/changelog.Debian.gz", "/usr/share/doc/libc-dev-bin/changelog.gz", "/usr/share/doc/libc-dev-bin/copyright", "/usr/share/man/man1/gencat.1.gz" ] }, { "ID": "libc6@2.41-12", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "Version": "2.41", "Release": "12", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "DependsOn": [ "libgcc-s1@14.2.0-19" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", "/usr/lib/x86_64-linux-gnu/libanl.so.1", "/usr/lib/x86_64-linux-gnu/libc.so.6", "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", "/usr/lib/x86_64-linux-gnu/libdl.so.2", "/usr/lib/x86_64-linux-gnu/libm.so.6", "/usr/lib/x86_64-linux-gnu/libmemusage.so", "/usr/lib/x86_64-linux-gnu/libmvec.so.1", "/usr/lib/x86_64-linux-gnu/libnsl.so.1", "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", "/usr/lib/x86_64-linux-gnu/libpcprofile.so", "/usr/lib/x86_64-linux-gnu/libpthread.so.0", "/usr/lib/x86_64-linux-gnu/libresolv.so.2", "/usr/lib/x86_64-linux-gnu/librt.so.1", "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", "/usr/lib/x86_64-linux-gnu/libutil.so.1", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/changelog.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ] }, { "ID": "libc6-dev@2.41-12", "Name": "libc6-dev", "Identifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "Version": "2.41", "Release": "12", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "DependsOn": [ "libc-dev-bin@2.41-12", "libc6@2.41-12", "libcrypt-dev@1:4.4.38-1", "linux-libc-dev@6.12.48-1", "rpcsvc-proto@1.4.3-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/include/aio.h", "/usr/include/aliases.h", "/usr/include/alloca.h", "/usr/include/ar.h", "/usr/include/argp.h", "/usr/include/argz.h", "/usr/include/arpa/ftp.h", "/usr/include/arpa/inet.h", "/usr/include/arpa/nameser.h", "/usr/include/arpa/nameser_compat.h", "/usr/include/arpa/telnet.h", "/usr/include/arpa/tftp.h", "/usr/include/assert.h", "/usr/include/byteswap.h", "/usr/include/complex.h", "/usr/include/cpio.h", "/usr/include/ctype.h", "/usr/include/dirent.h", "/usr/include/dlfcn.h", "/usr/include/elf.h", "/usr/include/endian.h", "/usr/include/envz.h", "/usr/include/err.h", "/usr/include/errno.h", "/usr/include/error.h", "/usr/include/execinfo.h", "/usr/include/fcntl.h", "/usr/include/features-time64.h", "/usr/include/features.h", "/usr/include/fenv.h", "/usr/include/finclude/x86_64-linux-gnu/math-vector-fortran.h", "/usr/include/fmtmsg.h", "/usr/include/fnmatch.h", "/usr/include/fstab.h", "/usr/include/fts.h", "/usr/include/ftw.h", "/usr/include/gconv.h", "/usr/include/getopt.h", "/usr/include/glob.h", "/usr/include/gnu-versions.h", "/usr/include/grp.h", "/usr/include/gshadow.h", "/usr/include/iconv.h", "/usr/include/ifaddrs.h", "/usr/include/inttypes.h", "/usr/include/langinfo.h", "/usr/include/lastlog.h", "/usr/include/libgen.h", "/usr/include/libintl.h", "/usr/include/limits.h", "/usr/include/link.h", "/usr/include/locale.h", "/usr/include/malloc.h", "/usr/include/math.h", "/usr/include/mcheck.h", "/usr/include/memory.h", "/usr/include/mntent.h", "/usr/include/monetary.h", "/usr/include/mqueue.h", "/usr/include/net/ethernet.h", "/usr/include/net/if.h", "/usr/include/net/if_arp.h", "/usr/include/net/if_packet.h", "/usr/include/net/if_ppp.h", "/usr/include/net/if_shaper.h", "/usr/include/net/if_slip.h", "/usr/include/net/ppp-comp.h", "/usr/include/net/ppp_defs.h", "/usr/include/net/route.h", "/usr/include/netash/ash.h", "/usr/include/netatalk/at.h", "/usr/include/netax25/ax25.h", "/usr/include/netdb.h", "/usr/include/neteconet/ec.h", "/usr/include/netinet/ether.h", "/usr/include/netinet/icmp6.h", "/usr/include/netinet/if_ether.h", "/usr/include/netinet/if_fddi.h", "/usr/include/netinet/if_tr.h", "/usr/include/netinet/igmp.h", "/usr/include/netinet/in.h", "/usr/include/netinet/in_systm.h", "/usr/include/netinet/ip.h", "/usr/include/netinet/ip6.h", "/usr/include/netinet/ip_icmp.h", "/usr/include/netinet/tcp.h", "/usr/include/netinet/udp.h", "/usr/include/netipx/ipx.h", "/usr/include/netiucv/iucv.h", "/usr/include/netpacket/packet.h", "/usr/include/netrom/netrom.h", "/usr/include/netrose/rose.h", "/usr/include/nfs/nfs.h", "/usr/include/nl_types.h", "/usr/include/nss.h", "/usr/include/obstack.h", "/usr/include/paths.h", "/usr/include/poll.h", "/usr/include/printf.h", "/usr/include/proc_service.h", "/usr/include/protocols/routed.h", "/usr/include/protocols/rwhod.h", "/usr/include/protocols/talkd.h", "/usr/include/protocols/timed.h", "/usr/include/pthread.h", "/usr/include/pty.h", "/usr/include/pwd.h", "/usr/include/re_comp.h", "/usr/include/regex.h", "/usr/include/regexp.h", "/usr/include/resolv.h", "/usr/include/rpc/netdb.h", "/usr/include/sched.h", "/usr/include/scsi/scsi.h", "/usr/include/scsi/scsi_ioctl.h", "/usr/include/scsi/sg.h", "/usr/include/search.h", "/usr/include/semaphore.h", "/usr/include/setjmp.h", "/usr/include/sgtty.h", "/usr/include/shadow.h", "/usr/include/signal.h", "/usr/include/spawn.h", "/usr/include/stab.h", "/usr/include/stdbit.h", "/usr/include/stdc-predef.h", "/usr/include/stdint.h", "/usr/include/stdio.h", "/usr/include/stdio_ext.h", "/usr/include/stdlib.h", "/usr/include/string.h", "/usr/include/strings.h", "/usr/include/syscall.h", "/usr/include/sysexits.h", "/usr/include/syslog.h", "/usr/include/tar.h", "/usr/include/termio.h", "/usr/include/termios.h", "/usr/include/tgmath.h", "/usr/include/thread_db.h", "/usr/include/threads.h", "/usr/include/time.h", "/usr/include/ttyent.h", "/usr/include/uchar.h", "/usr/include/ucontext.h", "/usr/include/ulimit.h", "/usr/include/unistd.h", "/usr/include/utime.h", "/usr/include/utmp.h", "/usr/include/utmpx.h", "/usr/include/values.h", "/usr/include/wait.h", "/usr/include/wchar.h", "/usr/include/wctype.h", "/usr/include/wordexp.h", "/usr/include/x86_64-linux-gnu/a.out.h", "/usr/include/x86_64-linux-gnu/bits/a.out.h", "/usr/include/x86_64-linux-gnu/bits/argp-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/atomic_wide_counter.h", "/usr/include/x86_64-linux-gnu/bits/byteswap.h", "/usr/include/x86_64-linux-gnu/bits/cmathcalls.h", "/usr/include/x86_64-linux-gnu/bits/confname.h", "/usr/include/x86_64-linux-gnu/bits/cpu-set.h", "/usr/include/x86_64-linux-gnu/bits/dirent.h", "/usr/include/x86_64-linux-gnu/bits/dirent_ext.h", "/usr/include/x86_64-linux-gnu/bits/dl_find_object.h", "/usr/include/x86_64-linux-gnu/bits/dlfcn.h", "/usr/include/x86_64-linux-gnu/bits/elfclass.h", "/usr/include/x86_64-linux-gnu/bits/endian.h", "/usr/include/x86_64-linux-gnu/bits/endianness.h", "/usr/include/x86_64-linux-gnu/bits/environments.h", "/usr/include/x86_64-linux-gnu/bits/epoll.h", "/usr/include/x86_64-linux-gnu/bits/err-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/errno.h", "/usr/include/x86_64-linux-gnu/bits/error-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/error.h", "/usr/include/x86_64-linux-gnu/bits/eventfd.h", "/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h", "/usr/include/x86_64-linux-gnu/bits/fcntl.h", "/usr/include/x86_64-linux-gnu/bits/fcntl2.h", "/usr/include/x86_64-linux-gnu/bits/fenv.h", "/usr/include/x86_64-linux-gnu/bits/floatn-common.h", "/usr/include/x86_64-linux-gnu/bits/floatn.h", "/usr/include/x86_64-linux-gnu/bits/flt-eval-method.h", "/usr/include/x86_64-linux-gnu/bits/fp-fast.h", "/usr/include/x86_64-linux-gnu/bits/fp-logb.h", "/usr/include/x86_64-linux-gnu/bits/getopt_core.h", "/usr/include/x86_64-linux-gnu/bits/getopt_ext.h", "/usr/include/x86_64-linux-gnu/bits/getopt_posix.h", "/usr/include/x86_64-linux-gnu/bits/hwcap.h", "/usr/include/x86_64-linux-gnu/bits/in.h", "/usr/include/x86_64-linux-gnu/bits/indirect-return.h", "/usr/include/x86_64-linux-gnu/bits/initspin.h", "/usr/include/x86_64-linux-gnu/bits/inotify.h", "/usr/include/x86_64-linux-gnu/bits/ioctl-types.h", "/usr/include/x86_64-linux-gnu/bits/ioctls.h", "/usr/include/x86_64-linux-gnu/bits/ipc-perm.h", "/usr/include/x86_64-linux-gnu/bits/ipc.h", "/usr/include/x86_64-linux-gnu/bits/ipctypes.h", "/usr/include/x86_64-linux-gnu/bits/iscanonical.h", "/usr/include/x86_64-linux-gnu/bits/libc-header-start.h", "/usr/include/x86_64-linux-gnu/bits/libm-simd-decl-stubs.h", "/usr/include/x86_64-linux-gnu/bits/link.h", "/usr/include/x86_64-linux-gnu/bits/link_lavcurrent.h", "/usr/include/x86_64-linux-gnu/bits/local_lim.h", "/usr/include/x86_64-linux-gnu/bits/locale.h", "/usr/include/x86_64-linux-gnu/bits/long-double.h", "/usr/include/x86_64-linux-gnu/bits/math-vector.h", "/usr/include/x86_64-linux-gnu/bits/mathcalls-helper-functions.h", "/usr/include/x86_64-linux-gnu/bits/mathcalls-macros.h", "/usr/include/x86_64-linux-gnu/bits/mathcalls-narrow.h", "/usr/include/x86_64-linux-gnu/bits/mathcalls.h", "/usr/include/x86_64-linux-gnu/bits/mathdef.h", "/usr/include/x86_64-linux-gnu/bits/mman-linux.h", "/usr/include/x86_64-linux-gnu/bits/mman-map-flags-generic.h", "/usr/include/x86_64-linux-gnu/bits/mman-shared.h", "/usr/include/x86_64-linux-gnu/bits/mman.h", "/usr/include/x86_64-linux-gnu/bits/mman_ext.h", "/usr/include/x86_64-linux-gnu/bits/monetary-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/mqueue.h", "/usr/include/x86_64-linux-gnu/bits/mqueue2.h", "/usr/include/x86_64-linux-gnu/bits/msq.h", "/usr/include/x86_64-linux-gnu/bits/netdb.h", "/usr/include/x86_64-linux-gnu/bits/param.h", "/usr/include/x86_64-linux-gnu/bits/platform/features.h", "/usr/include/x86_64-linux-gnu/bits/platform/x86.h", "/usr/include/x86_64-linux-gnu/bits/poll.h", "/usr/include/x86_64-linux-gnu/bits/poll2.h", "/usr/include/x86_64-linux-gnu/bits/posix1_lim.h", "/usr/include/x86_64-linux-gnu/bits/posix2_lim.h", "/usr/include/x86_64-linux-gnu/bits/posix_opt.h", "/usr/include/x86_64-linux-gnu/bits/printf-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/procfs-extra.h", "/usr/include/x86_64-linux-gnu/bits/procfs-id.h", "/usr/include/x86_64-linux-gnu/bits/procfs-prregset.h", "/usr/include/x86_64-linux-gnu/bits/procfs.h", "/usr/include/x86_64-linux-gnu/bits/pthread_stack_min-dynamic.h", "/usr/include/x86_64-linux-gnu/bits/pthread_stack_min.h", "/usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h", "/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h", "/usr/include/x86_64-linux-gnu/bits/ptrace-shared.h", "/usr/include/x86_64-linux-gnu/bits/resource.h", "/usr/include/x86_64-linux-gnu/bits/rseq.h", "/usr/include/x86_64-linux-gnu/bits/sched.h", "/usr/include/x86_64-linux-gnu/bits/select-decl.h", "/usr/include/x86_64-linux-gnu/bits/select.h", "/usr/include/x86_64-linux-gnu/bits/select2.h", "/usr/include/x86_64-linux-gnu/bits/sem.h", "/usr/include/x86_64-linux-gnu/bits/semaphore.h", "/usr/include/x86_64-linux-gnu/bits/setjmp.h", "/usr/include/x86_64-linux-gnu/bits/setjmp2.h", "/usr/include/x86_64-linux-gnu/bits/shm.h", "/usr/include/x86_64-linux-gnu/bits/shmlba.h", "/usr/include/x86_64-linux-gnu/bits/sigaction.h", "/usr/include/x86_64-linux-gnu/bits/sigcontext.h", "/usr/include/x86_64-linux-gnu/bits/sigevent-consts.h", "/usr/include/x86_64-linux-gnu/bits/siginfo-arch.h", "/usr/include/x86_64-linux-gnu/bits/siginfo-consts-arch.h", "/usr/include/x86_64-linux-gnu/bits/siginfo-consts.h", "/usr/include/x86_64-linux-gnu/bits/signal_ext.h", "/usr/include/x86_64-linux-gnu/bits/signalfd.h", "/usr/include/x86_64-linux-gnu/bits/signum-arch.h", "/usr/include/x86_64-linux-gnu/bits/signum-generic.h", "/usr/include/x86_64-linux-gnu/bits/sigstack.h", "/usr/include/x86_64-linux-gnu/bits/sigstksz.h", "/usr/include/x86_64-linux-gnu/bits/sigthread.h", "/usr/include/x86_64-linux-gnu/bits/sockaddr.h", "/usr/include/x86_64-linux-gnu/bits/socket-constants.h", "/usr/include/x86_64-linux-gnu/bits/socket.h", "/usr/include/x86_64-linux-gnu/bits/socket2.h", "/usr/include/x86_64-linux-gnu/bits/socket_type.h", "/usr/include/x86_64-linux-gnu/bits/spawn_ext.h", "/usr/include/x86_64-linux-gnu/bits/ss_flags.h", "/usr/include/x86_64-linux-gnu/bits/stab.def", "/usr/include/x86_64-linux-gnu/bits/stat.h", "/usr/include/x86_64-linux-gnu/bits/statfs.h", "/usr/include/x86_64-linux-gnu/bits/statvfs.h", "/usr/include/x86_64-linux-gnu/bits/statx-generic.h", "/usr/include/x86_64-linux-gnu/bits/statx.h", "/usr/include/x86_64-linux-gnu/bits/stdint-intn.h", "/usr/include/x86_64-linux-gnu/bits/stdint-least.h", "/usr/include/x86_64-linux-gnu/bits/stdint-uintn.h", "/usr/include/x86_64-linux-gnu/bits/stdio-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/stdio.h", "/usr/include/x86_64-linux-gnu/bits/stdio2-decl.h", "/usr/include/x86_64-linux-gnu/bits/stdio2.h", "/usr/include/x86_64-linux-gnu/bits/stdio_lim.h", "/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h", "/usr/include/x86_64-linux-gnu/bits/stdlib-float.h", "/usr/include/x86_64-linux-gnu/bits/stdlib-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/stdlib.h", "/usr/include/x86_64-linux-gnu/bits/string_fortified.h", "/usr/include/x86_64-linux-gnu/bits/strings_fortified.h", "/usr/include/x86_64-linux-gnu/bits/struct_mutex.h", "/usr/include/x86_64-linux-gnu/bits/struct_rwlock.h", "/usr/include/x86_64-linux-gnu/bits/struct_stat.h", "/usr/include/x86_64-linux-gnu/bits/struct_stat_time64_helper.h", "/usr/include/x86_64-linux-gnu/bits/syscall.h", "/usr/include/x86_64-linux-gnu/bits/syslog-decl.h", "/usr/include/x86_64-linux-gnu/bits/syslog-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/syslog-path.h", "/usr/include/x86_64-linux-gnu/bits/syslog.h", "/usr/include/x86_64-linux-gnu/bits/sysmacros.h", "/usr/include/x86_64-linux-gnu/bits/termios-baud.h", "/usr/include/x86_64-linux-gnu/bits/termios-c_cc.h", "/usr/include/x86_64-linux-gnu/bits/termios-c_cflag.h", "/usr/include/x86_64-linux-gnu/bits/termios-c_iflag.h", "/usr/include/x86_64-linux-gnu/bits/termios-c_lflag.h", "/usr/include/x86_64-linux-gnu/bits/termios-c_oflag.h", "/usr/include/x86_64-linux-gnu/bits/termios-misc.h", "/usr/include/x86_64-linux-gnu/bits/termios-struct.h", "/usr/include/x86_64-linux-gnu/bits/termios-tcflow.h", "/usr/include/x86_64-linux-gnu/bits/termios.h", "/usr/include/x86_64-linux-gnu/bits/thread-shared-types.h", "/usr/include/x86_64-linux-gnu/bits/time.h", "/usr/include/x86_64-linux-gnu/bits/time64.h", "/usr/include/x86_64-linux-gnu/bits/timerfd.h", "/usr/include/x86_64-linux-gnu/bits/timesize.h", "/usr/include/x86_64-linux-gnu/bits/timex.h", "/usr/include/x86_64-linux-gnu/bits/types.h", "/usr/include/x86_64-linux-gnu/bits/types/FILE.h", "/usr/include/x86_64-linux-gnu/bits/types/__FILE.h", "/usr/include/x86_64-linux-gnu/bits/types/__fpos64_t.h", "/usr/include/x86_64-linux-gnu/bits/types/__fpos_t.h", "/usr/include/x86_64-linux-gnu/bits/types/__locale_t.h", "/usr/include/x86_64-linux-gnu/bits/types/__mbstate_t.h", "/usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h", "/usr/include/x86_64-linux-gnu/bits/types/__sigval_t.h", "/usr/include/x86_64-linux-gnu/bits/types/clock_t.h", "/usr/include/x86_64-linux-gnu/bits/types/clockid_t.h", "/usr/include/x86_64-linux-gnu/bits/types/cookie_io_functions_t.h", "/usr/include/x86_64-linux-gnu/bits/types/error_t.h", "/usr/include/x86_64-linux-gnu/bits/types/idtype_t.h", "/usr/include/x86_64-linux-gnu/bits/types/locale_t.h", "/usr/include/x86_64-linux-gnu/bits/types/mbstate_t.h", "/usr/include/x86_64-linux-gnu/bits/types/res_state.h", "/usr/include/x86_64-linux-gnu/bits/types/sig_atomic_t.h", "/usr/include/x86_64-linux-gnu/bits/types/sigevent_t.h", "/usr/include/x86_64-linux-gnu/bits/types/siginfo_t.h", "/usr/include/x86_64-linux-gnu/bits/types/sigset_t.h", "/usr/include/x86_64-linux-gnu/bits/types/sigval_t.h", "/usr/include/x86_64-linux-gnu/bits/types/stack_t.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_FILE.h", "/usr/include/x86_64-linux-gnu/bits/types/struct___jmp_buf_tag.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_iovec.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_itimerspec.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_msqid64_ds.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_msqid64_ds_helper.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_msqid_ds.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_osockaddr.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_rusage.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_sched_param.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_semid64_ds.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_semid64_ds_helper.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_semid_ds.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_shmid64_ds.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_shmid64_ds_helper.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_shmid_ds.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_sigstack.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_statx.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_statx_timestamp.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_timeb.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h", "/usr/include/x86_64-linux-gnu/bits/types/struct_tm.h", "/usr/include/x86_64-linux-gnu/bits/types/time_t.h", "/usr/include/x86_64-linux-gnu/bits/types/timer_t.h", "/usr/include/x86_64-linux-gnu/bits/types/wint_t.h", "/usr/include/x86_64-linux-gnu/bits/typesizes.h", "/usr/include/x86_64-linux-gnu/bits/uintn-identity.h", "/usr/include/x86_64-linux-gnu/bits/uio-ext.h", "/usr/include/x86_64-linux-gnu/bits/uio_lim.h", "/usr/include/x86_64-linux-gnu/bits/unistd-decl.h", "/usr/include/x86_64-linux-gnu/bits/unistd.h", "/usr/include/x86_64-linux-gnu/bits/unistd_ext.h", "/usr/include/x86_64-linux-gnu/bits/utmp.h", "/usr/include/x86_64-linux-gnu/bits/utmpx.h", "/usr/include/x86_64-linux-gnu/bits/utsname.h", "/usr/include/x86_64-linux-gnu/bits/waitflags.h", "/usr/include/x86_64-linux-gnu/bits/waitstatus.h", "/usr/include/x86_64-linux-gnu/bits/wchar-ldbl.h", "/usr/include/x86_64-linux-gnu/bits/wchar.h", "/usr/include/x86_64-linux-gnu/bits/wchar2-decl.h", "/usr/include/x86_64-linux-gnu/bits/wchar2.h", "/usr/include/x86_64-linux-gnu/bits/wctype-wchar.h", "/usr/include/x86_64-linux-gnu/bits/wordsize.h", "/usr/include/x86_64-linux-gnu/bits/xopen_lim.h", "/usr/include/x86_64-linux-gnu/fpu_control.h", "/usr/include/x86_64-linux-gnu/gnu/lib-names-64.h", "/usr/include/x86_64-linux-gnu/gnu/lib-names.h", "/usr/include/x86_64-linux-gnu/gnu/libc-version.h", "/usr/include/x86_64-linux-gnu/gnu/stubs-64.h", "/usr/include/x86_64-linux-gnu/gnu/stubs.h", "/usr/include/x86_64-linux-gnu/ieee754.h", "/usr/include/x86_64-linux-gnu/sys/acct.h", "/usr/include/x86_64-linux-gnu/sys/auxv.h", "/usr/include/x86_64-linux-gnu/sys/bitypes.h", "/usr/include/x86_64-linux-gnu/sys/cdefs.h", "/usr/include/x86_64-linux-gnu/sys/debugreg.h", "/usr/include/x86_64-linux-gnu/sys/dir.h", "/usr/include/x86_64-linux-gnu/sys/elf.h", "/usr/include/x86_64-linux-gnu/sys/epoll.h", "/usr/include/x86_64-linux-gnu/sys/errno.h", "/usr/include/x86_64-linux-gnu/sys/eventfd.h", "/usr/include/x86_64-linux-gnu/sys/fanotify.h", "/usr/include/x86_64-linux-gnu/sys/fcntl.h", "/usr/include/x86_64-linux-gnu/sys/file.h", "/usr/include/x86_64-linux-gnu/sys/fsuid.h", "/usr/include/x86_64-linux-gnu/sys/gmon.h", "/usr/include/x86_64-linux-gnu/sys/gmon_out.h", "/usr/include/x86_64-linux-gnu/sys/inotify.h", "/usr/include/x86_64-linux-gnu/sys/io.h", "/usr/include/x86_64-linux-gnu/sys/ioctl.h", "/usr/include/x86_64-linux-gnu/sys/ipc.h", "/usr/include/x86_64-linux-gnu/sys/kd.h", "/usr/include/x86_64-linux-gnu/sys/klog.h", "/usr/include/x86_64-linux-gnu/sys/mman.h", "/usr/include/x86_64-linux-gnu/sys/mount.h", "/usr/include/x86_64-linux-gnu/sys/msg.h", "/usr/include/x86_64-linux-gnu/sys/mtio.h", "/usr/include/x86_64-linux-gnu/sys/param.h", "/usr/include/x86_64-linux-gnu/sys/pci.h", "/usr/include/x86_64-linux-gnu/sys/perm.h", "/usr/include/x86_64-linux-gnu/sys/personality.h", "/usr/include/x86_64-linux-gnu/sys/pidfd.h", "/usr/include/x86_64-linux-gnu/sys/platform/x86.h", "/usr/include/x86_64-linux-gnu/sys/poll.h", "/usr/include/x86_64-linux-gnu/sys/prctl.h", "/usr/include/x86_64-linux-gnu/sys/procfs.h", "/usr/include/x86_64-linux-gnu/sys/profil.h", "/usr/include/x86_64-linux-gnu/sys/ptrace.h", "/usr/include/x86_64-linux-gnu/sys/queue.h", "/usr/include/x86_64-linux-gnu/sys/quota.h", "/usr/include/x86_64-linux-gnu/sys/random.h", "/usr/include/x86_64-linux-gnu/sys/raw.h", "/usr/include/x86_64-linux-gnu/sys/reboot.h", "/usr/include/x86_64-linux-gnu/sys/reg.h", "/usr/include/x86_64-linux-gnu/sys/resource.h", "/usr/include/x86_64-linux-gnu/sys/rseq.h", "/usr/include/x86_64-linux-gnu/sys/select.h", "/usr/include/x86_64-linux-gnu/sys/sem.h", "/usr/include/x86_64-linux-gnu/sys/sendfile.h", "/usr/include/x86_64-linux-gnu/sys/shm.h", "/usr/include/x86_64-linux-gnu/sys/signal.h", "/usr/include/x86_64-linux-gnu/sys/signalfd.h", "/usr/include/x86_64-linux-gnu/sys/single_threaded.h", "/usr/include/x86_64-linux-gnu/sys/socket.h", "/usr/include/x86_64-linux-gnu/sys/socketvar.h", "/usr/include/x86_64-linux-gnu/sys/soundcard.h", "/usr/include/x86_64-linux-gnu/sys/stat.h", "/usr/include/x86_64-linux-gnu/sys/statfs.h", "/usr/include/x86_64-linux-gnu/sys/statvfs.h", "/usr/include/x86_64-linux-gnu/sys/swap.h", "/usr/include/x86_64-linux-gnu/sys/syscall.h", "/usr/include/x86_64-linux-gnu/sys/sysinfo.h", "/usr/include/x86_64-linux-gnu/sys/syslog.h", "/usr/include/x86_64-linux-gnu/sys/sysmacros.h", "/usr/include/x86_64-linux-gnu/sys/termios.h", "/usr/include/x86_64-linux-gnu/sys/time.h", "/usr/include/x86_64-linux-gnu/sys/timeb.h", "/usr/include/x86_64-linux-gnu/sys/timerfd.h", "/usr/include/x86_64-linux-gnu/sys/times.h", "/usr/include/x86_64-linux-gnu/sys/timex.h", "/usr/include/x86_64-linux-gnu/sys/ttychars.h", "/usr/include/x86_64-linux-gnu/sys/ttydefaults.h", "/usr/include/x86_64-linux-gnu/sys/types.h", "/usr/include/x86_64-linux-gnu/sys/ucontext.h", "/usr/include/x86_64-linux-gnu/sys/uio.h", "/usr/include/x86_64-linux-gnu/sys/un.h", "/usr/include/x86_64-linux-gnu/sys/unistd.h", "/usr/include/x86_64-linux-gnu/sys/user.h", "/usr/include/x86_64-linux-gnu/sys/utsname.h", "/usr/include/x86_64-linux-gnu/sys/vfs.h", "/usr/include/x86_64-linux-gnu/sys/vlimit.h", "/usr/include/x86_64-linux-gnu/sys/vm86.h", "/usr/include/x86_64-linux-gnu/sys/vt.h", "/usr/include/x86_64-linux-gnu/sys/wait.h", "/usr/include/x86_64-linux-gnu/sys/xattr.h", "/usr/lib/x86_64-linux-gnu/Mcrt1.o", "/usr/lib/x86_64-linux-gnu/Scrt1.o", "/usr/lib/x86_64-linux-gnu/audit/sotruss-lib.so", "/usr/lib/x86_64-linux-gnu/crt1.o", "/usr/lib/x86_64-linux-gnu/crti.o", "/usr/lib/x86_64-linux-gnu/crtn.o", "/usr/lib/x86_64-linux-gnu/gcrt1.o", "/usr/lib/x86_64-linux-gnu/grcrt1.o", "/usr/lib/x86_64-linux-gnu/libBrokenLocale.a", "/usr/lib/x86_64-linux-gnu/libanl.a", "/usr/lib/x86_64-linux-gnu/libc.a", "/usr/lib/x86_64-linux-gnu/libc.so", "/usr/lib/x86_64-linux-gnu/libc_nonshared.a", "/usr/lib/x86_64-linux-gnu/libdl.a", "/usr/lib/x86_64-linux-gnu/libg.a", "/usr/lib/x86_64-linux-gnu/libm-2.41.a", "/usr/lib/x86_64-linux-gnu/libm.a", "/usr/lib/x86_64-linux-gnu/libm.so", "/usr/lib/x86_64-linux-gnu/libmcheck.a", "/usr/lib/x86_64-linux-gnu/libmvec.a", "/usr/lib/x86_64-linux-gnu/libpthread.a", "/usr/lib/x86_64-linux-gnu/libpthread_nonshared.a", "/usr/lib/x86_64-linux-gnu/libresolv.a", "/usr/lib/x86_64-linux-gnu/librt.a", "/usr/lib/x86_64-linux-gnu/libutil.a", "/usr/lib/x86_64-linux-gnu/rcrt1.o", "/usr/share/doc/libc6-dev/NEWS.Debian.gz", "/usr/share/doc/libc6-dev/changelog.Debian.gz", "/usr/share/doc/libc6-dev/changelog.gz", "/usr/share/doc/libc6-dev/copyright", "/usr/share/gdb/auto-load/lib/x86_64-linux-gnu/libc.so.6-gdb.py", "/usr/share/lintian/overrides/libc6-dev" ] }, { "ID": "libcap-ng0@0.8.5-4+b1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.1", "UID": "ca9cbd06f9ca5e4" }, "Version": "0.8.5", "Release": "4+b1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.8.5", "SrcRelease": "4", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later", "GPL-3.0-only", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/changelog.gz", "/usr/share/doc/libcap-ng0/copyright" ] }, { "ID": "libcap2@1:2.75-10+b1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bb1?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "53ebb813a3a7b3ac" }, "Version": "2.75", "Release": "10+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.75", "SrcRelease": "10", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/changelog.gz", "/usr/share/doc/libcap2/copyright" ] }, { "ID": "libcc1-0@14.2.0-19", "Name": "libcc1-0", "Identifier": { "PURL": "pkg:deb/debian/libcc1-0@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "e1875955336cfa2f" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgcc-s1@14.2.0-19", "libstdc++6@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcc1.so.0.0.0" ] }, { "ID": "libcom-err2@1.47.2-3+b3", "Name": "libcom-err2", "Identifier": { "PURL": "pkg:deb/debian/libcom-err2@1.47.2-3%2Bb3?arch=amd64\u0026distro=debian-13.1", "UID": "7170974bb2239ef5" }, "Version": "1.47.2", "Release": "3+b3", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.2", "SrcRelease": "3", "Licenses": [ "GPL-2.0-only", "GPL-2.0-or-later", "0BSD", "MIT", "BSD-3-Clause-Variant", "BSD-3-Clause", "BSD-4-Clause-CMU", "LGPL-2.0-only", "Apache-2.0", "ISC", "MIT-US-export", "Kazlib", "Latex2e", "GPL-2+ with Texinfo exception" ], "Maintainer": "Theodore Y. Ts'o \u003ctytso@mit.edu\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcom_err.so.2.1", "/usr/share/doc/libcom-err2/changelog.Debian.amd64.gz", "/usr/share/doc/libcom-err2/changelog.Debian.gz", "/usr/share/doc/libcom-err2/copyright" ] }, { "ID": "libcrypt-dev@1:4.4.38-1", "Name": "libcrypt-dev", "Identifier": { "PURL": "pkg:deb/debian/libcrypt-dev@4.4.38-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "57242836ffd5d810" }, "Version": "4.4.38", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.38", "SrcRelease": "1", "SrcEpoch": 1, "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "DependsOn": [ "libcrypt1@1:4.4.38-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/include/crypt.h", "/usr/lib/x86_64-linux-gnu/libcrypt.a", "/usr/lib/x86_64-linux-gnu/pkgconfig/libxcrypt.pc", "/usr/share/doc/libcrypt-dev/README.md.gz", "/usr/share/doc/libcrypt-dev/TODO.md.gz", "/usr/share/doc/libcrypt-dev/changelog.Debian.gz", "/usr/share/doc/libcrypt-dev/changelog.gz", "/usr/share/doc/libcrypt-dev/copyright", "/usr/share/man/man3/crypt.3.gz", "/usr/share/man/man3/crypt_checksalt.3.gz", "/usr/share/man/man3/crypt_gensalt.3.gz", "/usr/share/man/man3/crypt_preferred_method.3.gz", "/usr/share/man/man5/crypt.5.gz" ] }, { "ID": "libcrypt1@1:4.4.38-1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "fca8f76663a33f72" }, "Version": "4.4.38", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.38", "SrcRelease": "1", "SrcEpoch": 1, "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/changelog.gz", "/usr/share/doc/libcrypt1/copyright" ] }, { "ID": "libctf-nobfd0@2.44-3", "Name": "libctf-nobfd0", "Identifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GFDL-1.3-or-later" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libctf-nobfd.so.0.0.0", "/usr/share/doc/libctf-nobfd0/changelog.Debian.gz", "/usr/share/doc/libctf-nobfd0/copyright" ] }, { "ID": "libctf0@2.44-3", "Name": "libctf0", "Identifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "libbinutils@2.44-3", "libc6@2.41-12", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libctf.so.0.0.0" ] }, { "ID": "libdb5.3t64@5.3.28+dfsg2-9", "Name": "libdb5.3t64", "Identifier": { "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.1", "UID": "53e4de325e6240d4" }, "Version": "5.3.28+dfsg2", "Release": "9", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg2", "SrcRelease": "9", "Licenses": [ "Sleepycat", "BSD-3-Clause", "MS-PL", "GPL-2.0-or-later", "Artistic-2.0", "X11", "MIT-old", "TCL-like", "BSD-3-clause-fjord", "GPL-3.0-only", "Zlib" ], "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", "/usr/share/doc/libdb5.3t64/copyright", "/usr/share/lintian/overrides/libdb5.3t64" ] }, { "ID": "libdebconfclient0@0.280", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.1", "UID": "8723053ef24d112e" }, "Version": "0.280", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.280", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ] }, { "ID": "libffi8@3.4.8-2", "Name": "libffi8", "Identifier": { "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.1", "UID": "f82eb0285aa276ae" }, "Version": "3.4.8", "Release": "2", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.4.8", "SrcRelease": "2", "Licenses": [ "MIT", "X11", "GPL-2.0-or-later", "GPL-3.0-or-later", "MPL-1.1", "LGPL-2.1-or-later", "public-domain" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", "/usr/share/doc/libffi8/changelog.Debian.gz", "/usr/share/doc/libffi8/copyright" ] }, { "ID": "libgcc-14-dev@14.2.0-19", "Name": "libgcc-14-dev", "Identifier": { "PURL": "pkg:deb/debian/libgcc-14-dev@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "43a36a6c97bc850" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libasan8@14.2.0-19", "libatomic1@14.2.0-19", "libgcc-s1@14.2.0-19", "libgomp1@14.2.0-19", "libhwasan0@14.2.0-19", "libitm1@14.2.0-19", "liblsan0@14.2.0-19", "libquadmath0@14.2.0-19", "libtsan2@14.2.0-19", "libubsan1@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/gcc/x86_64-linux-gnu/14/crtbegin.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtbeginS.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtbeginT.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtend.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtendS.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtfastmath.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtoffloadbegin.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtoffloadend.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtoffloadtable.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtoffloadtableS.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtprec32.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtprec64.o", "/usr/lib/gcc/x86_64-linux-gnu/14/crtprec80.o", "/usr/lib/gcc/x86_64-linux-gnu/14/include/acc_prof.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/adxintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/ammintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/amxbf16intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/amxcomplexintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/amxfp16intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/amxint8intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/amxtileintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx2intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx5124fmapsintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx5124vnniwintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512bf16intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512bf16vlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512bitalgintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512bitalgvlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512bwintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512cdintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512dqintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512erintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512fintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512fp16intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512fp16vlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512ifmaintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512ifmavlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512pfintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vbmi2intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vbmi2vlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vbmiintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vbmivlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vlbwintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vldqintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vnniintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vnnivlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vp2intersectintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vp2intersectvlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vpopcntdqintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avx512vpopcntdqvlintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avxifmaintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avxintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avxneconvertintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avxvnniint16intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avxvnniint8intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/avxvnniintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/backtrace-supported.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/backtrace.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/bmi2intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/bmiintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/bmmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/cet.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/cetintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/cldemoteintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/clflushoptintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/clwbintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/clzerointrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/cmpccxaddintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/cpuid.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/cross-stdarg.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/emmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/enqcmdintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/f16cintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/float.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/fma4intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/fmaintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/fxsrintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/gcov.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/gfniintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/hresetintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/ia32intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/immintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/iso646.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/keylockerintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/limits.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/lwpintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/lzcntintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/mm3dnow.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/mm_malloc.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/mmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/movdirintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/mwaitintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/mwaitxintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/nmmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/omp.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/openacc.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/pconfigintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/pkuintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/pmmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/popcntintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/prfchiintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/prfchwintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/quadmath.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/quadmath_weak.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/raointintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/rdseedintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/rtmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sanitizer/asan_interface.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sanitizer/common_interface_defs.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sanitizer/hwasan_interface.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sanitizer/lsan_interface.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sanitizer/tsan_interface.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/serializeintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sgxintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sha512intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/shaintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sm3intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/sm4intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/smmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdalign.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdarg.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdatomic.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdbool.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdckdint.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stddef.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdfix.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdint-gcc.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdint.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/stdnoreturn.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/syslimits.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/tbmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/tmmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/tsxldtrkintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/uintrintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/unwind.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/usermsrintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/vaesintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/varargs.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/vpclmulqdqintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/waitpkgintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/wbnoinvdintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/wmmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/x86gprintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/x86intrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/xmmintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/xopintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/xsavecintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/xsaveintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/xsaveoptintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/xsavesintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/include/xtestintrin.h", "/usr/lib/gcc/x86_64-linux-gnu/14/libasan.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libasan_preinit.o", "/usr/lib/gcc/x86_64-linux-gnu/14/libatomic.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libbacktrace.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libgcc.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libgcc_eh.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libgcc_s.so", "/usr/lib/gcc/x86_64-linux-gnu/14/libgcov.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libgomp.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libhwasan.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libitm.a", "/usr/lib/gcc/x86_64-linux-gnu/14/liblsan.a", "/usr/lib/gcc/x86_64-linux-gnu/14/liblsan_preinit.o", "/usr/lib/gcc/x86_64-linux-gnu/14/libquadmath.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libssp_nonshared.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libtsan.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libtsan_preinit.o", "/usr/lib/gcc/x86_64-linux-gnu/14/libubsan.a" ] }, { "ID": "libgcc-s1@14.2.0-19", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "813860d4d33b76b5" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ] }, { "ID": "libgdbm6t64@1.24-2", "Name": "libgdbm6t64", "Identifier": { "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.1", "UID": "b99a39628feda90" }, "Version": "1.24", "Release": "2", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.24", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", "/usr/share/doc/libgdbm6t64/changelog.gz", "/usr/share/doc/libgdbm6t64/copyright", "/usr/share/lintian/overrides/libgdbm6t64" ] }, { "ID": "libgmp10@2:6.3.0+dfsg-3", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.1\u0026epoch=2", "UID": "8f6394e4bf34bc90" }, "Version": "6.3.0+dfsg", "Release": "3", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.3.0+dfsg", "SrcRelease": "3", "SrcEpoch": 2, "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-or-later", "GPL-3+ with Bison exception", "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/changelog.gz", "/usr/share/doc/libgmp10/copyright" ] }, { "ID": "libgomp1@14.2.0-19", "Name": "libgomp1", "Identifier": { "PURL": "pkg:deb/debian/libgomp1@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "89c91fe6cfb417e6" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0" ] }, { "ID": "libgprofng0@2.44-3", "Name": "libgprofng0", "Identifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "libbinutils@2.44-3", "libc6@2.41-12", "libgcc-s1@14.2.0-19", "libstdc++6@14.2.0-19", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/gprofng/libgp-collector.so", "/usr/lib/x86_64-linux-gnu/gprofng/libgp-collectorAPI.so", "/usr/lib/x86_64-linux-gnu/gprofng/libgp-heap.so", "/usr/lib/x86_64-linux-gnu/gprofng/libgp-iotrace.so", "/usr/lib/x86_64-linux-gnu/gprofng/libgp-sync.so", "/usr/lib/x86_64-linux-gnu/libgprofng.so.0.0.0" ] }, { "ID": "libgssapi-krb5-2@1.21.3-5", "Name": "libgssapi-krb5-2", "Identifier": { "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "e981ef95af866663" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libcom-err2@1.47.2-3+b3", "libk5crypto3@1.21.3-5", "libkrb5-3@1.21.3-5", "libkrb5support0@1.21.3-5" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2", "/usr/share/doc/libgssapi-krb5-2/changelog.Debian.gz", "/usr/share/doc/libgssapi-krb5-2/copyright", "/usr/share/lintian/overrides/libgssapi-krb5-2" ] }, { "ID": "libhogweed6t64@3.10.1-1", "Name": "libhogweed6t64", "Identifier": { "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.1", "UID": "93d12a6ea6e63e7b" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libgmp10@2:6.3.0+dfsg-3", "libnettle8t64@3.10.1-1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", "/usr/share/doc/libhogweed6t64/changelog.gz", "/usr/share/doc/libhogweed6t64/copyright", "/usr/share/lintian/overrides/libhogweed6t64" ] }, { "ID": "libhwasan0@14.2.0-19", "Name": "libhwasan0", "Identifier": { "PURL": "pkg:deb/debian/libhwasan0@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "8a50311cdff85a03" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgcc-s1@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhwasan.so.0.0.0", "/usr/share/lintian/overrides/libhwasan0" ] }, { "ID": "libisl23@0.27-1", "Name": "libisl23", "Identifier": { "PURL": "pkg:deb/debian/libisl23@0.27-1?arch=amd64\u0026distro=debian-13.1", "UID": "1571b54156dde6d" }, "Version": "0.27", "Release": "1", "Arch": "amd64", "SrcName": "isl", "SrcVersion": "0.27", "SrcRelease": "1", "Licenses": [ "MIT", "BSD-2-Clause", "LGPL-2.1-or-later", "LGPL-2.0-only" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libgmp10@2:6.3.0+dfsg-3" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libisl.so.23.4.0", "/usr/share/doc/libisl23/changelog.Debian.gz", "/usr/share/doc/libisl23/changelog.gz", "/usr/share/doc/libisl23/copyright", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libisl.so.23.4.0-gdb.py" ] }, { "ID": "libitm1@14.2.0-19", "Name": "libitm1", "Identifier": { "PURL": "pkg:deb/debian/libitm1@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "d1e5a6170f3524b7" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libitm.so.1.0.0" ] }, { "ID": "libjansson4@2.14-2+b3", "Name": "libjansson4", "Identifier": { "PURL": "pkg:deb/debian/libjansson4@2.14-2%2Bb3?arch=amd64\u0026distro=debian-13.1", "UID": "f2f7542d83d235f" }, "Version": "2.14", "Release": "2+b3", "Arch": "amd64", "SrcName": "jansson", "SrcVersion": "2.14", "SrcRelease": "2", "Licenses": [ "MIT" ], "Maintainer": "Alessandro Ghedini \u003cghedo@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libjansson.so.4.14.0", "/usr/share/doc/libjansson4/README.rst", "/usr/share/doc/libjansson4/changelog.Debian.amd64.gz", "/usr/share/doc/libjansson4/changelog.Debian.gz", "/usr/share/doc/libjansson4/changelog.gz", "/usr/share/doc/libjansson4/copyright", "/usr/share/doc/libjansson4/examples/json_process.c" ] }, { "ID": "libk5crypto3@1.21.3-5", "Name": "libk5crypto3", "Identifier": { "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "654244e38d239af9" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libkrb5support0@1.21.3-5" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1", "/usr/share/doc/libk5crypto3/changelog.Debian.gz", "/usr/share/doc/libk5crypto3/copyright" ] }, { "ID": "libkeyutils1@1.6.3-6", "Name": "libkeyutils1", "Identifier": { "PURL": "pkg:deb/debian/libkeyutils1@1.6.3-6?arch=amd64\u0026distro=debian-13.1", "UID": "f0a9f8df0ae9e579" }, "Version": "1.6.3", "Release": "6", "Arch": "amd64", "SrcName": "keyutils", "SrcVersion": "1.6.3", "SrcRelease": "6", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libkeyutils.so.1.10", "/usr/share/doc/libkeyutils1/changelog.Debian.gz", "/usr/share/doc/libkeyutils1/copyright" ] }, { "ID": "libkrb5-3@1.21.3-5", "Name": "libkrb5-3", "Identifier": { "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "42eb2a7522db520b" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libcom-err2@1.47.2-3+b3", "libk5crypto3@1.21.3-5", "libkeyutils1@1.6.3-6", "libkrb5support0@1.21.3-5", "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/spake.so", "/usr/lib/x86_64-linux-gnu/libkrb5.so.3.3", "/usr/share/doc/libkrb5-3/README.Debian", "/usr/share/doc/libkrb5-3/README.gz", "/usr/share/doc/libkrb5-3/changelog.Debian.gz", "/usr/share/doc/libkrb5-3/copyright", "/usr/share/lintian/overrides/libkrb5-3" ] }, { "ID": "libkrb5support0@1.21.3-5", "Name": "libkrb5support0", "Identifier": { "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "7b7b2ceb7abdb0a3" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1", "/usr/share/doc/libkrb5support0/changelog.Debian.gz", "/usr/share/doc/libkrb5support0/copyright", "/usr/share/lintian/overrides/libkrb5support0" ] }, { "ID": "liblastlog2-2@2.41-5", "Name": "liblastlog2-2", "Identifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "df76396cbfd04981" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libsqlite3-0@3.46.1-7" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.gz", "/usr/share/doc/liblastlog2-2/copyright" ] }, { "ID": "libldap-common@2.6.10+dfsg-1", "Name": "libldap-common", "Identifier": { "PURL": "pkg:deb/debian/libldap-common@2.6.10%2Bdfsg-1?arch=all\u0026distro=debian-13.1", "UID": "1e651153267a4241" }, "Version": "2.6.10+dfsg", "Release": "1", "Arch": "all", "SrcName": "openldap", "SrcVersion": "2.6.10+dfsg", "SrcRelease": "1", "Licenses": [ "OpenLDAP-2.8", "FSF-unlimited", "GPL-2.0-with-autoconf-exception+", "GPL-3.0-with-autoconf-exception+", "GPL-2+ with Libtool exception", "GPL-3+ with Libtool exception", "GPL-3.0-or-later", "GPL-2.0-or-later", "UMich", "F5", "JCG", "MIT-XC", "NeoSoft-permissive", "BSD-3-Clause", "Beerware", "public-domain", "BSD-4-clause-California", "BSD-3-clause-variant", "Expat-ISC", "Expat-UNM", "MIT", "BSD-3-clause-California", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Debian OpenLDAP Maintainers \u003cpkg-openldap-devel@lists.alioth.debian.org\u003e", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/doc/libldap-common/NEWS.Debian.gz", "/usr/share/doc/libldap-common/changelog.Debian.gz", "/usr/share/doc/libldap-common/changelog.gz", "/usr/share/doc/libldap-common/copyright", "/usr/share/man/man5/ldap.conf.5.gz" ] }, { "ID": "libldap2@2.6.10+dfsg-1", "Name": "libldap2", "Identifier": { "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.1", "UID": "57ebb4268feab87d" }, "Version": "2.6.10+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "openldap", "SrcVersion": "2.6.10+dfsg", "SrcRelease": "1", "Licenses": [ "OpenLDAP-2.8", "FSF-unlimited", "GPL-2.0-with-autoconf-exception+", "GPL-3.0-with-autoconf-exception+", "GPL-2+ with Libtool exception", "GPL-3+ with Libtool exception", "GPL-3.0-or-later", "GPL-2.0-or-later", "UMich", "F5", "JCG", "MIT-XC", "NeoSoft-permissive", "BSD-3-Clause", "Beerware", "public-domain", "BSD-4-clause-California", "BSD-3-clause-variant", "Expat-ISC", "Expat-UNM", "MIT", "BSD-3-clause-California", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Debian OpenLDAP Maintainers \u003cpkg-openldap-devel@lists.alioth.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libsasl2-2@2.1.28+dfsg1-9", "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblber.so.2.0.200", "/usr/lib/x86_64-linux-gnu/libldap.so.2.0.200", "/usr/share/doc/libldap2/NEWS.Debian.gz", "/usr/share/doc/libldap2/changelog.Debian.gz", "/usr/share/doc/libldap2/changelog.gz", "/usr/share/doc/libldap2/copyright" ] }, { "ID": "liblsan0@14.2.0-19", "Name": "liblsan0", "Identifier": { "PURL": "pkg:deb/debian/liblsan0@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "ea577afaea889dab" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgcc-s1@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblsan.so.0.0.0", "/usr/share/lintian/overrides/liblsan0" ] }, { "ID": "liblz4-1@1.10.0-4", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.1", "UID": "5be603ddb02c650f" }, "Version": "1.10.0", "Release": "4", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.10.0", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "BSD-2-Clause", "GPL-2.0-only" ], "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libxxhash0@0.8.3-2" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ] }, { "ID": "liblzma5@5.8.1-1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.1", "UID": "88e7a89cb6723d88" }, "Version": "5.8.1", "Release": "1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.8.1", "SrcRelease": "1", "Licenses": [ "0BSD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "FSFULLR", "GPL-3.0-or-later-WITH-Autoconf-exception-macro", "none", "PD", "permissive-nowarranty", "FSFUL", "noderivs", "PD-debian", "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS.gz", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/changelog.gz", "/usr/share/doc/liblzma5/copyright" ] }, { "ID": "libmd0@1.1.0-2+b1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.1", "UID": "23d60256b09c2ba7" }, "Version": "1.1.0", "Release": "2+b1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.1.0", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", "/usr/share/doc/libmd0/changelog.Debian.gz", "/usr/share/doc/libmd0/changelog.gz", "/usr/share/doc/libmd0/copyright" ] }, { "ID": "libmount1@2.41-5", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "6d2d7374cd54451e" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "DependsOn": [ "libblkid1@2.41-5", "libc6@2.41-12", "libselinux1@3.8.1-1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/NEWS.Debian.gz", "/usr/share/doc/libmount1/changelog.Debian.gz", "/usr/share/doc/libmount1/changelog.gz", "/usr/share/doc/libmount1/copyright", "/usr/share/lintian/overrides/libmount1" ] }, { "ID": "libmpc3@1.3.1-1+b3", "Name": "libmpc3", "Identifier": { "PURL": "pkg:deb/debian/libmpc3@1.3.1-1%2Bb3?arch=amd64\u0026distro=debian-13.1", "UID": "5ed34e58d4b30b83" }, "Version": "1.3.1", "Release": "1+b3", "Arch": "amd64", "SrcName": "mpclib3", "SrcVersion": "1.3.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-only" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libgmp10@2:6.3.0+dfsg-3", "libmpfr6@4.2.2-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmpc.so.3.3.1", "/usr/share/doc/libmpc3/changelog.Debian.amd64.gz", "/usr/share/doc/libmpc3/changelog.Debian.gz", "/usr/share/doc/libmpc3/copyright" ] }, { "ID": "libmpfr6@4.2.2-1", "Name": "libmpfr6", "Identifier": { "PURL": "pkg:deb/debian/libmpfr6@4.2.2-1?arch=amd64\u0026distro=debian-13.1", "UID": "c617b77bc9d8a822" }, "Version": "4.2.2", "Release": "1", "Arch": "amd64", "SrcName": "mpfr4", "SrcVersion": "4.2.2", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-only" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libgmp10@2:6.3.0+dfsg-3" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmpfr.so.6.2.2", "/usr/share/doc/libmpfr6/AUTHORS", "/usr/share/doc/libmpfr6/BUGS", "/usr/share/doc/libmpfr6/NEWS.gz", "/usr/share/doc/libmpfr6/README", "/usr/share/doc/libmpfr6/TODO.gz", "/usr/share/doc/libmpfr6/changelog.Debian.gz", "/usr/share/doc/libmpfr6/changelog.gz", "/usr/share/doc/libmpfr6/copyright" ] }, { "ID": "libncursesw6@6.5+20250216-2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.1", "UID": "9ab389651a2b5886" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libtinfo6@6.5+20250216-2" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" ] }, { "ID": "libnettle8t64@3.10.1-1", "Name": "libnettle8t64", "Identifier": { "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.1", "UID": "48343658214e46b4" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", "/usr/share/doc/libnettle8t64/NEWS.gz", "/usr/share/doc/libnettle8t64/README", "/usr/share/doc/libnettle8t64/changelog.Debian.gz", "/usr/share/doc/libnettle8t64/changelog.gz", "/usr/share/doc/libnettle8t64/copyright", "/usr/share/lintian/overrides/libnettle8t64" ] }, { "ID": "libpam-modules@1.7.0-5", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.1", "UID": "b9d6f9c66558c40d" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/security/pam_access.so", "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", "/usr/lib/x86_64-linux-gnu/security/pam_env.so", "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", "/usr/lib/x86_64-linux-gnu/security/pam_group.so", "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/usr/lib/x86_64-linux-gnu/security/pam_time.so", "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/NEWS.Debian.gz", "/usr/share/doc/libpam-modules/changelog.Debian.gz", "/usr/share/doc/libpam-modules/changelog.gz", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/pam-configs/mkhomedir" ] }, { "ID": "libpam-modules-bin@1.7.0-5", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.1", "UID": "bb305b59765ff43e" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12", "libcrypt1@1:4.4.38-1", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsystemd0@257.8-1~deb13u2" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/systemd/system/pam_namespace.service", "/usr/sbin/faillock", "/usr/sbin/mkhomedir_helper", "/usr/sbin/pam_namespace_helper", "/usr/sbin/pam_timestamp_check", "/usr/sbin/pwhistory_helper", "/usr/sbin/unix_chkpwd", "/usr/sbin/unix_update", "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", "/usr/share/doc/libpam-modules-bin/changelog.gz", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin" ] }, { "ID": "libpam-runtime@1.7.0-5", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.1", "UID": "2e8bd19930283d52" }, "Version": "1.7.0", "Release": "5", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "DependsOn": [ "debconf@1.5.91", "libpam-modules@1.7.0-5" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/changelog.Debian.gz", "/usr/share/doc/libpam-runtime/changelog.gz", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/pwhistory.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_canonicalize_user.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_env.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_namespace_helper.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_selinux.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_setquota.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_stress.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_usertype.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/man/man8/pwhistory_helper.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ] }, { "ID": "libpam0g@1.7.0-5", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.1", "UID": "7c64fa0e3792081f" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "DependsOn": [ "debconf@1.5.91", "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/changelog.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ] }, { "ID": "libpcre2-8-0@10.46-1~deb13u1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "e711d6472730c634" }, "Version": "10.46", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.46", "SrcRelease": "1~deb13u1", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/changelog.gz", "/usr/share/doc/libpcre2-8-0/copyright" ] }, { "ID": "libpq-dev@17.6-0+deb13u1", "Name": "libpq-dev", "Identifier": { "PURL": "pkg:deb/debian/libpq-dev@17.6-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "4cf31d7eecd4fee3" }, "Version": "17.6", "Release": "0+deb13u1", "Arch": "amd64", "SrcName": "postgresql-17", "SrcVersion": "17.6", "SrcRelease": "0+deb13u1", "Licenses": [ "PostgreSQL", "Custom-regex", "Tcl", "Custom-pg_dump", "BSD-3-Clause", "Custom-Unicode", "double-metaphone", "GPL-1.0-only", "Artistic-2.0", "nagaysau-ishii", "BSD-2-Clause" ], "Maintainer": "Debian PostgreSQL Maintainers \u003cteam+postgresql@tracker.debian.org\u003e", "DependsOn": [ "libpq5@17.6-0+deb13u1", "libssl-dev@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/pg_config", "/usr/include/postgresql/internal/c.h", "/usr/include/postgresql/internal/fe-auth-sasl.h", "/usr/include/postgresql/internal/libpq-int.h", "/usr/include/postgresql/internal/libpq/pqcomm.h", "/usr/include/postgresql/internal/libpq/protocol.h", "/usr/include/postgresql/internal/port.h", "/usr/include/postgresql/internal/postgres_fe.h", "/usr/include/postgresql/internal/pqexpbuffer.h", "/usr/include/postgresql/libpq-events.h", "/usr/include/postgresql/libpq-fe.h", "/usr/include/postgresql/libpq/libpq-fs.h", "/usr/include/postgresql/pg_config.h", "/usr/include/postgresql/pg_config_ext.h", "/usr/include/postgresql/pg_config_manual.h", "/usr/include/postgresql/pg_config_os.h", "/usr/include/postgresql/postgres_ext.h", "/usr/lib/x86_64-linux-gnu/libpq.a", "/usr/lib/x86_64-linux-gnu/pkgconfig/libpq.pc", "/usr/share/doc/libpq-dev/changelog.Debian.gz", "/usr/share/doc/libpq-dev/changelog.gz", "/usr/share/doc/libpq-dev/copyright", "/usr/share/man/man1/pg_config.1.gz" ] }, { "ID": "libpq5@17.6-0+deb13u1", "Name": "libpq5", "Identifier": { "PURL": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "5fe19154e1e6158c" }, "Version": "17.6", "Release": "0+deb13u1", "Arch": "amd64", "SrcName": "postgresql-17", "SrcVersion": "17.6", "SrcRelease": "0+deb13u1", "Licenses": [ "PostgreSQL", "Custom-regex", "Tcl", "Custom-pg_dump", "BSD-3-Clause", "Custom-Unicode", "double-metaphone", "GPL-1.0-only", "Artistic-2.0", "nagaysau-ishii", "BSD-2-Clause" ], "Maintainer": "Debian PostgreSQL Maintainers \u003cteam+postgresql@tracker.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libgssapi-krb5-2@1.21.3-5", "libldap2@2.6.10+dfsg-1", "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpq.so.5.17", "/usr/share/doc/libpq5/changelog.Debian.gz", "/usr/share/doc/libpq5/changelog.gz", "/usr/share/doc/libpq5/copyright", "/usr/share/locale/cs/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/de/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/el/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/es/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/fr/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/he/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/it/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ja/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ka/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ko/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/pl/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ru/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/sv/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/tr/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/uk/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libpq5-17.mo" ] }, { "ID": "libquadmath0@14.2.0-19", "Name": "libquadmath0", "Identifier": { "PURL": "pkg:deb/debian/libquadmath0@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "65505f638ec256f5" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libquadmath.so.0.0.0" ] }, { "ID": "libreadline8t64@8.2-6", "Name": "libreadline8t64", "Identifier": { "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.1", "UID": "bca17e0f70f9fb49" }, "Version": "8.2", "Release": "6", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libtinfo6@6.5+20250216-2", "readline-common@8.2-6" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", "/usr/share/doc/libreadline8t64/README.Debian", "/usr/share/doc/libreadline8t64/USAGE", "/usr/share/doc/libreadline8t64/changelog.Debian.gz", "/usr/share/doc/libreadline8t64/changelog.gz", "/usr/share/doc/libreadline8t64/copyright", "/usr/share/doc/libreadline8t64/examples/Inputrc", "/usr/share/doc/libreadline8t64/inputrc.arrows" ] }, { "ID": "libsasl2-2@2.1.28+dfsg1-9", "Name": "libsasl2-2", "Identifier": { "PURL": "pkg:deb/debian/libsasl2-2@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.1", "UID": "52ae8c0b451424c8" }, "Version": "2.1.28+dfsg1", "Release": "9", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "9", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libsasl2-modules-db@2.1.28+dfsg1-9", "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25", "/usr/share/doc/libsasl2-2/README.Debian", "/usr/share/doc/libsasl2-2/changelog.Debian.gz", "/usr/share/doc/libsasl2-2/copyright", "/usr/share/man/man5/libsasl.5.gz" ] }, { "ID": "libsasl2-modules@2.1.28+dfsg1-9", "Name": "libsasl2-modules", "Identifier": { "PURL": "pkg:deb/debian/libsasl2-modules@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.1", "UID": "7e4b6f3fc2f20ef9" }, "Version": "2.1.28+dfsg1", "Release": "9", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "9", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2.0.25", "/usr/share/doc/libsasl2-modules/changelog.Debian.gz", "/usr/share/doc/libsasl2-modules/copyright" ] }, { "ID": "libsasl2-modules-db@2.1.28+dfsg1-9", "Name": "libsasl2-modules-db", "Identifier": { "PURL": "pkg:deb/debian/libsasl2-modules-db@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.1", "UID": "42fb653a374e0902" }, "Version": "2.1.28+dfsg1", "Release": "9", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "9", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libdb5.3t64@5.3.28+dfsg2-9" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25", "/usr/share/doc/libsasl2-modules-db/changelog.Debian.gz", "/usr/share/doc/libsasl2-modules-db/copyright" ] }, { "ID": "libseccomp2@2.6.0-2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.1", "UID": "f6e9daa8e2a1900f" }, "Version": "2.6.0", "Release": "2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.6.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/changelog.gz", "/usr/share/doc/libseccomp2/copyright" ] }, { "ID": "libselinux1@3.8.1-1", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.1", "UID": "a6273b1762ccaef9" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "public-domain", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libpcre2-8-0@10.46-1~deb13u1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/tmpfiles.d/libselinux1.conf", "/usr/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ] }, { "ID": "libsemanage-common@3.8.1-1", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.1", "UID": "82e27fcff653c8e2" }, "Version": "3.8.1", "Release": "1", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz" ] }, { "ID": "libsemanage2@3.8.1-1", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.1", "UID": "a2f1e5a679948b47" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libbz2-1.0@1.0.8-6", "libc6@2.41-12", "libselinux1@3.8.1-1", "libsemanage-common@3.8.1-1", "libsepol2@3.8.1-1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", "/usr/share/doc/libsemanage2/changelog.Debian.gz", "/usr/share/doc/libsemanage2/copyright" ] }, { "ID": "libsepol2@3.8.1-1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.1", "UID": "42060046fe7e6042" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "Zlib", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsepol.so.2", "/usr/share/doc/libsepol2/changelog.Debian.gz", "/usr/share/doc/libsepol2/copyright" ] }, { "ID": "libsframe1@2.44-3", "Name": "libsframe1", "Identifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "Version": "2.44", "Release": "3", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.44", "SrcRelease": "3", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GFDL-1.3-or-later" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsframe.so.1.0.0", "/usr/share/doc/libsframe1/changelog.Debian.gz", "/usr/share/doc/libsframe1/copyright" ] }, { "ID": "libsmartcols1@2.41-5", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "bdd963006efde917" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.gz", "/usr/share/doc/libsmartcols1/copyright", "/usr/share/lintian/overrides/libsmartcols1" ] }, { "ID": "libsqlite3-0@3.46.1-7", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7?arch=amd64\u0026distro=debian-13.1", "UID": "d3b12dcb7bd33f74" }, "Version": "3.46.1", "Release": "7", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.46.1", "SrcRelease": "7", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/changelog.gz", "/usr/share/doc/libsqlite3-0/changelog.html.gz", "/usr/share/doc/libsqlite3-0/copyright" ] }, { "ID": "libssl-dev@3.5.1-1+deb13u1", "Name": "libssl-dev", "Identifier": { "PURL": "pkg:deb/debian/libssl-dev@3.5.1-1%2Bdeb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "460bf905484a45d1" }, "Version": "3.5.1", "Release": "1+deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.1", "SrcRelease": "1+deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "DependsOn": [ "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/include/openssl/aes.h", "/usr/include/openssl/asn1.h", "/usr/include/openssl/asn1err.h", "/usr/include/openssl/asn1t.h", "/usr/include/openssl/async.h", "/usr/include/openssl/asyncerr.h", "/usr/include/openssl/bio.h", "/usr/include/openssl/bioerr.h", "/usr/include/openssl/blowfish.h", "/usr/include/openssl/bn.h", "/usr/include/openssl/bnerr.h", "/usr/include/openssl/buffer.h", "/usr/include/openssl/buffererr.h", "/usr/include/openssl/byteorder.h", "/usr/include/openssl/camellia.h", "/usr/include/openssl/cast.h", "/usr/include/openssl/cmac.h", "/usr/include/openssl/cmp.h", "/usr/include/openssl/cmp_util.h", "/usr/include/openssl/cmperr.h", "/usr/include/openssl/cms.h", "/usr/include/openssl/cmserr.h", "/usr/include/openssl/comp.h", "/usr/include/openssl/comperr.h", "/usr/include/openssl/conf.h", "/usr/include/openssl/conf_api.h", "/usr/include/openssl/conferr.h", "/usr/include/openssl/conftypes.h", "/usr/include/openssl/core.h", "/usr/include/openssl/core_dispatch.h", "/usr/include/openssl/core_names.h", "/usr/include/openssl/core_object.h", "/usr/include/openssl/crmf.h", "/usr/include/openssl/crmferr.h", "/usr/include/openssl/crypto.h", "/usr/include/openssl/cryptoerr.h", "/usr/include/openssl/cryptoerr_legacy.h", "/usr/include/openssl/ct.h", "/usr/include/openssl/cterr.h", "/usr/include/openssl/decoder.h", "/usr/include/openssl/decodererr.h", "/usr/include/openssl/des.h", "/usr/include/openssl/dh.h", "/usr/include/openssl/dherr.h", "/usr/include/openssl/dsa.h", "/usr/include/openssl/dsaerr.h", "/usr/include/openssl/dtls1.h", "/usr/include/openssl/e_os2.h", "/usr/include/openssl/e_ostime.h", "/usr/include/openssl/ebcdic.h", "/usr/include/openssl/ec.h", "/usr/include/openssl/ecdh.h", "/usr/include/openssl/ecdsa.h", "/usr/include/openssl/ecerr.h", "/usr/include/openssl/encoder.h", "/usr/include/openssl/encodererr.h", "/usr/include/openssl/engine.h", "/usr/include/openssl/engineerr.h", "/usr/include/openssl/err.h", "/usr/include/openssl/ess.h", "/usr/include/openssl/esserr.h", "/usr/include/openssl/evp.h", "/usr/include/openssl/evperr.h", "/usr/include/openssl/fips_names.h", "/usr/include/openssl/fipskey.h", "/usr/include/openssl/hmac.h", "/usr/include/openssl/hpke.h", "/usr/include/openssl/http.h", "/usr/include/openssl/httperr.h", "/usr/include/openssl/idea.h", "/usr/include/openssl/indicator.h", "/usr/include/openssl/kdf.h", "/usr/include/openssl/kdferr.h", "/usr/include/openssl/lhash.h", "/usr/include/openssl/macros.h", "/usr/include/openssl/md2.h", "/usr/include/openssl/md4.h", "/usr/include/openssl/md5.h", "/usr/include/openssl/mdc2.h", "/usr/include/openssl/ml_kem.h", "/usr/include/openssl/modes.h", "/usr/include/openssl/obj_mac.h", "/usr/include/openssl/objects.h", "/usr/include/openssl/objectserr.h", "/usr/include/openssl/ocsp.h", "/usr/include/openssl/ocsperr.h", "/usr/include/openssl/opensslv.h", "/usr/include/openssl/ossl_typ.h", "/usr/include/openssl/param_build.h", "/usr/include/openssl/params.h", "/usr/include/openssl/pem.h", "/usr/include/openssl/pem2.h", "/usr/include/openssl/pemerr.h", "/usr/include/openssl/pkcs12.h", "/usr/include/openssl/pkcs12err.h", "/usr/include/openssl/pkcs7.h", "/usr/include/openssl/pkcs7err.h", "/usr/include/openssl/prov_ssl.h", "/usr/include/openssl/proverr.h", "/usr/include/openssl/provider.h", "/usr/include/openssl/quic.h", "/usr/include/openssl/rand.h", "/usr/include/openssl/randerr.h", "/usr/include/openssl/rc2.h", "/usr/include/openssl/rc4.h", "/usr/include/openssl/rc5.h", "/usr/include/openssl/ripemd.h", "/usr/include/openssl/rsa.h", "/usr/include/openssl/rsaerr.h", "/usr/include/openssl/safestack.h", "/usr/include/openssl/seed.h", "/usr/include/openssl/self_test.h", "/usr/include/openssl/sha.h", "/usr/include/openssl/srp.h", "/usr/include/openssl/srtp.h", "/usr/include/openssl/ssl.h", "/usr/include/openssl/ssl2.h", "/usr/include/openssl/ssl3.h", "/usr/include/openssl/sslerr.h", "/usr/include/openssl/sslerr_legacy.h", "/usr/include/openssl/stack.h", "/usr/include/openssl/store.h", "/usr/include/openssl/storeerr.h", "/usr/include/openssl/symhacks.h", "/usr/include/openssl/thread.h", "/usr/include/openssl/tls1.h", "/usr/include/openssl/trace.h", "/usr/include/openssl/ts.h", "/usr/include/openssl/tserr.h", "/usr/include/openssl/txt_db.h", "/usr/include/openssl/types.h", "/usr/include/openssl/ui.h", "/usr/include/openssl/uierr.h", "/usr/include/openssl/whrlpool.h", "/usr/include/openssl/x509.h", "/usr/include/openssl/x509_acert.h", "/usr/include/openssl/x509_vfy.h", "/usr/include/openssl/x509err.h", "/usr/include/openssl/x509v3.h", "/usr/include/openssl/x509v3err.h", "/usr/include/x86_64-linux-gnu/openssl/configuration.h", "/usr/include/x86_64-linux-gnu/openssl/opensslconf.h", "/usr/lib/x86_64-linux-gnu/cmake/OpenSSL/OpenSSLConfig.cmake", "/usr/lib/x86_64-linux-gnu/cmake/OpenSSL/OpenSSLConfigVersion.cmake", "/usr/lib/x86_64-linux-gnu/libcrypto.a", "/usr/lib/x86_64-linux-gnu/libssl.a", "/usr/lib/x86_64-linux-gnu/pkgconfig/libcrypto.pc", "/usr/lib/x86_64-linux-gnu/pkgconfig/libssl.pc", "/usr/lib/x86_64-linux-gnu/pkgconfig/openssl.pc", "/usr/share/doc/libssl-dev/changelog.Debian.gz", "/usr/share/doc/libssl-dev/changelog.gz", "/usr/share/doc/libssl-dev/copyright" ] }, { "ID": "libssl3t64@3.5.1-1+deb13u1", "Name": "libssl3t64", "Identifier": { "PURL": "pkg:deb/debian/libssl3t64@3.5.1-1%2Bdeb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "21570f13e9c95536" }, "Version": "3.5.1", "Release": "1+deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.1", "SrcRelease": "1+deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "DependsOn": [ "libc6@2.41-12", "libzstd1@1.5.7+dfsg-1", "openssl-provider-legacy@3.5.1-1+deb13u1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "DiffID": "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3", "/usr/share/doc/libssl3t64/NEWS.Debian.gz", "/usr/share/doc/libssl3t64/changelog.Debian.gz", "/usr/share/doc/libssl3t64/changelog.gz", "/usr/share/doc/libssl3t64/copyright", "/usr/share/lintian/overrides/libssl3t64" ] }, { "ID": "libstdc++-14-dev@14.2.0-19", "Name": "libstdc++-14-dev", "Identifier": { "PURL": "pkg:deb/debian/libstdc%2B%2B-14-dev@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "1a89c4aee9de0597" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6-dev@2.41-12", "libgcc-14-dev@14.2.0-19", "libstdc++6@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/include/c++/14/algorithm", "/usr/include/c++/14/any", "/usr/include/c++/14/array", "/usr/include/c++/14/atomic", "/usr/include/c++/14/backward/auto_ptr.h", "/usr/include/c++/14/backward/backward_warning.h", "/usr/include/c++/14/backward/binders.h", "/usr/include/c++/14/backward/hash_fun.h", "/usr/include/c++/14/backward/hash_map", "/usr/include/c++/14/backward/hash_set", "/usr/include/c++/14/backward/hashtable.h", "/usr/include/c++/14/backward/strstream", "/usr/include/c++/14/barrier", "/usr/include/c++/14/bit", "/usr/include/c++/14/bits/algorithmfwd.h", "/usr/include/c++/14/bits/align.h", "/usr/include/c++/14/bits/alloc_traits.h", "/usr/include/c++/14/bits/allocated_ptr.h", "/usr/include/c++/14/bits/allocator.h", "/usr/include/c++/14/bits/atomic_base.h", "/usr/include/c++/14/bits/atomic_futex.h", "/usr/include/c++/14/bits/atomic_lockfree_defines.h", "/usr/include/c++/14/bits/atomic_timed_wait.h", "/usr/include/c++/14/bits/atomic_wait.h", "/usr/include/c++/14/bits/basic_ios.h", "/usr/include/c++/14/bits/basic_ios.tcc", "/usr/include/c++/14/bits/basic_string.h", "/usr/include/c++/14/bits/basic_string.tcc", "/usr/include/c++/14/bits/boost_concept_check.h", "/usr/include/c++/14/bits/c++0x_warning.h", "/usr/include/c++/14/bits/char_traits.h", "/usr/include/c++/14/bits/charconv.h", "/usr/include/c++/14/bits/chrono.h", "/usr/include/c++/14/bits/chrono_io.h", "/usr/include/c++/14/bits/codecvt.h", "/usr/include/c++/14/bits/concept_check.h", "/usr/include/c++/14/bits/cow_string.h", "/usr/include/c++/14/bits/cpp_type_traits.h", "/usr/include/c++/14/bits/cxxabi_forced.h", "/usr/include/c++/14/bits/cxxabi_init_exception.h", "/usr/include/c++/14/bits/deque.tcc", "/usr/include/c++/14/bits/elements_of.h", "/usr/include/c++/14/bits/enable_special_members.h", "/usr/include/c++/14/bits/erase_if.h", "/usr/include/c++/14/bits/exception.h", "/usr/include/c++/14/bits/exception_defines.h", "/usr/include/c++/14/bits/exception_ptr.h", "/usr/include/c++/14/bits/forward_list.h", "/usr/include/c++/14/bits/forward_list.tcc", "/usr/include/c++/14/bits/fs_dir.h", "/usr/include/c++/14/bits/fs_fwd.h", "/usr/include/c++/14/bits/fs_ops.h", "/usr/include/c++/14/bits/fs_path.h", "/usr/include/c++/14/bits/fstream.tcc", "/usr/include/c++/14/bits/functexcept.h", "/usr/include/c++/14/bits/functional_hash.h", "/usr/include/c++/14/bits/gslice.h", "/usr/include/c++/14/bits/gslice_array.h", "/usr/include/c++/14/bits/hash_bytes.h", "/usr/include/c++/14/bits/hashtable.h", "/usr/include/c++/14/bits/hashtable_policy.h", "/usr/include/c++/14/bits/indirect_array.h", "/usr/include/c++/14/bits/invoke.h", "/usr/include/c++/14/bits/ios_base.h", "/usr/include/c++/14/bits/istream.tcc", "/usr/include/c++/14/bits/iterator_concepts.h", "/usr/include/c++/14/bits/list.tcc", "/usr/include/c++/14/bits/locale_classes.h", "/usr/include/c++/14/bits/locale_classes.tcc", "/usr/include/c++/14/bits/locale_conv.h", "/usr/include/c++/14/bits/locale_facets.h", "/usr/include/c++/14/bits/locale_facets.tcc", "/usr/include/c++/14/bits/locale_facets_nonio.h", "/usr/include/c++/14/bits/locale_facets_nonio.tcc", "/usr/include/c++/14/bits/localefwd.h", "/usr/include/c++/14/bits/mask_array.h", "/usr/include/c++/14/bits/max_size_type.h", "/usr/include/c++/14/bits/memory_resource.h", "/usr/include/c++/14/bits/memoryfwd.h", "/usr/include/c++/14/bits/mofunc_impl.h", "/usr/include/c++/14/bits/move.h", "/usr/include/c++/14/bits/move_only_function.h", "/usr/include/c++/14/bits/nested_exception.h", "/usr/include/c++/14/bits/new_allocator.h", "/usr/include/c++/14/bits/node_handle.h", "/usr/include/c++/14/bits/ostream.tcc", "/usr/include/c++/14/bits/ostream_insert.h", "/usr/include/c++/14/bits/out_ptr.h", "/usr/include/c++/14/bits/parse_numbers.h", "/usr/include/c++/14/bits/postypes.h", "/usr/include/c++/14/bits/predefined_ops.h", "/usr/include/c++/14/bits/ptr_traits.h", "/usr/include/c++/14/bits/quoted_string.h", "/usr/include/c++/14/bits/random.h", "/usr/include/c++/14/bits/random.tcc", "/usr/include/c++/14/bits/range_access.h", "/usr/include/c++/14/bits/ranges_algo.h", "/usr/include/c++/14/bits/ranges_algobase.h", "/usr/include/c++/14/bits/ranges_base.h", "/usr/include/c++/14/bits/ranges_cmp.h", "/usr/include/c++/14/bits/ranges_uninitialized.h", "/usr/include/c++/14/bits/ranges_util.h", "/usr/include/c++/14/bits/refwrap.h", "/usr/include/c++/14/bits/regex.h", "/usr/include/c++/14/bits/regex.tcc", "/usr/include/c++/14/bits/regex_automaton.h", "/usr/include/c++/14/bits/regex_automaton.tcc", "/usr/include/c++/14/bits/regex_compiler.h", "/usr/include/c++/14/bits/regex_compiler.tcc", "/usr/include/c++/14/bits/regex_constants.h", "/usr/include/c++/14/bits/regex_error.h", "/usr/include/c++/14/bits/regex_executor.h", "/usr/include/c++/14/bits/regex_executor.tcc", "/usr/include/c++/14/bits/regex_scanner.h", "/usr/include/c++/14/bits/regex_scanner.tcc", "/usr/include/c++/14/bits/requires_hosted.h", "/usr/include/c++/14/bits/sat_arith.h", "/usr/include/c++/14/bits/semaphore_base.h", "/usr/include/c++/14/bits/shared_ptr.h", "/usr/include/c++/14/bits/shared_ptr_atomic.h", "/usr/include/c++/14/bits/shared_ptr_base.h", "/usr/include/c++/14/bits/slice_array.h", "/usr/include/c++/14/bits/specfun.h", "/usr/include/c++/14/bits/sstream.tcc", "/usr/include/c++/14/bits/std_abs.h", "/usr/include/c++/14/bits/std_function.h", "/usr/include/c++/14/bits/std_mutex.h", "/usr/include/c++/14/bits/std_thread.h", "/usr/include/c++/14/bits/stl_algo.h", "/usr/include/c++/14/bits/stl_algobase.h", "/usr/include/c++/14/bits/stl_bvector.h", "/usr/include/c++/14/bits/stl_construct.h", "/usr/include/c++/14/bits/stl_deque.h", "/usr/include/c++/14/bits/stl_function.h", "/usr/include/c++/14/bits/stl_heap.h", "/usr/include/c++/14/bits/stl_iterator.h", "/usr/include/c++/14/bits/stl_iterator_base_funcs.h", "/usr/include/c++/14/bits/stl_iterator_base_types.h", "/usr/include/c++/14/bits/stl_list.h", "/usr/include/c++/14/bits/stl_map.h", "/usr/include/c++/14/bits/stl_multimap.h", "/usr/include/c++/14/bits/stl_multiset.h", "/usr/include/c++/14/bits/stl_numeric.h", "/usr/include/c++/14/bits/stl_pair.h", "/usr/include/c++/14/bits/stl_queue.h", "/usr/include/c++/14/bits/stl_raw_storage_iter.h", "/usr/include/c++/14/bits/stl_relops.h", "/usr/include/c++/14/bits/stl_set.h", "/usr/include/c++/14/bits/stl_stack.h", "/usr/include/c++/14/bits/stl_tempbuf.h", "/usr/include/c++/14/bits/stl_tree.h", "/usr/include/c++/14/bits/stl_uninitialized.h", "/usr/include/c++/14/bits/stl_vector.h", "/usr/include/c++/14/bits/stream_iterator.h", "/usr/include/c++/14/bits/streambuf.tcc", "/usr/include/c++/14/bits/streambuf_iterator.h", "/usr/include/c++/14/bits/string_view.tcc", "/usr/include/c++/14/bits/stringfwd.h", "/usr/include/c++/14/bits/text_encoding-data.h", "/usr/include/c++/14/bits/this_thread_sleep.h", "/usr/include/c++/14/bits/unicode-data.h", "/usr/include/c++/14/bits/unicode.h", "/usr/include/c++/14/bits/uniform_int_dist.h", "/usr/include/c++/14/bits/unique_lock.h", "/usr/include/c++/14/bits/unique_ptr.h", "/usr/include/c++/14/bits/unordered_map.h", "/usr/include/c++/14/bits/unordered_set.h", "/usr/include/c++/14/bits/uses_allocator.h", "/usr/include/c++/14/bits/uses_allocator_args.h", "/usr/include/c++/14/bits/utility.h", "/usr/include/c++/14/bits/valarray_after.h", "/usr/include/c++/14/bits/valarray_array.h", "/usr/include/c++/14/bits/valarray_array.tcc", "/usr/include/c++/14/bits/valarray_before.h", "/usr/include/c++/14/bits/vector.tcc", "/usr/include/c++/14/bits/version.h", "/usr/include/c++/14/bitset", "/usr/include/c++/14/cassert", "/usr/include/c++/14/ccomplex", "/usr/include/c++/14/cctype", "/usr/include/c++/14/cerrno", "/usr/include/c++/14/cfenv", "/usr/include/c++/14/cfloat", "/usr/include/c++/14/charconv", "/usr/include/c++/14/chrono", "/usr/include/c++/14/cinttypes", "/usr/include/c++/14/ciso646", "/usr/include/c++/14/climits", "/usr/include/c++/14/clocale", "/usr/include/c++/14/cmath", "/usr/include/c++/14/codecvt", "/usr/include/c++/14/compare", "/usr/include/c++/14/complex", "/usr/include/c++/14/complex.h", "/usr/include/c++/14/concepts", "/usr/include/c++/14/condition_variable", "/usr/include/c++/14/coroutine", "/usr/include/c++/14/csetjmp", "/usr/include/c++/14/csignal", "/usr/include/c++/14/cstdalign", "/usr/include/c++/14/cstdarg", "/usr/include/c++/14/cstdbool", "/usr/include/c++/14/cstddef", "/usr/include/c++/14/cstdint", "/usr/include/c++/14/cstdio", "/usr/include/c++/14/cstdlib", "/usr/include/c++/14/cstring", "/usr/include/c++/14/ctgmath", "/usr/include/c++/14/ctime", "/usr/include/c++/14/cuchar", "/usr/include/c++/14/cwchar", "/usr/include/c++/14/cwctype", "/usr/include/c++/14/cxxabi.h", "/usr/include/c++/14/debug/assertions.h", "/usr/include/c++/14/debug/bitset", "/usr/include/c++/14/debug/debug.h", "/usr/include/c++/14/debug/deque", "/usr/include/c++/14/debug/formatter.h", "/usr/include/c++/14/debug/forward_list", "/usr/include/c++/14/debug/functions.h", "/usr/include/c++/14/debug/helper_functions.h", "/usr/include/c++/14/debug/list", "/usr/include/c++/14/debug/macros.h", "/usr/include/c++/14/debug/map", "/usr/include/c++/14/debug/map.h", "/usr/include/c++/14/debug/multimap.h", "/usr/include/c++/14/debug/multiset.h", "/usr/include/c++/14/debug/safe_base.h", "/usr/include/c++/14/debug/safe_container.h", "/usr/include/c++/14/debug/safe_iterator.h", "/usr/include/c++/14/debug/safe_iterator.tcc", "/usr/include/c++/14/debug/safe_local_iterator.h", "/usr/include/c++/14/debug/safe_local_iterator.tcc", "/usr/include/c++/14/debug/safe_sequence.h", "/usr/include/c++/14/debug/safe_sequence.tcc", "/usr/include/c++/14/debug/safe_unordered_base.h", "/usr/include/c++/14/debug/safe_unordered_container.h", "/usr/include/c++/14/debug/safe_unordered_container.tcc", "/usr/include/c++/14/debug/set", "/usr/include/c++/14/debug/set.h", "/usr/include/c++/14/debug/stl_iterator.h", "/usr/include/c++/14/debug/string", "/usr/include/c++/14/debug/unordered_map", "/usr/include/c++/14/debug/unordered_set", "/usr/include/c++/14/debug/vector", "/usr/include/c++/14/decimal/decimal", "/usr/include/c++/14/decimal/decimal.h", "/usr/include/c++/14/deque", "/usr/include/c++/14/exception", "/usr/include/c++/14/execution", "/usr/include/c++/14/expected", "/usr/include/c++/14/experimental/algorithm", "/usr/include/c++/14/experimental/any", "/usr/include/c++/14/experimental/array", "/usr/include/c++/14/experimental/bits/fs_dir.h", "/usr/include/c++/14/experimental/bits/fs_fwd.h", "/usr/include/c++/14/experimental/bits/fs_ops.h", "/usr/include/c++/14/experimental/bits/fs_path.h", "/usr/include/c++/14/experimental/bits/lfts_config.h", "/usr/include/c++/14/experimental/bits/net.h", "/usr/include/c++/14/experimental/bits/numeric_traits.h", "/usr/include/c++/14/experimental/bits/shared_ptr.h", "/usr/include/c++/14/experimental/bits/simd.h", "/usr/include/c++/14/experimental/bits/simd_builtin.h", "/usr/include/c++/14/experimental/bits/simd_converter.h", "/usr/include/c++/14/experimental/bits/simd_detail.h", "/usr/include/c++/14/experimental/bits/simd_fixed_size.h", "/usr/include/c++/14/experimental/bits/simd_math.h", "/usr/include/c++/14/experimental/bits/simd_neon.h", "/usr/include/c++/14/experimental/bits/simd_ppc.h", "/usr/include/c++/14/experimental/bits/simd_scalar.h", "/usr/include/c++/14/experimental/bits/simd_sve.h", "/usr/include/c++/14/experimental/bits/simd_x86.h", "/usr/include/c++/14/experimental/bits/simd_x86_conversions.h", "/usr/include/c++/14/experimental/bits/string_view.tcc", "/usr/include/c++/14/experimental/buffer", "/usr/include/c++/14/experimental/chrono", "/usr/include/c++/14/experimental/contract", "/usr/include/c++/14/experimental/deque", "/usr/include/c++/14/experimental/executor", "/usr/include/c++/14/experimental/filesystem", "/usr/include/c++/14/experimental/forward_list", "/usr/include/c++/14/experimental/functional", "/usr/include/c++/14/experimental/internet", "/usr/include/c++/14/experimental/io_context", "/usr/include/c++/14/experimental/iterator", "/usr/include/c++/14/experimental/list", "/usr/include/c++/14/experimental/map", "/usr/include/c++/14/experimental/memory", "/usr/include/c++/14/experimental/memory_resource", "/usr/include/c++/14/experimental/net", "/usr/include/c++/14/experimental/netfwd", "/usr/include/c++/14/experimental/numeric", "/usr/include/c++/14/experimental/optional", "/usr/include/c++/14/experimental/propagate_const", "/usr/include/c++/14/experimental/random", "/usr/include/c++/14/experimental/ratio", "/usr/include/c++/14/experimental/regex", "/usr/include/c++/14/experimental/scope", "/usr/include/c++/14/experimental/set", "/usr/include/c++/14/experimental/simd", "/usr/include/c++/14/experimental/socket", "/usr/include/c++/14/experimental/source_location", "/usr/include/c++/14/experimental/string", "/usr/include/c++/14/experimental/string_view", "/usr/include/c++/14/experimental/synchronized_value", "/usr/include/c++/14/experimental/system_error", "/usr/include/c++/14/experimental/timer", "/usr/include/c++/14/experimental/tuple", "/usr/include/c++/14/experimental/type_traits", "/usr/include/c++/14/experimental/unordered_map", "/usr/include/c++/14/experimental/unordered_set", "/usr/include/c++/14/experimental/utility", "/usr/include/c++/14/experimental/vector", "/usr/include/c++/14/ext/algorithm", "/usr/include/c++/14/ext/aligned_buffer.h", "/usr/include/c++/14/ext/alloc_traits.h", "/usr/include/c++/14/ext/atomicity.h", "/usr/include/c++/14/ext/bitmap_allocator.h", "/usr/include/c++/14/ext/cast.h", "/usr/include/c++/14/ext/cmath", "/usr/include/c++/14/ext/codecvt_specializations.h", "/usr/include/c++/14/ext/concurrence.h", "/usr/include/c++/14/ext/debug_allocator.h", "/usr/include/c++/14/ext/enc_filebuf.h", "/usr/include/c++/14/ext/extptr_allocator.h", "/usr/include/c++/14/ext/functional", "/usr/include/c++/14/ext/hash_map", "/usr/include/c++/14/ext/hash_set", "/usr/include/c++/14/ext/iterator", "/usr/include/c++/14/ext/malloc_allocator.h", "/usr/include/c++/14/ext/memory", "/usr/include/c++/14/ext/mt_allocator.h", "/usr/include/c++/14/ext/new_allocator.h", "/usr/include/c++/14/ext/numeric", "/usr/include/c++/14/ext/numeric_traits.h", "/usr/include/c++/14/ext/pb_ds/assoc_container.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/bin_search_tree_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/iterators_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/node_iterators.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/point_iterators.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/policy_access_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/r_erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/rotate_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/bin_search_tree_/traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/binary_heap_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/const_iterator.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/entry_cmp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/entry_pred.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/iterators_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/point_const_iterator.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/policy_access_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/resize_policy.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binary_heap_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_/binomial_heap_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_base_/binomial_heap_base_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_base_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_base_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_base_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_base_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_base_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/binomial_heap_base_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/branch_policy/branch_policy.hpp", "/usr/include/c++/14/ext/pb_ds/detail/branch_policy/null_node_metadata.hpp", "/usr/include/c++/14/ext/pb_ds/detail/branch_policy/traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/cc_ht_map_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/cmp_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/cond_key_dtor_entry_dealtor.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/constructor_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/constructor_destructor_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/constructor_destructor_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/debug_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/debug_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/entry_list_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/erase_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/erase_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/find_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/insert_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/insert_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/iterators_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/policy_access_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/resize_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/resize_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/resize_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/size_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cc_hash_table_map_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/cond_dealtor.hpp", "/usr/include/c++/14/ext/pb_ds/detail/container_base_dispatch.hpp", "/usr/include/c++/14/ext/pb_ds/detail/debug_map_base.hpp", "/usr/include/c++/14/ext/pb_ds/detail/eq_fn/eq_by_less.hpp", "/usr/include/c++/14/ext/pb_ds/detail/eq_fn/hash_eq_fn.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/constructor_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/constructor_destructor_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/constructor_destructor_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/debug_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/debug_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/erase_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/erase_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/find_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/find_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/gp_ht_map_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/insert_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/insert_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/iterator_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/policy_access_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/resize_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/resize_no_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/resize_store_hash_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/gp_hash_table_map_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/direct_mask_range_hashing_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/direct_mod_range_hashing_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/linear_probe_fn_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/mask_based_range_hashing.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/mod_based_range_hashing.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/probe_fn_base.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/quadratic_probe_fn_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/ranged_hash_fn.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/ranged_probe_fn.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/sample_probe_fn.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/sample_range_hashing.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/sample_ranged_hash_fn.hpp", "/usr/include/c++/14/ext/pb_ds/detail/hash_fn/sample_ranged_probe_fn.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/const_iterator.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/iterators_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/left_child_next_sibling_heap_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/node.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/point_const_iterator.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/policy_access_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/left_child_next_sibling_heap_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/constructor_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/entry_metadata_base.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/iterators_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/lu_map_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_map_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_policy/lu_counter_metadata.hpp", "/usr/include/c++/14/ext/pb_ds/detail/list_update_policy/sample_update_policy.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/iterators_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/node_iterators.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/ov_tree_map_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/policy_access_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/ov_tree_map_/traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pairing_heap_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pairing_heap_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pairing_heap_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pairing_heap_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pairing_heap_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pairing_heap_/pairing_heap_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pairing_heap_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/insert_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/iterators_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/pat_trie_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/pat_trie_base.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/policy_access_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/r_erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/rotate_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/split_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/synth_access_traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/pat_trie_/update_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/priority_queue_base_dispatch.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/node.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/rb_tree_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rb_tree_map_/traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/rc.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/rc_binomial_heap_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/rc_binomial_heap_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/cc_hash_max_collision_check_resize_trigger_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/hash_exponential_size_policy_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/hash_load_check_resize_trigger_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/hash_load_check_resize_trigger_size_base.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/hash_prime_size_policy_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/hash_standard_resize_policy_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/sample_resize_policy.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/sample_resize_trigger.hpp", "/usr/include/c++/14/ext/pb_ds/detail/resize_policy/sample_size_policy.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/info_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/node.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/splay_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/splay_tree_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/splay_tree_/traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/standard_policies.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/constructors_destructor_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/debug_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/erase_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/find_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/insert_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/split_join_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/thin_heap_.hpp", "/usr/include/c++/14/ext/pb_ds/detail/thin_heap_/trace_fn_imps.hpp", "/usr/include/c++/14/ext/pb_ds/detail/tree_policy/node_metadata_selector.hpp", "/usr/include/c++/14/ext/pb_ds/detail/tree_policy/order_statistics_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/tree_policy/sample_tree_node_update.hpp", "/usr/include/c++/14/ext/pb_ds/detail/tree_trace_base.hpp", "/usr/include/c++/14/ext/pb_ds/detail/trie_policy/node_metadata_selector.hpp", "/usr/include/c++/14/ext/pb_ds/detail/trie_policy/order_statistics_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/trie_policy/prefix_search_node_update_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/trie_policy/sample_trie_access_traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/trie_policy/sample_trie_node_update.hpp", "/usr/include/c++/14/ext/pb_ds/detail/trie_policy/trie_policy_base.hpp", "/usr/include/c++/14/ext/pb_ds/detail/trie_policy/trie_string_access_traits_imp.hpp", "/usr/include/c++/14/ext/pb_ds/detail/type_utils.hpp", "/usr/include/c++/14/ext/pb_ds/detail/types_traits.hpp", "/usr/include/c++/14/ext/pb_ds/detail/unordered_iterator/const_iterator.hpp", "/usr/include/c++/14/ext/pb_ds/detail/unordered_iterator/iterator.hpp", "/usr/include/c++/14/ext/pb_ds/detail/unordered_iterator/point_const_iterator.hpp", "/usr/include/c++/14/ext/pb_ds/detail/unordered_iterator/point_iterator.hpp", "/usr/include/c++/14/ext/pb_ds/exception.hpp", "/usr/include/c++/14/ext/pb_ds/hash_policy.hpp", "/usr/include/c++/14/ext/pb_ds/list_update_policy.hpp", "/usr/include/c++/14/ext/pb_ds/priority_queue.hpp", "/usr/include/c++/14/ext/pb_ds/tag_and_trait.hpp", "/usr/include/c++/14/ext/pb_ds/tree_policy.hpp", "/usr/include/c++/14/ext/pb_ds/trie_policy.hpp", "/usr/include/c++/14/ext/pod_char_traits.h", "/usr/include/c++/14/ext/pointer.h", "/usr/include/c++/14/ext/pool_allocator.h", "/usr/include/c++/14/ext/random", "/usr/include/c++/14/ext/random.tcc", "/usr/include/c++/14/ext/rb_tree", "/usr/include/c++/14/ext/rc_string_base.h", "/usr/include/c++/14/ext/rope", "/usr/include/c++/14/ext/ropeimpl.h", "/usr/include/c++/14/ext/slist", "/usr/include/c++/14/ext/sso_string_base.h", "/usr/include/c++/14/ext/stdio_filebuf.h", "/usr/include/c++/14/ext/stdio_sync_filebuf.h", "/usr/include/c++/14/ext/string_conversions.h", "/usr/include/c++/14/ext/throw_allocator.h", "/usr/include/c++/14/ext/type_traits.h", "/usr/include/c++/14/ext/typelist.h", "/usr/include/c++/14/ext/vstring.h", "/usr/include/c++/14/ext/vstring.tcc", "/usr/include/c++/14/ext/vstring_fwd.h", "/usr/include/c++/14/ext/vstring_util.h", "/usr/include/c++/14/fenv.h", "/usr/include/c++/14/filesystem", "/usr/include/c++/14/format", "/usr/include/c++/14/forward_list", "/usr/include/c++/14/fstream", "/usr/include/c++/14/functional", "/usr/include/c++/14/future", "/usr/include/c++/14/generator", "/usr/include/c++/14/initializer_list", "/usr/include/c++/14/iomanip", "/usr/include/c++/14/ios", "/usr/include/c++/14/iosfwd", "/usr/include/c++/14/iostream", "/usr/include/c++/14/istream", "/usr/include/c++/14/iterator", "/usr/include/c++/14/latch", "/usr/include/c++/14/limits", "/usr/include/c++/14/list", "/usr/include/c++/14/locale", "/usr/include/c++/14/map", "/usr/include/c++/14/math.h", "/usr/include/c++/14/memory", "/usr/include/c++/14/memory_resource", "/usr/include/c++/14/mutex", "/usr/include/c++/14/new", "/usr/include/c++/14/numbers", "/usr/include/c++/14/numeric", "/usr/include/c++/14/optional", "/usr/include/c++/14/ostream", "/usr/include/c++/14/parallel/algo.h", "/usr/include/c++/14/parallel/algobase.h", "/usr/include/c++/14/parallel/algorithm", "/usr/include/c++/14/parallel/algorithmfwd.h", "/usr/include/c++/14/parallel/balanced_quicksort.h", "/usr/include/c++/14/parallel/base.h", "/usr/include/c++/14/parallel/basic_iterator.h", "/usr/include/c++/14/parallel/checkers.h", "/usr/include/c++/14/parallel/compatibility.h", "/usr/include/c++/14/parallel/compiletime_settings.h", "/usr/include/c++/14/parallel/equally_split.h", "/usr/include/c++/14/parallel/features.h", "/usr/include/c++/14/parallel/find.h", "/usr/include/c++/14/parallel/find_selectors.h", "/usr/include/c++/14/parallel/for_each.h", "/usr/include/c++/14/parallel/for_each_selectors.h", "/usr/include/c++/14/parallel/iterator.h", "/usr/include/c++/14/parallel/list_partition.h", "/usr/include/c++/14/parallel/losertree.h", "/usr/include/c++/14/parallel/merge.h", "/usr/include/c++/14/parallel/multiseq_selection.h", "/usr/include/c++/14/parallel/multiway_merge.h", "/usr/include/c++/14/parallel/multiway_mergesort.h", "/usr/include/c++/14/parallel/numeric", "/usr/include/c++/14/parallel/numericfwd.h", "/usr/include/c++/14/parallel/omp_loop.h", "/usr/include/c++/14/parallel/omp_loop_static.h", "/usr/include/c++/14/parallel/par_loop.h", "/usr/include/c++/14/parallel/parallel.h", "/usr/include/c++/14/parallel/partial_sum.h", "/usr/include/c++/14/parallel/partition.h", "/usr/include/c++/14/parallel/queue.h", "/usr/include/c++/14/parallel/quicksort.h", "/usr/include/c++/14/parallel/random_number.h", "/usr/include/c++/14/parallel/random_shuffle.h", "/usr/include/c++/14/parallel/search.h", "/usr/include/c++/14/parallel/set_operations.h", "/usr/include/c++/14/parallel/settings.h", "/usr/include/c++/14/parallel/sort.h", "/usr/include/c++/14/parallel/tags.h", "/usr/include/c++/14/parallel/types.h", "/usr/include/c++/14/parallel/unique_copy.h", "/usr/include/c++/14/parallel/workstealing.h", "/usr/include/c++/14/print", "/usr/include/c++/14/pstl/algorithm_fwd.h", "/usr/include/c++/14/pstl/algorithm_impl.h", "/usr/include/c++/14/pstl/execution_defs.h", "/usr/include/c++/14/pstl/execution_impl.h", "/usr/include/c++/14/pstl/glue_algorithm_defs.h", "/usr/include/c++/14/pstl/glue_algorithm_impl.h", "/usr/include/c++/14/pstl/glue_execution_defs.h", "/usr/include/c++/14/pstl/glue_memory_defs.h", "/usr/include/c++/14/pstl/glue_memory_impl.h", "/usr/include/c++/14/pstl/glue_numeric_defs.h", "/usr/include/c++/14/pstl/glue_numeric_impl.h", "/usr/include/c++/14/pstl/memory_impl.h", "/usr/include/c++/14/pstl/numeric_fwd.h", "/usr/include/c++/14/pstl/numeric_impl.h", "/usr/include/c++/14/pstl/parallel_backend.h", "/usr/include/c++/14/pstl/parallel_backend_serial.h", "/usr/include/c++/14/pstl/parallel_backend_tbb.h", "/usr/include/c++/14/pstl/parallel_backend_utils.h", "/usr/include/c++/14/pstl/parallel_impl.h", "/usr/include/c++/14/pstl/pstl_config.h", "/usr/include/c++/14/pstl/unseq_backend_simd.h", "/usr/include/c++/14/pstl/utils.h", "/usr/include/c++/14/queue", "/usr/include/c++/14/random", "/usr/include/c++/14/ranges", "/usr/include/c++/14/ratio", "/usr/include/c++/14/regex", "/usr/include/c++/14/scoped_allocator", "/usr/include/c++/14/semaphore", "/usr/include/c++/14/set", "/usr/include/c++/14/shared_mutex", "/usr/include/c++/14/source_location", "/usr/include/c++/14/span", "/usr/include/c++/14/spanstream", "/usr/include/c++/14/sstream", "/usr/include/c++/14/stack", "/usr/include/c++/14/stacktrace", "/usr/include/c++/14/stdatomic.h", "/usr/include/c++/14/stdexcept", "/usr/include/c++/14/stdfloat", "/usr/include/c++/14/stdlib.h", "/usr/include/c++/14/stop_token", "/usr/include/c++/14/streambuf", "/usr/include/c++/14/string", "/usr/include/c++/14/string_view", "/usr/include/c++/14/syncstream", "/usr/include/c++/14/system_error", "/usr/include/c++/14/text_encoding", "/usr/include/c++/14/tgmath.h", "/usr/include/c++/14/thread", "/usr/include/c++/14/tr1/array", "/usr/include/c++/14/tr1/bessel_function.tcc", "/usr/include/c++/14/tr1/beta_function.tcc", "/usr/include/c++/14/tr1/ccomplex", "/usr/include/c++/14/tr1/cctype", "/usr/include/c++/14/tr1/cfenv", "/usr/include/c++/14/tr1/cfloat", "/usr/include/c++/14/tr1/cinttypes", "/usr/include/c++/14/tr1/climits", "/usr/include/c++/14/tr1/cmath", "/usr/include/c++/14/tr1/complex", "/usr/include/c++/14/tr1/complex.h", "/usr/include/c++/14/tr1/cstdarg", "/usr/include/c++/14/tr1/cstdbool", "/usr/include/c++/14/tr1/cstdint", "/usr/include/c++/14/tr1/cstdio", "/usr/include/c++/14/tr1/cstdlib", "/usr/include/c++/14/tr1/ctgmath", "/usr/include/c++/14/tr1/ctime", "/usr/include/c++/14/tr1/ctype.h", "/usr/include/c++/14/tr1/cwchar", "/usr/include/c++/14/tr1/cwctype", "/usr/include/c++/14/tr1/ell_integral.tcc", "/usr/include/c++/14/tr1/exp_integral.tcc", "/usr/include/c++/14/tr1/fenv.h", "/usr/include/c++/14/tr1/float.h", "/usr/include/c++/14/tr1/functional", "/usr/include/c++/14/tr1/functional_hash.h", "/usr/include/c++/14/tr1/gamma.tcc", "/usr/include/c++/14/tr1/hashtable.h", "/usr/include/c++/14/tr1/hashtable_policy.h", "/usr/include/c++/14/tr1/hypergeometric.tcc", "/usr/include/c++/14/tr1/inttypes.h", "/usr/include/c++/14/tr1/legendre_function.tcc", "/usr/include/c++/14/tr1/limits.h", "/usr/include/c++/14/tr1/math.h", "/usr/include/c++/14/tr1/memory", "/usr/include/c++/14/tr1/modified_bessel_func.tcc", "/usr/include/c++/14/tr1/poly_hermite.tcc", "/usr/include/c++/14/tr1/poly_laguerre.tcc", "/usr/include/c++/14/tr1/random", "/usr/include/c++/14/tr1/random.h", "/usr/include/c++/14/tr1/random.tcc", "/usr/include/c++/14/tr1/regex", "/usr/include/c++/14/tr1/riemann_zeta.tcc", "/usr/include/c++/14/tr1/shared_ptr.h", "/usr/include/c++/14/tr1/special_function_util.h", "/usr/include/c++/14/tr1/stdarg.h", "/usr/include/c++/14/tr1/stdbool.h", "/usr/include/c++/14/tr1/stdint.h", "/usr/include/c++/14/tr1/stdio.h", "/usr/include/c++/14/tr1/stdlib.h", "/usr/include/c++/14/tr1/tgmath.h", "/usr/include/c++/14/tr1/tuple", "/usr/include/c++/14/tr1/type_traits", "/usr/include/c++/14/tr1/unordered_map", "/usr/include/c++/14/tr1/unordered_map.h", "/usr/include/c++/14/tr1/unordered_set", "/usr/include/c++/14/tr1/unordered_set.h", "/usr/include/c++/14/tr1/utility", "/usr/include/c++/14/tr1/wchar.h", "/usr/include/c++/14/tr1/wctype.h", "/usr/include/c++/14/tr2/bool_set", "/usr/include/c++/14/tr2/bool_set.tcc", "/usr/include/c++/14/tr2/dynamic_bitset", "/usr/include/c++/14/tr2/dynamic_bitset.tcc", "/usr/include/c++/14/tr2/ratio", "/usr/include/c++/14/tr2/type_traits", "/usr/include/c++/14/tuple", "/usr/include/c++/14/type_traits", "/usr/include/c++/14/typeindex", "/usr/include/c++/14/typeinfo", "/usr/include/c++/14/unordered_map", "/usr/include/c++/14/unordered_set", "/usr/include/c++/14/utility", "/usr/include/c++/14/valarray", "/usr/include/c++/14/variant", "/usr/include/c++/14/vector", "/usr/include/c++/14/version", "/usr/include/x86_64-linux-gnu/c++/14/bits/atomic_word.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/basic_file.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/c++allocator.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/c++config.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/c++io.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/c++locale.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/cpu_defines.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/ctype_base.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/ctype_inline.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/cxxabi_tweaks.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/error_constants.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/extc++.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/gthr-default.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/gthr-posix.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/gthr-single.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/gthr.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/messages_members.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/opt_random.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/os_defines.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/stdc++.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/stdtr1c++.h", "/usr/include/x86_64-linux-gnu/c++/14/bits/time_members.h", "/usr/include/x86_64-linux-gnu/c++/14/ext/opt_random.h", "/usr/lib/gcc/x86_64-linux-gnu/14/libstdc++.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libstdc++exp.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libstdc++fs.a", "/usr/lib/gcc/x86_64-linux-gnu/14/libsupc++.a", "/usr/share/doc/gcc-14-base/C++/README.libstdc++-baseline.amd64", "/usr/share/doc/gcc-14-base/C++/changelog.libstdc++.gz", "/usr/share/doc/gcc-14-base/C++/libstdc++_symbols.txt.amd64" ] }, { "ID": "libstdc++6@14.2.0-19", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "a2daa0680bfc657d" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgcc-s1@14.2.0-19" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" ] }, { "ID": "libsystemd0@257.8-1~deb13u2", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/debian/libsystemd0@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "b19608333503a8c4" }, "Version": "257.8", "Release": "1~deb13u2", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.8", "SrcRelease": "1~deb13u2", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libcap2@1:2.75-10+b1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "/usr/share/doc/libsystemd0/NEWS.Debian.gz", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ] }, { "ID": "libtinfo6@6.5+20250216-2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.1", "UID": "39109c87ce11f4ff" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/changelog.gz", "/usr/share/doc/libtinfo6/copyright" ] }, { "ID": "libtsan2@14.2.0-19", "Name": "libtsan2", "Identifier": { "PURL": "pkg:deb/debian/libtsan2@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "49c14c092690adf4" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgcc-s1@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtsan.so.2.0.0", "/usr/share/lintian/overrides/libtsan2" ] }, { "ID": "libubsan1@14.2.0-19", "Name": "libubsan1", "Identifier": { "PURL": "pkg:deb/debian/libubsan1@14.2.0-19?arch=amd64\u0026distro=debian-13.1", "UID": "d4f560ce50284ef7" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12", "libgcc-s1@14.2.0-19", "libstdc++6@14.2.0-19" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0", "/usr/share/lintian/overrides/libubsan1" ] }, { "ID": "libudev1@257.8-1~deb13u2", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/debian/libudev1@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "1a4e2b5bbb145a62" }, "Version": "257.8", "Release": "1~deb13u2", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.8", "SrcRelease": "1~deb13u2", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "DependsOn": [ "libc6@2.41-12", "libcap2@1:2.75-10+b1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", "/usr/share/doc/libudev1/NEWS.Debian.gz", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ] }, { "ID": "libuuid1@2.41-5", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "e68ae51900aac46d" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/NEWS.Debian.gz", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/changelog.gz", "/usr/share/doc/libuuid1/copyright" ] }, { "ID": "libxxhash0@0.8.3-2", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.1", "UID": "ff44a1ed58690c52" }, "Version": "0.8.3", "Release": "2", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.3", "SrcRelease": "2", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", "/usr/share/doc/libxxhash0/changelog.Debian.gz", "/usr/share/doc/libxxhash0/changelog.gz", "/usr/share/doc/libxxhash0/copyright" ] }, { "ID": "libzstd1@1.5.7+dfsg-1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.1", "UID": "6ca892087d90a628" }, "Version": "1.5.7+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.5.7+dfsg", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/changelog.gz", "/usr/share/doc/libzstd1/copyright" ] }, { "ID": "linux-libc-dev@6.12.48-1", "Name": "linux-libc-dev", "Identifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "Version": "6.12.48", "Release": "1", "Arch": "all", "SrcName": "linux", "SrcVersion": "6.12.48", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "GPL-2+-or-X11", "Unicode-data", "Xen-interface", "LGPL-2.1-only", "BSD-2-Clause" ], "Maintainer": "Debian Kernel Team \u003cdebian-kernel@lists.debian.org\u003e", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/include/asm-generic/auxvec.h", "/usr/include/asm-generic/bitsperlong.h", "/usr/include/asm-generic/bpf_perf_event.h", "/usr/include/asm-generic/errno-base.h", "/usr/include/asm-generic/errno.h", "/usr/include/asm-generic/fcntl.h", "/usr/include/asm-generic/hugetlb_encode.h", "/usr/include/asm-generic/int-l64.h", "/usr/include/asm-generic/int-ll64.h", "/usr/include/asm-generic/ioctl.h", "/usr/include/asm-generic/ioctls.h", "/usr/include/asm-generic/ipcbuf.h", "/usr/include/asm-generic/kvm_para.h", "/usr/include/asm-generic/mman-common.h", "/usr/include/asm-generic/mman.h", "/usr/include/asm-generic/msgbuf.h", "/usr/include/asm-generic/param.h", "/usr/include/asm-generic/poll.h", "/usr/include/asm-generic/posix_types.h", "/usr/include/asm-generic/resource.h", "/usr/include/asm-generic/sembuf.h", "/usr/include/asm-generic/setup.h", "/usr/include/asm-generic/shmbuf.h", "/usr/include/asm-generic/siginfo.h", "/usr/include/asm-generic/signal-defs.h", "/usr/include/asm-generic/signal.h", "/usr/include/asm-generic/socket.h", "/usr/include/asm-generic/sockios.h", "/usr/include/asm-generic/stat.h", "/usr/include/asm-generic/statfs.h", "/usr/include/asm-generic/swab.h", "/usr/include/asm-generic/termbits-common.h", "/usr/include/asm-generic/termbits.h", "/usr/include/asm-generic/termios.h", "/usr/include/asm-generic/types.h", "/usr/include/asm-generic/ucontext.h", "/usr/include/asm-generic/unistd.h", "/usr/include/drm/amdgpu_drm.h", "/usr/include/drm/armada_drm.h", "/usr/include/drm/drm.h", "/usr/include/drm/drm_fourcc.h", "/usr/include/drm/drm_mode.h", "/usr/include/drm/drm_sarea.h", "/usr/include/drm/etnaviv_drm.h", "/usr/include/drm/exynos_drm.h", "/usr/include/drm/habanalabs_accel.h", "/usr/include/drm/i915_drm.h", "/usr/include/drm/ivpu_accel.h", "/usr/include/drm/lima_drm.h", "/usr/include/drm/msm_drm.h", "/usr/include/drm/nouveau_drm.h", "/usr/include/drm/omap_drm.h", "/usr/include/drm/panfrost_drm.h", "/usr/include/drm/panthor_drm.h", "/usr/include/drm/pvr_drm.h", "/usr/include/drm/qaic_accel.h", "/usr/include/drm/qxl_drm.h", "/usr/include/drm/radeon_drm.h", "/usr/include/drm/tegra_drm.h", "/usr/include/drm/v3d_drm.h", "/usr/include/drm/vc4_drm.h", "/usr/include/drm/vgem_drm.h", "/usr/include/drm/virtgpu_drm.h", "/usr/include/drm/vmwgfx_drm.h", "/usr/include/drm/xe_drm.h", "/usr/include/linux/a.out.h", "/usr/include/linux/acct.h", "/usr/include/linux/acrn.h", "/usr/include/linux/adb.h", "/usr/include/linux/adfs_fs.h", "/usr/include/linux/affs_hardblocks.h", "/usr/include/linux/agpgart.h", "/usr/include/linux/aio_abi.h", "/usr/include/linux/am437x-vpfe.h", "/usr/include/linux/amt.h", "/usr/include/linux/android/binder.h", "/usr/include/linux/android/binderfs.h", "/usr/include/linux/apm_bios.h", "/usr/include/linux/arcfb.h", "/usr/include/linux/arm_sdei.h", "/usr/include/linux/aspeed-lpc-ctrl.h", "/usr/include/linux/aspeed-p2a-ctrl.h", "/usr/include/linux/aspeed-video.h", "/usr/include/linux/atalk.h", "/usr/include/linux/atm.h", "/usr/include/linux/atm_eni.h", "/usr/include/linux/atm_he.h", "/usr/include/linux/atm_idt77105.h", "/usr/include/linux/atm_nicstar.h", "/usr/include/linux/atm_tcp.h", "/usr/include/linux/atm_zatm.h", "/usr/include/linux/atmapi.h", "/usr/include/linux/atmarp.h", "/usr/include/linux/atmbr2684.h", "/usr/include/linux/atmclip.h", "/usr/include/linux/atmdev.h", "/usr/include/linux/atmioc.h", "/usr/include/linux/atmlec.h", "/usr/include/linux/atmmpc.h", "/usr/include/linux/atmppp.h", "/usr/include/linux/atmsap.h", "/usr/include/linux/atmsvc.h", "/usr/include/linux/audit.h", "/usr/include/linux/auto_dev-ioctl.h", "/usr/include/linux/auto_fs.h", "/usr/include/linux/auto_fs4.h", "/usr/include/linux/auxvec.h", "/usr/include/linux/ax25.h", "/usr/include/linux/batadv_packet.h", "/usr/include/linux/batman_adv.h", "/usr/include/linux/baycom.h", "/usr/include/linux/bcm933xx_hcs.h", "/usr/include/linux/bfs_fs.h", "/usr/include/linux/binfmts.h", "/usr/include/linux/bits.h", "/usr/include/linux/blkdev.h", "/usr/include/linux/blkpg.h", "/usr/include/linux/blktrace_api.h", "/usr/include/linux/blkzoned.h", "/usr/include/linux/bpf.h", "/usr/include/linux/bpf_common.h", "/usr/include/linux/bpf_perf_event.h", "/usr/include/linux/bpqether.h", "/usr/include/linux/bsg.h", "/usr/include/linux/bt-bmc.h", "/usr/include/linux/btf.h", "/usr/include/linux/btrfs.h", "/usr/include/linux/btrfs_tree.h", "/usr/include/linux/byteorder/big_endian.h", "/usr/include/linux/byteorder/little_endian.h", "/usr/include/linux/cachefiles.h", "/usr/include/linux/caif/caif_socket.h", "/usr/include/linux/caif/if_caif.h", "/usr/include/linux/can.h", "/usr/include/linux/can/bcm.h", "/usr/include/linux/can/error.h", "/usr/include/linux/can/gw.h", "/usr/include/linux/can/isotp.h", "/usr/include/linux/can/j1939.h", "/usr/include/linux/can/netlink.h", "/usr/include/linux/can/raw.h", "/usr/include/linux/can/vxcan.h", "/usr/include/linux/capability.h", "/usr/include/linux/capi.h", "/usr/include/linux/cciss_defs.h", "/usr/include/linux/cciss_ioctl.h", "/usr/include/linux/ccs.h", "/usr/include/linux/cdrom.h", "/usr/include/linux/cec-funcs.h", "/usr/include/linux/cec.h", "/usr/include/linux/cfm_bridge.h", "/usr/include/linux/cgroupstats.h", "/usr/include/linux/chio.h", "/usr/include/linux/cifs/cifs_mount.h", "/usr/include/linux/cifs/cifs_netlink.h", "/usr/include/linux/close_range.h", "/usr/include/linux/cn_proc.h", "/usr/include/linux/coda.h", "/usr/include/linux/coff.h", "/usr/include/linux/comedi.h", "/usr/include/linux/connector.h", "/usr/include/linux/const.h", "/usr/include/linux/coresight-stm.h", "/usr/include/linux/counter.h", "/usr/include/linux/cramfs_fs.h", "/usr/include/linux/cryptouser.h", "/usr/include/linux/cuda.h", "/usr/include/linux/cxl_mem.h", "/usr/include/linux/cyclades.h", "/usr/include/linux/cycx_cfm.h", "/usr/include/linux/dcbnl.h", "/usr/include/linux/dccp.h", "/usr/include/linux/devlink.h", "/usr/include/linux/dlm.h", "/usr/include/linux/dlm_device.h", "/usr/include/linux/dlm_plock.h", "/usr/include/linux/dlmconstants.h", "/usr/include/linux/dm-ioctl.h", "/usr/include/linux/dm-log-userspace.h", "/usr/include/linux/dma-buf.h", "/usr/include/linux/dma-heap.h", "/usr/include/linux/dns_resolver.h", "/usr/include/linux/dpll.h", "/usr/include/linux/dqblk_xfs.h", "/usr/include/linux/dvb/audio.h", "/usr/include/linux/dvb/ca.h", "/usr/include/linux/dvb/dmx.h", "/usr/include/linux/dvb/frontend.h", "/usr/include/linux/dvb/net.h", "/usr/include/linux/dvb/osd.h", "/usr/include/linux/dvb/version.h", "/usr/include/linux/dvb/video.h", "/usr/include/linux/dw100.h", "/usr/include/linux/edd.h", "/usr/include/linux/efs_fs_sb.h", "/usr/include/linux/elf-em.h", "/usr/include/linux/elf-fdpic.h", "/usr/include/linux/elf.h", "/usr/include/linux/errno.h", "/usr/include/linux/errqueue.h", "/usr/include/linux/erspan.h", "/usr/include/linux/ethtool.h", "/usr/include/linux/ethtool_netlink.h", "/usr/include/linux/eventfd.h", "/usr/include/linux/eventpoll.h", "/usr/include/linux/exfat.h", "/usr/include/linux/ext4.h", "/usr/include/linux/f2fs.h", "/usr/include/linux/fadvise.h", "/usr/include/linux/falloc.h", "/usr/include/linux/fanotify.h", "/usr/include/linux/fb.h", "/usr/include/linux/fcntl.h", "/usr/include/linux/fd.h", "/usr/include/linux/fdreg.h", "/usr/include/linux/fib_rules.h", "/usr/include/linux/fiemap.h", "/usr/include/linux/filter.h", "/usr/include/linux/firewire-cdev.h", "/usr/include/linux/firewire-constants.h", "/usr/include/linux/fou.h", "/usr/include/linux/fpga-dfl.h", "/usr/include/linux/fs.h", "/usr/include/linux/fscrypt.h", "/usr/include/linux/fsi.h", "/usr/include/linux/fsl_hypervisor.h", "/usr/include/linux/fsl_mc.h", "/usr/include/linux/fsmap.h", "/usr/include/linux/fsverity.h", "/usr/include/linux/fuse.h", "/usr/include/linux/futex.h", "/usr/include/linux/gameport.h", "/usr/include/linux/gen_stats.h", "/usr/include/linux/genetlink.h", "/usr/include/linux/genwqe/genwqe_card.h", "/usr/include/linux/gfs2_ondisk.h", "/usr/include/linux/gpio.h", "/usr/include/linux/gsmmux.h", "/usr/include/linux/gtp.h", "/usr/include/linux/handshake.h", "/usr/include/linux/hash_info.h", "/usr/include/linux/hdlc.h", "/usr/include/linux/hdlc/ioctl.h", "/usr/include/linux/hdlcdrv.h", "/usr/include/linux/hdreg.h", "/usr/include/linux/hid.h", "/usr/include/linux/hiddev.h", "/usr/include/linux/hidraw.h", "/usr/include/linux/hpet.h", "/usr/include/linux/hsi/cs-protocol.h", "/usr/include/linux/hsi/hsi_char.h", "/usr/include/linux/hsr_netlink.h", "/usr/include/linux/hw_breakpoint.h", "/usr/include/linux/hyperv.h", "/usr/include/linux/i2c-dev.h", "/usr/include/linux/i2c.h", "/usr/include/linux/i2o-dev.h", "/usr/include/linux/i8k.h", "/usr/include/linux/icmp.h", "/usr/include/linux/icmpv6.h", "/usr/include/linux/idxd.h", "/usr/include/linux/if.h", "/usr/include/linux/if_addr.h", "/usr/include/linux/if_addrlabel.h", "/usr/include/linux/if_alg.h", "/usr/include/linux/if_arcnet.h", "/usr/include/linux/if_arp.h", "/usr/include/linux/if_bonding.h", "/usr/include/linux/if_bridge.h", "/usr/include/linux/if_cablemodem.h", "/usr/include/linux/if_eql.h", "/usr/include/linux/if_ether.h", "/usr/include/linux/if_fc.h", "/usr/include/linux/if_fddi.h", "/usr/include/linux/if_hippi.h", "/usr/include/linux/if_infiniband.h", "/usr/include/linux/if_link.h", "/usr/include/linux/if_ltalk.h", "/usr/include/linux/if_macsec.h", "/usr/include/linux/if_packet.h", "/usr/include/linux/if_phonet.h", "/usr/include/linux/if_plip.h", "/usr/include/linux/if_ppp.h", "/usr/include/linux/if_pppol2tp.h", "/usr/include/linux/if_pppox.h", "/usr/include/linux/if_slip.h", "/usr/include/linux/if_team.h", "/usr/include/linux/if_tun.h", "/usr/include/linux/if_tunnel.h", "/usr/include/linux/if_vlan.h", "/usr/include/linux/if_x25.h", "/usr/include/linux/if_xdp.h", "/usr/include/linux/ife.h", "/usr/include/linux/igmp.h", "/usr/include/linux/iio/buffer.h", "/usr/include/linux/iio/events.h", "/usr/include/linux/iio/types.h", "/usr/include/linux/ila.h", "/usr/include/linux/in.h", "/usr/include/linux/in6.h", "/usr/include/linux/in_route.h", "/usr/include/linux/inet_diag.h", "/usr/include/linux/inotify.h", "/usr/include/linux/input-event-codes.h", "/usr/include/linux/input.h", "/usr/include/linux/io_uring.h", "/usr/include/linux/ioam6.h", "/usr/include/linux/ioam6_genl.h", "/usr/include/linux/ioam6_iptunnel.h", "/usr/include/linux/ioctl.h", "/usr/include/linux/iommufd.h", "/usr/include/linux/ioprio.h", "/usr/include/linux/ip.h", "/usr/include/linux/ip6_tunnel.h", "/usr/include/linux/ip_vs.h", "/usr/include/linux/ipc.h", "/usr/include/linux/ipmi.h", "/usr/include/linux/ipmi_bmc.h", "/usr/include/linux/ipmi_msgdefs.h", "/usr/include/linux/ipmi_ssif_bmc.h", "/usr/include/linux/ipsec.h", "/usr/include/linux/ipv6.h", "/usr/include/linux/ipv6_route.h", "/usr/include/linux/irqnr.h", "/usr/include/linux/isdn/capicmd.h", "/usr/include/linux/iso_fs.h", "/usr/include/linux/isst_if.h", "/usr/include/linux/ivtv.h", "/usr/include/linux/ivtvfb.h", "/usr/include/linux/jffs2.h", "/usr/include/linux/joystick.h", "/usr/include/linux/kcm.h", "/usr/include/linux/kcmp.h", "/usr/include/linux/kcov.h", "/usr/include/linux/kd.h", "/usr/include/linux/kdev_t.h", "/usr/include/linux/kernel-page-flags.h", "/usr/include/linux/kernel.h", "/usr/include/linux/kernelcapi.h", "/usr/include/linux/kexec.h", "/usr/include/linux/keyboard.h", "/usr/include/linux/keyctl.h", "/usr/include/linux/kfd_ioctl.h", "/usr/include/linux/kfd_sysfs.h", "/usr/include/linux/kvm.h", "/usr/include/linux/kvm_para.h", "/usr/include/linux/l2tp.h", "/usr/include/linux/landlock.h", "/usr/include/linux/libc-compat.h", "/usr/include/linux/limits.h", "/usr/include/linux/lirc.h", "/usr/include/linux/llc.h", "/usr/include/linux/loadpin.h", "/usr/include/linux/loop.h", "/usr/include/linux/lp.h", "/usr/include/linux/lsm.h", "/usr/include/linux/lwtunnel.h", "/usr/include/linux/magic.h", "/usr/include/linux/major.h", "/usr/include/linux/map_to_14segment.h", "/usr/include/linux/map_to_7segment.h", "/usr/include/linux/matroxfb.h", "/usr/include/linux/max2175.h", "/usr/include/linux/mctp.h", "/usr/include/linux/mdio.h", "/usr/include/linux/media-bus-format.h", "/usr/include/linux/media.h", "/usr/include/linux/media/raspberrypi/pisp_be_config.h", "/usr/include/linux/media/raspberrypi/pisp_common.h", "/usr/include/linux/mei.h", "/usr/include/linux/mei_uuid.h", "/usr/include/linux/membarrier.h", "/usr/include/linux/memfd.h", "/usr/include/linux/mempolicy.h", "/usr/include/linux/mii.h", "/usr/include/linux/minix_fs.h", "/usr/include/linux/misc/bcm_vk.h", "/usr/include/linux/mman.h", "/usr/include/linux/mmc/ioctl.h", "/usr/include/linux/mmtimer.h", "/usr/include/linux/module.h", "/usr/include/linux/mount.h", "/usr/include/linux/mpls.h", "/usr/include/linux/mpls_iptunnel.h", "/usr/include/linux/mptcp.h", "/usr/include/linux/mptcp_pm.h", "/usr/include/linux/mqueue.h", "/usr/include/linux/mroute.h", "/usr/include/linux/mroute6.h", "/usr/include/linux/mrp_bridge.h", "/usr/include/linux/msdos_fs.h", "/usr/include/linux/msg.h", "/usr/include/linux/mtio.h", "/usr/include/linux/nbd-netlink.h", "/usr/include/linux/nbd.h", "/usr/include/linux/ncsi.h", "/usr/include/linux/ndctl.h", "/usr/include/linux/neighbour.h", "/usr/include/linux/net.h", "/usr/include/linux/net_dropmon.h", "/usr/include/linux/net_namespace.h", "/usr/include/linux/net_tstamp.h", "/usr/include/linux/netconf.h", "/usr/include/linux/netdev.h", "/usr/include/linux/netdevice.h", "/usr/include/linux/netfilter.h", "/usr/include/linux/netfilter/ipset/ip_set.h", "/usr/include/linux/netfilter/ipset/ip_set_bitmap.h", "/usr/include/linux/netfilter/ipset/ip_set_hash.h", "/usr/include/linux/netfilter/ipset/ip_set_list.h", "/usr/include/linux/netfilter/nf_conntrack_common.h", "/usr/include/linux/netfilter/nf_conntrack_ftp.h", "/usr/include/linux/netfilter/nf_conntrack_sctp.h", "/usr/include/linux/netfilter/nf_conntrack_tcp.h", "/usr/include/linux/netfilter/nf_conntrack_tuple_common.h", "/usr/include/linux/netfilter/nf_log.h", "/usr/include/linux/netfilter/nf_nat.h", "/usr/include/linux/netfilter/nf_synproxy.h", "/usr/include/linux/netfilter/nf_tables.h", "/usr/include/linux/netfilter/nf_tables_compat.h", "/usr/include/linux/netfilter/nfnetlink.h", "/usr/include/linux/netfilter/nfnetlink_acct.h", "/usr/include/linux/netfilter/nfnetlink_compat.h", "/usr/include/linux/netfilter/nfnetlink_conntrack.h", "/usr/include/linux/netfilter/nfnetlink_cthelper.h", "/usr/include/linux/netfilter/nfnetlink_cttimeout.h", "/usr/include/linux/netfilter/nfnetlink_hook.h", "/usr/include/linux/netfilter/nfnetlink_log.h", "/usr/include/linux/netfilter/nfnetlink_osf.h", "/usr/include/linux/netfilter/nfnetlink_queue.h", "/usr/include/linux/netfilter/x_tables.h", "/usr/include/linux/netfilter/xt_AUDIT.h", "/usr/include/linux/netfilter/xt_CHECKSUM.h", "/usr/include/linux/netfilter/xt_CLASSIFY.h", "/usr/include/linux/netfilter/xt_CONNMARK.h", "/usr/include/linux/netfilter/xt_CONNSECMARK.h", "/usr/include/linux/netfilter/xt_CT.h", "/usr/include/linux/netfilter/xt_DSCP.h", "/usr/include/linux/netfilter/xt_HMARK.h", "/usr/include/linux/netfilter/xt_IDLETIMER.h", "/usr/include/linux/netfilter/xt_LED.h", "/usr/include/linux/netfilter/xt_LOG.h", "/usr/include/linux/netfilter/xt_MARK.h", "/usr/include/linux/netfilter/xt_NFLOG.h", "/usr/include/linux/netfilter/xt_NFQUEUE.h", "/usr/include/linux/netfilter/xt_RATEEST.h", "/usr/include/linux/netfilter/xt_SECMARK.h", "/usr/include/linux/netfilter/xt_SYNPROXY.h", "/usr/include/linux/netfilter/xt_TCPMSS.h", "/usr/include/linux/netfilter/xt_TCPOPTSTRIP.h", "/usr/include/linux/netfilter/xt_TEE.h", "/usr/include/linux/netfilter/xt_TPROXY.h", "/usr/include/linux/netfilter/xt_addrtype.h", "/usr/include/linux/netfilter/xt_bpf.h", "/usr/include/linux/netfilter/xt_cgroup.h", "/usr/include/linux/netfilter/xt_cluster.h", "/usr/include/linux/netfilter/xt_comment.h", "/usr/include/linux/netfilter/xt_connbytes.h", "/usr/include/linux/netfilter/xt_connlabel.h", "/usr/include/linux/netfilter/xt_connlimit.h", "/usr/include/linux/netfilter/xt_connmark.h", "/usr/include/linux/netfilter/xt_conntrack.h", "/usr/include/linux/netfilter/xt_cpu.h", "/usr/include/linux/netfilter/xt_dccp.h", "/usr/include/linux/netfilter/xt_devgroup.h", "/usr/include/linux/netfilter/xt_dscp.h", "/usr/include/linux/netfilter/xt_ecn.h", "/usr/include/linux/netfilter/xt_esp.h", "/usr/include/linux/netfilter/xt_hashlimit.h", "/usr/include/linux/netfilter/xt_helper.h", "/usr/include/linux/netfilter/xt_ipcomp.h", "/usr/include/linux/netfilter/xt_iprange.h", "/usr/include/linux/netfilter/xt_ipvs.h", "/usr/include/linux/netfilter/xt_l2tp.h", "/usr/include/linux/netfilter/xt_length.h", "/usr/include/linux/netfilter/xt_limit.h", "/usr/include/linux/netfilter/xt_mac.h", "/usr/include/linux/netfilter/xt_mark.h", "/usr/include/linux/netfilter/xt_multiport.h", "/usr/include/linux/netfilter/xt_nfacct.h", "/usr/include/linux/netfilter/xt_osf.h", "/usr/include/linux/netfilter/xt_owner.h", "/usr/include/linux/netfilter/xt_physdev.h", "/usr/include/linux/netfilter/xt_pkttype.h", "/usr/include/linux/netfilter/xt_policy.h", "/usr/include/linux/netfilter/xt_quota.h", "/usr/include/linux/netfilter/xt_rateest.h", "/usr/include/linux/netfilter/xt_realm.h", "/usr/include/linux/netfilter/xt_recent.h", "/usr/include/linux/netfilter/xt_rpfilter.h", "/usr/include/linux/netfilter/xt_sctp.h", "/usr/include/linux/netfilter/xt_set.h", "/usr/include/linux/netfilter/xt_socket.h", "/usr/include/linux/netfilter/xt_state.h", "/usr/include/linux/netfilter/xt_statistic.h", "/usr/include/linux/netfilter/xt_string.h", "/usr/include/linux/netfilter/xt_tcpmss.h", "/usr/include/linux/netfilter/xt_tcpudp.h", "/usr/include/linux/netfilter/xt_time.h", "/usr/include/linux/netfilter/xt_u32.h", "/usr/include/linux/netfilter_arp.h", "/usr/include/linux/netfilter_arp/arp_tables.h", "/usr/include/linux/netfilter_arp/arpt_mangle.h", "/usr/include/linux/netfilter_bridge.h", "/usr/include/linux/netfilter_bridge/ebt_802_3.h", "/usr/include/linux/netfilter_bridge/ebt_among.h", "/usr/include/linux/netfilter_bridge/ebt_arp.h", "/usr/include/linux/netfilter_bridge/ebt_arpreply.h", "/usr/include/linux/netfilter_bridge/ebt_ip.h", "/usr/include/linux/netfilter_bridge/ebt_ip6.h", "/usr/include/linux/netfilter_bridge/ebt_limit.h", "/usr/include/linux/netfilter_bridge/ebt_log.h", "/usr/include/linux/netfilter_bridge/ebt_mark_m.h", "/usr/include/linux/netfilter_bridge/ebt_mark_t.h", "/usr/include/linux/netfilter_bridge/ebt_nat.h", "/usr/include/linux/netfilter_bridge/ebt_nflog.h", "/usr/include/linux/netfilter_bridge/ebt_pkttype.h", "/usr/include/linux/netfilter_bridge/ebt_redirect.h", "/usr/include/linux/netfilter_bridge/ebt_stp.h", "/usr/include/linux/netfilter_bridge/ebt_vlan.h", "/usr/include/linux/netfilter_bridge/ebtables.h", "/usr/include/linux/netfilter_ipv4.h", "/usr/include/linux/netfilter_ipv4/ip_tables.h", "/usr/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h", "/usr/include/linux/netfilter_ipv4/ipt_ECN.h", "/usr/include/linux/netfilter_ipv4/ipt_LOG.h", "/usr/include/linux/netfilter_ipv4/ipt_REJECT.h", "/usr/include/linux/netfilter_ipv4/ipt_TTL.h", "/usr/include/linux/netfilter_ipv4/ipt_ah.h", "/usr/include/linux/netfilter_ipv4/ipt_ecn.h", "/usr/include/linux/netfilter_ipv4/ipt_ttl.h", "/usr/include/linux/netfilter_ipv6.h", "/usr/include/linux/netfilter_ipv6/ip6_tables.h", "/usr/include/linux/netfilter_ipv6/ip6t_HL.h", "/usr/include/linux/netfilter_ipv6/ip6t_LOG.h", "/usr/include/linux/netfilter_ipv6/ip6t_NPT.h", "/usr/include/linux/netfilter_ipv6/ip6t_REJECT.h", "/usr/include/linux/netfilter_ipv6/ip6t_ah.h", "/usr/include/linux/netfilter_ipv6/ip6t_frag.h", "/usr/include/linux/netfilter_ipv6/ip6t_hl.h", "/usr/include/linux/netfilter_ipv6/ip6t_ipv6header.h", "/usr/include/linux/netfilter_ipv6/ip6t_mh.h", "/usr/include/linux/netfilter_ipv6/ip6t_opts.h", "/usr/include/linux/netfilter_ipv6/ip6t_rt.h", "/usr/include/linux/netfilter_ipv6/ip6t_srh.h", "/usr/include/linux/netlink.h", "/usr/include/linux/netlink_diag.h", "/usr/include/linux/netrom.h", "/usr/include/linux/nexthop.h", "/usr/include/linux/nfc.h", "/usr/include/linux/nfs.h", "/usr/include/linux/nfs2.h", "/usr/include/linux/nfs3.h", "/usr/include/linux/nfs4.h", "/usr/include/linux/nfs4_mount.h", "/usr/include/linux/nfs_fs.h", "/usr/include/linux/nfs_idmap.h", "/usr/include/linux/nfs_mount.h", "/usr/include/linux/nfsacl.h", "/usr/include/linux/nfsd/cld.h", "/usr/include/linux/nfsd/debug.h", "/usr/include/linux/nfsd/export.h", "/usr/include/linux/nfsd/stats.h", "/usr/include/linux/nfsd_netlink.h", "/usr/include/linux/nilfs2_api.h", "/usr/include/linux/nilfs2_ondisk.h", "/usr/include/linux/nitro_enclaves.h", "/usr/include/linux/nl80211-vnd-intel.h", "/usr/include/linux/nl80211.h", "/usr/include/linux/npcm-video.h", "/usr/include/linux/nsfs.h", "/usr/include/linux/nsm.h", "/usr/include/linux/ntsync.h", "/usr/include/linux/nubus.h", "/usr/include/linux/nvme_ioctl.h", "/usr/include/linux/nvram.h", "/usr/include/linux/omap3isp.h", "/usr/include/linux/omapfb.h", "/usr/include/linux/oom.h", "/usr/include/linux/openat2.h", "/usr/include/linux/openvswitch.h", "/usr/include/linux/packet_diag.h", "/usr/include/linux/papr_pdsm.h", "/usr/include/linux/param.h", "/usr/include/linux/parport.h", "/usr/include/linux/patchkey.h", "/usr/include/linux/pci.h", "/usr/include/linux/pci_regs.h", "/usr/include/linux/pcitest.h", "/usr/include/linux/perf_event.h", "/usr/include/linux/personality.h", "/usr/include/linux/pfkeyv2.h", "/usr/include/linux/pfrut.h", "/usr/include/linux/pg.h", "/usr/include/linux/phantom.h", "/usr/include/linux/phonet.h", "/usr/include/linux/pidfd.h", "/usr/include/linux/pkt_cls.h", "/usr/include/linux/pkt_sched.h", "/usr/include/linux/pktcdvd.h", "/usr/include/linux/pmu.h", "/usr/include/linux/poll.h", "/usr/include/linux/posix_acl.h", "/usr/include/linux/posix_acl_xattr.h", "/usr/include/linux/posix_types.h", "/usr/include/linux/ppdev.h", "/usr/include/linux/ppp-comp.h", "/usr/include/linux/ppp-ioctl.h", "/usr/include/linux/ppp_defs.h", "/usr/include/linux/pps.h", "/usr/include/linux/pr.h", "/usr/include/linux/prctl.h", "/usr/include/linux/psample.h", "/usr/include/linux/psci.h", "/usr/include/linux/psp-dbc.h", "/usr/include/linux/psp-sev.h", "/usr/include/linux/ptp_clock.h", "/usr/include/linux/ptrace.h", "/usr/include/linux/qemu_fw_cfg.h", "/usr/include/linux/qnx4_fs.h", "/usr/include/linux/qnxtypes.h", "/usr/include/linux/qrtr.h", "/usr/include/linux/quota.h", "/usr/include/linux/radeonfb.h", "/usr/include/linux/raid/md_p.h", "/usr/include/linux/raid/md_u.h", "/usr/include/linux/random.h", "/usr/include/linux/rds.h", "/usr/include/linux/reboot.h", "/usr/include/linux/reiserfs_fs.h", "/usr/include/linux/reiserfs_xattr.h", "/usr/include/linux/remoteproc_cdev.h", "/usr/include/linux/resource.h", "/usr/include/linux/rfkill.h", "/usr/include/linux/rio_cm_cdev.h", "/usr/include/linux/rio_mport_cdev.h", "/usr/include/linux/rkisp1-config.h", "/usr/include/linux/romfs_fs.h", "/usr/include/linux/rose.h", "/usr/include/linux/route.h", "/usr/include/linux/rpl.h", "/usr/include/linux/rpl_iptunnel.h", "/usr/include/linux/rpmsg.h", "/usr/include/linux/rpmsg_types.h", "/usr/include/linux/rseq.h", "/usr/include/linux/rtc.h", "/usr/include/linux/rtnetlink.h", "/usr/include/linux/rxrpc.h", "/usr/include/linux/scc.h", "/usr/include/linux/sched.h", "/usr/include/linux/sched/types.h", "/usr/include/linux/scif_ioctl.h", "/usr/include/linux/screen_info.h", "/usr/include/linux/sctp.h", "/usr/include/linux/seccomp.h", "/usr/include/linux/securebits.h", "/usr/include/linux/sed-opal.h", "/usr/include/linux/seg6.h", "/usr/include/linux/seg6_genl.h", "/usr/include/linux/seg6_hmac.h", "/usr/include/linux/seg6_iptunnel.h", "/usr/include/linux/seg6_local.h", "/usr/include/linux/selinux_netlink.h", "/usr/include/linux/sem.h", "/usr/include/linux/serial.h", "/usr/include/linux/serial_core.h", "/usr/include/linux/serial_reg.h", "/usr/include/linux/serio.h", "/usr/include/linux/sev-guest.h", "/usr/include/linux/shm.h", "/usr/include/linux/signal.h", "/usr/include/linux/signalfd.h", "/usr/include/linux/smc.h", "/usr/include/linux/smc_diag.h", "/usr/include/linux/smiapp.h", "/usr/include/linux/snmp.h", "/usr/include/linux/sock_diag.h", "/usr/include/linux/socket.h", "/usr/include/linux/sockios.h", "/usr/include/linux/sonet.h", "/usr/include/linux/sonypi.h", "/usr/include/linux/sound.h", "/usr/include/linux/soundcard.h", "/usr/include/linux/spi/spi.h", "/usr/include/linux/spi/spidev.h", "/usr/include/linux/stat.h", "/usr/include/linux/stddef.h", "/usr/include/linux/stm.h", "/usr/include/linux/string.h", "/usr/include/linux/sunrpc/debug.h", "/usr/include/linux/surface_aggregator/cdev.h", "/usr/include/linux/surface_aggregator/dtx.h", "/usr/include/linux/suspend_ioctls.h", "/usr/include/linux/swab.h", "/usr/include/linux/switchtec_ioctl.h", "/usr/include/linux/sync_file.h", "/usr/include/linux/synclink.h", "/usr/include/linux/sysctl.h", "/usr/include/linux/sysinfo.h", "/usr/include/linux/target_core_user.h", "/usr/include/linux/taskstats.h", "/usr/include/linux/tc_act/tc_bpf.h", "/usr/include/linux/tc_act/tc_connmark.h", "/usr/include/linux/tc_act/tc_csum.h", "/usr/include/linux/tc_act/tc_ct.h", "/usr/include/linux/tc_act/tc_ctinfo.h", "/usr/include/linux/tc_act/tc_defact.h", "/usr/include/linux/tc_act/tc_gact.h", "/usr/include/linux/tc_act/tc_gate.h", "/usr/include/linux/tc_act/tc_ife.h", "/usr/include/linux/tc_act/tc_mirred.h", "/usr/include/linux/tc_act/tc_mpls.h", "/usr/include/linux/tc_act/tc_nat.h", "/usr/include/linux/tc_act/tc_pedit.h", "/usr/include/linux/tc_act/tc_sample.h", "/usr/include/linux/tc_act/tc_skbedit.h", "/usr/include/linux/tc_act/tc_skbmod.h", "/usr/include/linux/tc_act/tc_tunnel_key.h", "/usr/include/linux/tc_act/tc_vlan.h", "/usr/include/linux/tc_ematch/tc_em_cmp.h", "/usr/include/linux/tc_ematch/tc_em_ipt.h", "/usr/include/linux/tc_ematch/tc_em_meta.h", "/usr/include/linux/tc_ematch/tc_em_nbyte.h", "/usr/include/linux/tc_ematch/tc_em_text.h", "/usr/include/linux/tcp.h", "/usr/include/linux/tcp_metrics.h", "/usr/include/linux/tdx-guest.h", "/usr/include/linux/tee.h", "/usr/include/linux/termios.h", "/usr/include/linux/thermal.h", "/usr/include/linux/thp7312.h", "/usr/include/linux/time.h", "/usr/include/linux/time_types.h", "/usr/include/linux/timerfd.h", "/usr/include/linux/times.h", "/usr/include/linux/timex.h", "/usr/include/linux/tiocl.h", "/usr/include/linux/tipc.h", "/usr/include/linux/tipc_config.h", "/usr/include/linux/tipc_netlink.h", "/usr/include/linux/tipc_sockets_diag.h", "/usr/include/linux/tls.h", "/usr/include/linux/toshiba.h", "/usr/include/linux/tps6594_pfsm.h", "/usr/include/linux/trace_mmap.h", "/usr/include/linux/tty.h", "/usr/include/linux/tty_flags.h", "/usr/include/linux/types.h", "/usr/include/linux/ublk_cmd.h", "/usr/include/linux/udf_fs_i.h", "/usr/include/linux/udmabuf.h", "/usr/include/linux/udp.h", "/usr/include/linux/uhid.h", "/usr/include/linux/uinput.h", "/usr/include/linux/uio.h", "/usr/include/linux/uleds.h", "/usr/include/linux/ultrasound.h", "/usr/include/linux/um_timetravel.h", "/usr/include/linux/un.h", "/usr/include/linux/unistd.h", "/usr/include/linux/unix_diag.h", "/usr/include/linux/usb/audio.h", "/usr/include/linux/usb/cdc-wdm.h", "/usr/include/linux/usb/cdc.h", "/usr/include/linux/usb/ch11.h", "/usr/include/linux/usb/ch9.h", "/usr/include/linux/usb/charger.h", "/usr/include/linux/usb/functionfs.h", "/usr/include/linux/usb/g_hid.h", "/usr/include/linux/usb/g_printer.h", "/usr/include/linux/usb/g_uvc.h", "/usr/include/linux/usb/gadgetfs.h", "/usr/include/linux/usb/midi.h", "/usr/include/linux/usb/raw_gadget.h", "/usr/include/linux/usb/tmc.h", "/usr/include/linux/usb/video.h", "/usr/include/linux/usbdevice_fs.h", "/usr/include/linux/usbip.h", "/usr/include/linux/user_events.h", "/usr/include/linux/userfaultfd.h", "/usr/include/linux/userio.h", "/usr/include/linux/utime.h", "/usr/include/linux/utsname.h", "/usr/include/linux/uuid.h", "/usr/include/linux/uvcvideo.h", "/usr/include/linux/v4l2-common.h", "/usr/include/linux/v4l2-controls.h", "/usr/include/linux/v4l2-dv-timings.h", "/usr/include/linux/v4l2-mediabus.h", "/usr/include/linux/v4l2-subdev.h", "/usr/include/linux/vbox_err.h", "/usr/include/linux/vbox_vmmdev_types.h", "/usr/include/linux/vboxguest.h", "/usr/include/linux/vdpa.h", "/usr/include/linux/vduse.h", "/usr/include/linux/version.h", "/usr/include/linux/vesa.h", "/usr/include/linux/veth.h", "/usr/include/linux/vfio.h", "/usr/include/linux/vfio_ccw.h", "/usr/include/linux/vfio_zdev.h", "/usr/include/linux/vhost.h", "/usr/include/linux/vhost_types.h", "/usr/include/linux/videodev2.h", "/usr/include/linux/virtio_9p.h", "/usr/include/linux/virtio_balloon.h", "/usr/include/linux/virtio_blk.h", "/usr/include/linux/virtio_bt.h", "/usr/include/linux/virtio_config.h", "/usr/include/linux/virtio_console.h", "/usr/include/linux/virtio_crypto.h", "/usr/include/linux/virtio_fs.h", "/usr/include/linux/virtio_gpio.h", "/usr/include/linux/virtio_gpu.h", "/usr/include/linux/virtio_i2c.h", "/usr/include/linux/virtio_ids.h", "/usr/include/linux/virtio_input.h", "/usr/include/linux/virtio_iommu.h", "/usr/include/linux/virtio_mem.h", "/usr/include/linux/virtio_mmio.h", "/usr/include/linux/virtio_net.h", "/usr/include/linux/virtio_pci.h", "/usr/include/linux/virtio_pcidev.h", "/usr/include/linux/virtio_pmem.h", "/usr/include/linux/virtio_ring.h", "/usr/include/linux/virtio_rng.h", "/usr/include/linux/virtio_scmi.h", "/usr/include/linux/virtio_scsi.h", "/usr/include/linux/virtio_snd.h", "/usr/include/linux/virtio_types.h", "/usr/include/linux/virtio_vsock.h", "/usr/include/linux/vm_sockets.h", "/usr/include/linux/vm_sockets_diag.h", "/usr/include/linux/vmcore.h", "/usr/include/linux/vsockmon.h", "/usr/include/linux/vt.h", "/usr/include/linux/vtpm_proxy.h", "/usr/include/linux/wait.h", "/usr/include/linux/watch_queue.h", "/usr/include/linux/watchdog.h", "/usr/include/linux/wireguard.h", "/usr/include/linux/wireless.h", "/usr/include/linux/wmi.h", "/usr/include/linux/wwan.h", "/usr/include/linux/x25.h", "/usr/include/linux/xattr.h", "/usr/include/linux/xdp_diag.h", "/usr/include/linux/xfrm.h", "/usr/include/linux/xilinx-v4l2-controls.h", "/usr/include/linux/zorro.h", "/usr/include/linux/zorro_ids.h", "/usr/include/misc/cxl.h", "/usr/include/misc/fastrpc.h", "/usr/include/misc/mrvl_cn10k_dpi.h", "/usr/include/misc/ocxl.h", "/usr/include/misc/pvpanic.h", "/usr/include/misc/uacce/hisi_qm.h", "/usr/include/misc/uacce/uacce.h", "/usr/include/misc/xilinx_sdfec.h", "/usr/include/mtd/inftl-user.h", "/usr/include/mtd/mtd-abi.h", "/usr/include/mtd/mtd-user.h", "/usr/include/mtd/nftl-user.h", "/usr/include/mtd/ubi-user.h", "/usr/include/rdma/bnxt_re-abi.h", "/usr/include/rdma/cxgb4-abi.h", "/usr/include/rdma/efa-abi.h", "/usr/include/rdma/erdma-abi.h", "/usr/include/rdma/hfi/hfi1_ioctl.h", "/usr/include/rdma/hfi/hfi1_user.h", "/usr/include/rdma/hns-abi.h", "/usr/include/rdma/ib_user_ioctl_cmds.h", "/usr/include/rdma/ib_user_ioctl_verbs.h", "/usr/include/rdma/ib_user_mad.h", "/usr/include/rdma/ib_user_sa.h", "/usr/include/rdma/ib_user_verbs.h", "/usr/include/rdma/irdma-abi.h", "/usr/include/rdma/mana-abi.h", "/usr/include/rdma/mlx4-abi.h", "/usr/include/rdma/mlx5-abi.h", "/usr/include/rdma/mlx5_user_ioctl_cmds.h", "/usr/include/rdma/mlx5_user_ioctl_verbs.h", "/usr/include/rdma/mthca-abi.h", "/usr/include/rdma/ocrdma-abi.h", "/usr/include/rdma/qedr-abi.h", "/usr/include/rdma/rdma_netlink.h", "/usr/include/rdma/rdma_user_cm.h", "/usr/include/rdma/rdma_user_ioctl.h", "/usr/include/rdma/rdma_user_ioctl_cmds.h", "/usr/include/rdma/rdma_user_rxe.h", "/usr/include/rdma/rvt-abi.h", "/usr/include/rdma/siw-abi.h", "/usr/include/rdma/vmw_pvrdma-abi.h", "/usr/include/regulator/regulator.h", "/usr/include/scsi/cxlflash_ioctl.h", "/usr/include/scsi/fc/fc_els.h", "/usr/include/scsi/fc/fc_fs.h", "/usr/include/scsi/fc/fc_gs.h", "/usr/include/scsi/fc/fc_ns.h", "/usr/include/scsi/scsi_bsg_fc.h", "/usr/include/scsi/scsi_bsg_mpi3mr.h", "/usr/include/scsi/scsi_bsg_ufs.h", "/usr/include/scsi/scsi_netlink.h", "/usr/include/scsi/scsi_netlink_fc.h", "/usr/include/sound/asequencer.h", "/usr/include/sound/asoc.h", "/usr/include/sound/asound.h", "/usr/include/sound/asound_fm.h", "/usr/include/sound/compress_offload.h", "/usr/include/sound/compress_params.h", "/usr/include/sound/emu10k1.h", "/usr/include/sound/firewire.h", "/usr/include/sound/hdsp.h", "/usr/include/sound/hdspm.h", "/usr/include/sound/intel/avs/tokens.h", "/usr/include/sound/sb16_csp.h", "/usr/include/sound/scarlett2.h", "/usr/include/sound/sfnt_info.h", "/usr/include/sound/skl-tplg-interface.h", "/usr/include/sound/snd_ar_tokens.h", "/usr/include/sound/snd_sst_tokens.h", "/usr/include/sound/sof/abi.h", "/usr/include/sound/sof/fw.h", "/usr/include/sound/sof/header.h", "/usr/include/sound/sof/tokens.h", "/usr/include/sound/tlv.h", "/usr/include/sound/usb_stream.h", "/usr/include/video/edid.h", "/usr/include/video/sisfb.h", "/usr/include/video/uvesafb.h", "/usr/include/xen/evtchn.h", "/usr/include/xen/gntalloc.h", "/usr/include/xen/gntdev.h", "/usr/include/xen/privcmd.h", "/usr/lib/linux/uapi/alpha/asm/a.out.h", "/usr/lib/linux/uapi/alpha/asm/auxvec.h", "/usr/lib/linux/uapi/alpha/asm/bitsperlong.h", "/usr/lib/linux/uapi/alpha/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/alpha/asm/byteorder.h", "/usr/lib/linux/uapi/alpha/asm/compiler.h", "/usr/lib/linux/uapi/alpha/asm/console.h", "/usr/lib/linux/uapi/alpha/asm/errno.h", "/usr/lib/linux/uapi/alpha/asm/fcntl.h", "/usr/lib/linux/uapi/alpha/asm/fpu.h", "/usr/lib/linux/uapi/alpha/asm/gentrap.h", "/usr/lib/linux/uapi/alpha/asm/ioctl.h", "/usr/lib/linux/uapi/alpha/asm/ioctls.h", "/usr/lib/linux/uapi/alpha/asm/ipcbuf.h", "/usr/lib/linux/uapi/alpha/asm/mman.h", "/usr/lib/linux/uapi/alpha/asm/msgbuf.h", "/usr/lib/linux/uapi/alpha/asm/pal.h", "/usr/lib/linux/uapi/alpha/asm/param.h", "/usr/lib/linux/uapi/alpha/asm/poll.h", "/usr/lib/linux/uapi/alpha/asm/posix_types.h", "/usr/lib/linux/uapi/alpha/asm/ptrace.h", "/usr/lib/linux/uapi/alpha/asm/reg.h", "/usr/lib/linux/uapi/alpha/asm/regdef.h", "/usr/lib/linux/uapi/alpha/asm/resource.h", "/usr/lib/linux/uapi/alpha/asm/sembuf.h", "/usr/lib/linux/uapi/alpha/asm/setup.h", "/usr/lib/linux/uapi/alpha/asm/shmbuf.h", "/usr/lib/linux/uapi/alpha/asm/sigcontext.h", "/usr/lib/linux/uapi/alpha/asm/siginfo.h", "/usr/lib/linux/uapi/alpha/asm/signal.h", "/usr/lib/linux/uapi/alpha/asm/socket.h", "/usr/lib/linux/uapi/alpha/asm/sockios.h", "/usr/lib/linux/uapi/alpha/asm/stat.h", "/usr/lib/linux/uapi/alpha/asm/statfs.h", "/usr/lib/linux/uapi/alpha/asm/swab.h", "/usr/lib/linux/uapi/alpha/asm/sysinfo.h", "/usr/lib/linux/uapi/alpha/asm/termbits.h", "/usr/lib/linux/uapi/alpha/asm/termios.h", "/usr/lib/linux/uapi/alpha/asm/types.h", "/usr/lib/linux/uapi/alpha/asm/unistd.h", "/usr/lib/linux/uapi/alpha/asm/unistd_32.h", "/usr/lib/linux/uapi/arm/asm/auxvec.h", "/usr/lib/linux/uapi/arm/asm/bitsperlong.h", "/usr/lib/linux/uapi/arm/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/arm/asm/byteorder.h", "/usr/lib/linux/uapi/arm/asm/errno.h", "/usr/lib/linux/uapi/arm/asm/fcntl.h", "/usr/lib/linux/uapi/arm/asm/hwcap.h", "/usr/lib/linux/uapi/arm/asm/ioctl.h", "/usr/lib/linux/uapi/arm/asm/ioctls.h", "/usr/lib/linux/uapi/arm/asm/ipcbuf.h", "/usr/lib/linux/uapi/arm/asm/kvm_para.h", "/usr/lib/linux/uapi/arm/asm/mman.h", "/usr/lib/linux/uapi/arm/asm/msgbuf.h", "/usr/lib/linux/uapi/arm/asm/param.h", "/usr/lib/linux/uapi/arm/asm/perf_regs.h", "/usr/lib/linux/uapi/arm/asm/poll.h", "/usr/lib/linux/uapi/arm/asm/posix_types.h", "/usr/lib/linux/uapi/arm/asm/ptrace.h", "/usr/lib/linux/uapi/arm/asm/resource.h", "/usr/lib/linux/uapi/arm/asm/sembuf.h", "/usr/lib/linux/uapi/arm/asm/setup.h", "/usr/lib/linux/uapi/arm/asm/shmbuf.h", "/usr/lib/linux/uapi/arm/asm/sigcontext.h", "/usr/lib/linux/uapi/arm/asm/siginfo.h", "/usr/lib/linux/uapi/arm/asm/signal.h", "/usr/lib/linux/uapi/arm/asm/socket.h", "/usr/lib/linux/uapi/arm/asm/sockios.h", "/usr/lib/linux/uapi/arm/asm/stat.h", "/usr/lib/linux/uapi/arm/asm/statfs.h", "/usr/lib/linux/uapi/arm/asm/swab.h", "/usr/lib/linux/uapi/arm/asm/termbits.h", "/usr/lib/linux/uapi/arm/asm/termios.h", "/usr/lib/linux/uapi/arm/asm/types.h", "/usr/lib/linux/uapi/arm/asm/unistd-eabi.h", "/usr/lib/linux/uapi/arm/asm/unistd-oabi.h", "/usr/lib/linux/uapi/arm/asm/unistd.h", "/usr/lib/linux/uapi/arm64/asm/auxvec.h", "/usr/lib/linux/uapi/arm64/asm/bitsperlong.h", "/usr/lib/linux/uapi/arm64/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/arm64/asm/byteorder.h", "/usr/lib/linux/uapi/arm64/asm/errno.h", "/usr/lib/linux/uapi/arm64/asm/fcntl.h", "/usr/lib/linux/uapi/arm64/asm/hwcap.h", "/usr/lib/linux/uapi/arm64/asm/ioctl.h", "/usr/lib/linux/uapi/arm64/asm/ioctls.h", "/usr/lib/linux/uapi/arm64/asm/ipcbuf.h", "/usr/lib/linux/uapi/arm64/asm/kvm.h", "/usr/lib/linux/uapi/arm64/asm/kvm_para.h", "/usr/lib/linux/uapi/arm64/asm/mman.h", "/usr/lib/linux/uapi/arm64/asm/msgbuf.h", "/usr/lib/linux/uapi/arm64/asm/param.h", "/usr/lib/linux/uapi/arm64/asm/perf_regs.h", "/usr/lib/linux/uapi/arm64/asm/poll.h", "/usr/lib/linux/uapi/arm64/asm/posix_types.h", "/usr/lib/linux/uapi/arm64/asm/ptrace.h", "/usr/lib/linux/uapi/arm64/asm/resource.h", "/usr/lib/linux/uapi/arm64/asm/sembuf.h", "/usr/lib/linux/uapi/arm64/asm/setup.h", "/usr/lib/linux/uapi/arm64/asm/shmbuf.h", "/usr/lib/linux/uapi/arm64/asm/sigcontext.h", "/usr/lib/linux/uapi/arm64/asm/siginfo.h", "/usr/lib/linux/uapi/arm64/asm/signal.h", "/usr/lib/linux/uapi/arm64/asm/socket.h", "/usr/lib/linux/uapi/arm64/asm/sockios.h", "/usr/lib/linux/uapi/arm64/asm/stat.h", "/usr/lib/linux/uapi/arm64/asm/statfs.h", "/usr/lib/linux/uapi/arm64/asm/sve_context.h", "/usr/lib/linux/uapi/arm64/asm/swab.h", "/usr/lib/linux/uapi/arm64/asm/termbits.h", "/usr/lib/linux/uapi/arm64/asm/termios.h", "/usr/lib/linux/uapi/arm64/asm/types.h", "/usr/lib/linux/uapi/arm64/asm/ucontext.h", "/usr/lib/linux/uapi/arm64/asm/unistd.h", "/usr/lib/linux/uapi/arm64/asm/unistd_64.h", "/usr/lib/linux/uapi/loongarch/asm/auxvec.h", "/usr/lib/linux/uapi/loongarch/asm/bitsperlong.h", "/usr/lib/linux/uapi/loongarch/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/loongarch/asm/break.h", "/usr/lib/linux/uapi/loongarch/asm/byteorder.h", "/usr/lib/linux/uapi/loongarch/asm/errno.h", "/usr/lib/linux/uapi/loongarch/asm/fcntl.h", "/usr/lib/linux/uapi/loongarch/asm/hwcap.h", "/usr/lib/linux/uapi/loongarch/asm/ioctl.h", "/usr/lib/linux/uapi/loongarch/asm/ioctls.h", "/usr/lib/linux/uapi/loongarch/asm/ipcbuf.h", "/usr/lib/linux/uapi/loongarch/asm/kvm.h", "/usr/lib/linux/uapi/loongarch/asm/kvm_para.h", "/usr/lib/linux/uapi/loongarch/asm/mman.h", "/usr/lib/linux/uapi/loongarch/asm/msgbuf.h", "/usr/lib/linux/uapi/loongarch/asm/param.h", "/usr/lib/linux/uapi/loongarch/asm/perf_regs.h", "/usr/lib/linux/uapi/loongarch/asm/poll.h", "/usr/lib/linux/uapi/loongarch/asm/posix_types.h", "/usr/lib/linux/uapi/loongarch/asm/ptrace.h", "/usr/lib/linux/uapi/loongarch/asm/reg.h", "/usr/lib/linux/uapi/loongarch/asm/resource.h", "/usr/lib/linux/uapi/loongarch/asm/sembuf.h", "/usr/lib/linux/uapi/loongarch/asm/setup.h", "/usr/lib/linux/uapi/loongarch/asm/shmbuf.h", "/usr/lib/linux/uapi/loongarch/asm/sigcontext.h", "/usr/lib/linux/uapi/loongarch/asm/siginfo.h", "/usr/lib/linux/uapi/loongarch/asm/signal.h", "/usr/lib/linux/uapi/loongarch/asm/socket.h", "/usr/lib/linux/uapi/loongarch/asm/sockios.h", "/usr/lib/linux/uapi/loongarch/asm/stat.h", "/usr/lib/linux/uapi/loongarch/asm/statfs.h", "/usr/lib/linux/uapi/loongarch/asm/swab.h", "/usr/lib/linux/uapi/loongarch/asm/termbits.h", "/usr/lib/linux/uapi/loongarch/asm/termios.h", "/usr/lib/linux/uapi/loongarch/asm/types.h", "/usr/lib/linux/uapi/loongarch/asm/ucontext.h", "/usr/lib/linux/uapi/loongarch/asm/unistd.h", "/usr/lib/linux/uapi/loongarch/asm/unistd_64.h", "/usr/lib/linux/uapi/m68k/asm/a.out.h", "/usr/lib/linux/uapi/m68k/asm/auxvec.h", "/usr/lib/linux/uapi/m68k/asm/bitsperlong.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-amiga.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-apollo.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-atari.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-hp300.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-mac.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-q40.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-virt.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo-vme.h", "/usr/lib/linux/uapi/m68k/asm/bootinfo.h", "/usr/lib/linux/uapi/m68k/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/m68k/asm/byteorder.h", "/usr/lib/linux/uapi/m68k/asm/cachectl.h", "/usr/lib/linux/uapi/m68k/asm/errno.h", "/usr/lib/linux/uapi/m68k/asm/fcntl.h", "/usr/lib/linux/uapi/m68k/asm/ioctl.h", "/usr/lib/linux/uapi/m68k/asm/ioctls.h", "/usr/lib/linux/uapi/m68k/asm/ipcbuf.h", "/usr/lib/linux/uapi/m68k/asm/mman.h", "/usr/lib/linux/uapi/m68k/asm/msgbuf.h", "/usr/lib/linux/uapi/m68k/asm/param.h", "/usr/lib/linux/uapi/m68k/asm/poll.h", "/usr/lib/linux/uapi/m68k/asm/posix_types.h", "/usr/lib/linux/uapi/m68k/asm/ptrace.h", "/usr/lib/linux/uapi/m68k/asm/resource.h", "/usr/lib/linux/uapi/m68k/asm/sembuf.h", "/usr/lib/linux/uapi/m68k/asm/setup.h", "/usr/lib/linux/uapi/m68k/asm/shmbuf.h", "/usr/lib/linux/uapi/m68k/asm/sigcontext.h", "/usr/lib/linux/uapi/m68k/asm/siginfo.h", "/usr/lib/linux/uapi/m68k/asm/signal.h", "/usr/lib/linux/uapi/m68k/asm/socket.h", "/usr/lib/linux/uapi/m68k/asm/sockios.h", "/usr/lib/linux/uapi/m68k/asm/stat.h", "/usr/lib/linux/uapi/m68k/asm/statfs.h", "/usr/lib/linux/uapi/m68k/asm/swab.h", "/usr/lib/linux/uapi/m68k/asm/termbits.h", "/usr/lib/linux/uapi/m68k/asm/termios.h", "/usr/lib/linux/uapi/m68k/asm/types.h", "/usr/lib/linux/uapi/m68k/asm/unistd.h", "/usr/lib/linux/uapi/m68k/asm/unistd_32.h", "/usr/lib/linux/uapi/mips/asm/auxvec.h", "/usr/lib/linux/uapi/mips/asm/bitfield.h", "/usr/lib/linux/uapi/mips/asm/bitsperlong.h", "/usr/lib/linux/uapi/mips/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/mips/asm/break.h", "/usr/lib/linux/uapi/mips/asm/byteorder.h", "/usr/lib/linux/uapi/mips/asm/cachectl.h", "/usr/lib/linux/uapi/mips/asm/errno.h", "/usr/lib/linux/uapi/mips/asm/fcntl.h", "/usr/lib/linux/uapi/mips/asm/hwcap.h", "/usr/lib/linux/uapi/mips/asm/inst.h", "/usr/lib/linux/uapi/mips/asm/ioctl.h", "/usr/lib/linux/uapi/mips/asm/ioctls.h", "/usr/lib/linux/uapi/mips/asm/ipcbuf.h", "/usr/lib/linux/uapi/mips/asm/kvm.h", "/usr/lib/linux/uapi/mips/asm/kvm_para.h", "/usr/lib/linux/uapi/mips/asm/mman.h", "/usr/lib/linux/uapi/mips/asm/msgbuf.h", "/usr/lib/linux/uapi/mips/asm/param.h", "/usr/lib/linux/uapi/mips/asm/perf_regs.h", "/usr/lib/linux/uapi/mips/asm/poll.h", "/usr/lib/linux/uapi/mips/asm/posix_types.h", "/usr/lib/linux/uapi/mips/asm/ptrace.h", "/usr/lib/linux/uapi/mips/asm/reg.h", "/usr/lib/linux/uapi/mips/asm/resource.h", "/usr/lib/linux/uapi/mips/asm/sembuf.h", "/usr/lib/linux/uapi/mips/asm/setup.h", "/usr/lib/linux/uapi/mips/asm/sgidefs.h", "/usr/lib/linux/uapi/mips/asm/shmbuf.h", "/usr/lib/linux/uapi/mips/asm/sigcontext.h", "/usr/lib/linux/uapi/mips/asm/siginfo.h", "/usr/lib/linux/uapi/mips/asm/signal.h", "/usr/lib/linux/uapi/mips/asm/socket.h", "/usr/lib/linux/uapi/mips/asm/sockios.h", "/usr/lib/linux/uapi/mips/asm/stat.h", "/usr/lib/linux/uapi/mips/asm/statfs.h", "/usr/lib/linux/uapi/mips/asm/swab.h", "/usr/lib/linux/uapi/mips/asm/sysmips.h", "/usr/lib/linux/uapi/mips/asm/termbits.h", "/usr/lib/linux/uapi/mips/asm/termios.h", "/usr/lib/linux/uapi/mips/asm/types.h", "/usr/lib/linux/uapi/mips/asm/ucontext.h", "/usr/lib/linux/uapi/mips/asm/unistd.h", "/usr/lib/linux/uapi/mips/asm/unistd_n32.h", "/usr/lib/linux/uapi/mips/asm/unistd_n64.h", "/usr/lib/linux/uapi/mips/asm/unistd_o32.h", "/usr/lib/linux/uapi/parisc/asm/auxvec.h", "/usr/lib/linux/uapi/parisc/asm/bitsperlong.h", "/usr/lib/linux/uapi/parisc/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/parisc/asm/byteorder.h", "/usr/lib/linux/uapi/parisc/asm/cachectl.h", "/usr/lib/linux/uapi/parisc/asm/errno.h", "/usr/lib/linux/uapi/parisc/asm/fcntl.h", "/usr/lib/linux/uapi/parisc/asm/ioctl.h", "/usr/lib/linux/uapi/parisc/asm/ioctls.h", "/usr/lib/linux/uapi/parisc/asm/ipcbuf.h", "/usr/lib/linux/uapi/parisc/asm/mman.h", "/usr/lib/linux/uapi/parisc/asm/msgbuf.h", "/usr/lib/linux/uapi/parisc/asm/param.h", "/usr/lib/linux/uapi/parisc/asm/pdc.h", "/usr/lib/linux/uapi/parisc/asm/poll.h", "/usr/lib/linux/uapi/parisc/asm/posix_types.h", "/usr/lib/linux/uapi/parisc/asm/ptrace.h", "/usr/lib/linux/uapi/parisc/asm/resource.h", "/usr/lib/linux/uapi/parisc/asm/sembuf.h", "/usr/lib/linux/uapi/parisc/asm/setup.h", "/usr/lib/linux/uapi/parisc/asm/shmbuf.h", "/usr/lib/linux/uapi/parisc/asm/sigcontext.h", "/usr/lib/linux/uapi/parisc/asm/siginfo.h", "/usr/lib/linux/uapi/parisc/asm/signal.h", "/usr/lib/linux/uapi/parisc/asm/socket.h", "/usr/lib/linux/uapi/parisc/asm/sockios.h", "/usr/lib/linux/uapi/parisc/asm/stat.h", "/usr/lib/linux/uapi/parisc/asm/statfs.h", "/usr/lib/linux/uapi/parisc/asm/swab.h", "/usr/lib/linux/uapi/parisc/asm/termbits.h", "/usr/lib/linux/uapi/parisc/asm/termios.h", "/usr/lib/linux/uapi/parisc/asm/types.h", "/usr/lib/linux/uapi/parisc/asm/unistd.h", "/usr/lib/linux/uapi/parisc/asm/unistd_32.h", "/usr/lib/linux/uapi/parisc/asm/unistd_64.h", "/usr/lib/linux/uapi/powerpc/asm/auxvec.h", "/usr/lib/linux/uapi/powerpc/asm/bitsperlong.h", "/usr/lib/linux/uapi/powerpc/asm/bootx.h", "/usr/lib/linux/uapi/powerpc/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/powerpc/asm/byteorder.h", "/usr/lib/linux/uapi/powerpc/asm/cputable.h", "/usr/lib/linux/uapi/powerpc/asm/eeh.h", "/usr/lib/linux/uapi/powerpc/asm/elf.h", "/usr/lib/linux/uapi/powerpc/asm/epapr_hcalls.h", "/usr/lib/linux/uapi/powerpc/asm/errno.h", "/usr/lib/linux/uapi/powerpc/asm/fcntl.h", "/usr/lib/linux/uapi/powerpc/asm/ioctl.h", "/usr/lib/linux/uapi/powerpc/asm/ioctls.h", "/usr/lib/linux/uapi/powerpc/asm/ipcbuf.h", "/usr/lib/linux/uapi/powerpc/asm/kvm.h", "/usr/lib/linux/uapi/powerpc/asm/kvm_para.h", "/usr/lib/linux/uapi/powerpc/asm/mman.h", "/usr/lib/linux/uapi/powerpc/asm/msgbuf.h", "/usr/lib/linux/uapi/powerpc/asm/nvram.h", "/usr/lib/linux/uapi/powerpc/asm/opal-prd.h", "/usr/lib/linux/uapi/powerpc/asm/papr-miscdev.h", "/usr/lib/linux/uapi/powerpc/asm/papr-sysparm.h", "/usr/lib/linux/uapi/powerpc/asm/papr-vpd.h", "/usr/lib/linux/uapi/powerpc/asm/param.h", "/usr/lib/linux/uapi/powerpc/asm/perf_event.h", "/usr/lib/linux/uapi/powerpc/asm/perf_regs.h", "/usr/lib/linux/uapi/powerpc/asm/poll.h", "/usr/lib/linux/uapi/powerpc/asm/posix_types.h", "/usr/lib/linux/uapi/powerpc/asm/ps3fb.h", "/usr/lib/linux/uapi/powerpc/asm/ptrace.h", "/usr/lib/linux/uapi/powerpc/asm/resource.h", "/usr/lib/linux/uapi/powerpc/asm/sembuf.h", "/usr/lib/linux/uapi/powerpc/asm/setup.h", "/usr/lib/linux/uapi/powerpc/asm/shmbuf.h", "/usr/lib/linux/uapi/powerpc/asm/sigcontext.h", "/usr/lib/linux/uapi/powerpc/asm/siginfo.h", "/usr/lib/linux/uapi/powerpc/asm/signal.h", "/usr/lib/linux/uapi/powerpc/asm/socket.h", "/usr/lib/linux/uapi/powerpc/asm/sockios.h", "/usr/lib/linux/uapi/powerpc/asm/spu_info.h", "/usr/lib/linux/uapi/powerpc/asm/stat.h", "/usr/lib/linux/uapi/powerpc/asm/statfs.h", "/usr/lib/linux/uapi/powerpc/asm/swab.h", "/usr/lib/linux/uapi/powerpc/asm/termbits.h", "/usr/lib/linux/uapi/powerpc/asm/termios.h", "/usr/lib/linux/uapi/powerpc/asm/tm.h", "/usr/lib/linux/uapi/powerpc/asm/types.h", "/usr/lib/linux/uapi/powerpc/asm/ucontext.h", "/usr/lib/linux/uapi/powerpc/asm/unistd.h", "/usr/lib/linux/uapi/powerpc/asm/unistd_32.h", "/usr/lib/linux/uapi/powerpc/asm/unistd_64.h", "/usr/lib/linux/uapi/powerpc/asm/vas-api.h", "/usr/lib/linux/uapi/riscv/asm/auxvec.h", "/usr/lib/linux/uapi/riscv/asm/bitsperlong.h", "/usr/lib/linux/uapi/riscv/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/riscv/asm/byteorder.h", "/usr/lib/linux/uapi/riscv/asm/elf.h", "/usr/lib/linux/uapi/riscv/asm/errno.h", "/usr/lib/linux/uapi/riscv/asm/fcntl.h", "/usr/lib/linux/uapi/riscv/asm/hwcap.h", "/usr/lib/linux/uapi/riscv/asm/hwprobe.h", "/usr/lib/linux/uapi/riscv/asm/ioctl.h", "/usr/lib/linux/uapi/riscv/asm/ioctls.h", "/usr/lib/linux/uapi/riscv/asm/ipcbuf.h", "/usr/lib/linux/uapi/riscv/asm/kvm.h", "/usr/lib/linux/uapi/riscv/asm/mman.h", "/usr/lib/linux/uapi/riscv/asm/msgbuf.h", "/usr/lib/linux/uapi/riscv/asm/param.h", "/usr/lib/linux/uapi/riscv/asm/perf_regs.h", "/usr/lib/linux/uapi/riscv/asm/poll.h", "/usr/lib/linux/uapi/riscv/asm/posix_types.h", "/usr/lib/linux/uapi/riscv/asm/ptrace.h", "/usr/lib/linux/uapi/riscv/asm/resource.h", "/usr/lib/linux/uapi/riscv/asm/sembuf.h", "/usr/lib/linux/uapi/riscv/asm/setup.h", "/usr/lib/linux/uapi/riscv/asm/shmbuf.h", "/usr/lib/linux/uapi/riscv/asm/sigcontext.h", "/usr/lib/linux/uapi/riscv/asm/siginfo.h", "/usr/lib/linux/uapi/riscv/asm/signal.h", "/usr/lib/linux/uapi/riscv/asm/socket.h", "/usr/lib/linux/uapi/riscv/asm/sockios.h", "/usr/lib/linux/uapi/riscv/asm/stat.h", "/usr/lib/linux/uapi/riscv/asm/statfs.h", "/usr/lib/linux/uapi/riscv/asm/swab.h", "/usr/lib/linux/uapi/riscv/asm/termbits.h", "/usr/lib/linux/uapi/riscv/asm/termios.h", "/usr/lib/linux/uapi/riscv/asm/types.h", "/usr/lib/linux/uapi/riscv/asm/ucontext.h", "/usr/lib/linux/uapi/riscv/asm/unistd.h", "/usr/lib/linux/uapi/riscv/asm/unistd_32.h", "/usr/lib/linux/uapi/riscv/asm/unistd_64.h", "/usr/lib/linux/uapi/s390/asm/auxvec.h", "/usr/lib/linux/uapi/s390/asm/bitsperlong.h", "/usr/lib/linux/uapi/s390/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/s390/asm/byteorder.h", "/usr/lib/linux/uapi/s390/asm/chpid.h", "/usr/lib/linux/uapi/s390/asm/chsc.h", "/usr/lib/linux/uapi/s390/asm/clp.h", "/usr/lib/linux/uapi/s390/asm/cmb.h", "/usr/lib/linux/uapi/s390/asm/dasd.h", "/usr/lib/linux/uapi/s390/asm/errno.h", "/usr/lib/linux/uapi/s390/asm/fcntl.h", "/usr/lib/linux/uapi/s390/asm/fs3270.h", "/usr/lib/linux/uapi/s390/asm/guarded_storage.h", "/usr/lib/linux/uapi/s390/asm/hwctrset.h", "/usr/lib/linux/uapi/s390/asm/hypfs.h", "/usr/lib/linux/uapi/s390/asm/ioctl.h", "/usr/lib/linux/uapi/s390/asm/ioctls.h", "/usr/lib/linux/uapi/s390/asm/ipcbuf.h", "/usr/lib/linux/uapi/s390/asm/ipl.h", "/usr/lib/linux/uapi/s390/asm/kvm.h", "/usr/lib/linux/uapi/s390/asm/kvm_para.h", "/usr/lib/linux/uapi/s390/asm/kvm_perf.h", "/usr/lib/linux/uapi/s390/asm/mman.h", "/usr/lib/linux/uapi/s390/asm/monwriter.h", "/usr/lib/linux/uapi/s390/asm/msgbuf.h", "/usr/lib/linux/uapi/s390/asm/param.h", "/usr/lib/linux/uapi/s390/asm/perf_regs.h", "/usr/lib/linux/uapi/s390/asm/pkey.h", "/usr/lib/linux/uapi/s390/asm/poll.h", "/usr/lib/linux/uapi/s390/asm/posix_types.h", "/usr/lib/linux/uapi/s390/asm/ptrace.h", "/usr/lib/linux/uapi/s390/asm/qeth.h", "/usr/lib/linux/uapi/s390/asm/raw3270.h", "/usr/lib/linux/uapi/s390/asm/resource.h", "/usr/lib/linux/uapi/s390/asm/runtime_instr.h", "/usr/lib/linux/uapi/s390/asm/schid.h", "/usr/lib/linux/uapi/s390/asm/sclp_ctl.h", "/usr/lib/linux/uapi/s390/asm/sembuf.h", "/usr/lib/linux/uapi/s390/asm/setup.h", "/usr/lib/linux/uapi/s390/asm/shmbuf.h", "/usr/lib/linux/uapi/s390/asm/sie.h", "/usr/lib/linux/uapi/s390/asm/sigcontext.h", "/usr/lib/linux/uapi/s390/asm/siginfo.h", "/usr/lib/linux/uapi/s390/asm/signal.h", "/usr/lib/linux/uapi/s390/asm/socket.h", "/usr/lib/linux/uapi/s390/asm/sockios.h", "/usr/lib/linux/uapi/s390/asm/stat.h", "/usr/lib/linux/uapi/s390/asm/statfs.h", "/usr/lib/linux/uapi/s390/asm/sthyi.h", "/usr/lib/linux/uapi/s390/asm/swab.h", "/usr/lib/linux/uapi/s390/asm/tape390.h", "/usr/lib/linux/uapi/s390/asm/termbits.h", "/usr/lib/linux/uapi/s390/asm/termios.h", "/usr/lib/linux/uapi/s390/asm/types.h", "/usr/lib/linux/uapi/s390/asm/ucontext.h", "/usr/lib/linux/uapi/s390/asm/unistd.h", "/usr/lib/linux/uapi/s390/asm/unistd_32.h", "/usr/lib/linux/uapi/s390/asm/unistd_64.h", "/usr/lib/linux/uapi/s390/asm/uvdevice.h", "/usr/lib/linux/uapi/s390/asm/virtio-ccw.h", "/usr/lib/linux/uapi/s390/asm/vmcp.h", "/usr/lib/linux/uapi/s390/asm/vtoc.h", "/usr/lib/linux/uapi/s390/asm/zcrypt.h", "/usr/lib/linux/uapi/sh/asm/auxvec.h", "/usr/lib/linux/uapi/sh/asm/bitsperlong.h", "/usr/lib/linux/uapi/sh/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/sh/asm/byteorder.h", "/usr/lib/linux/uapi/sh/asm/cachectl.h", "/usr/lib/linux/uapi/sh/asm/cpu-features.h", "/usr/lib/linux/uapi/sh/asm/errno.h", "/usr/lib/linux/uapi/sh/asm/fcntl.h", "/usr/lib/linux/uapi/sh/asm/hw_breakpoint.h", "/usr/lib/linux/uapi/sh/asm/ioctl.h", "/usr/lib/linux/uapi/sh/asm/ioctls.h", "/usr/lib/linux/uapi/sh/asm/ipcbuf.h", "/usr/lib/linux/uapi/sh/asm/mman.h", "/usr/lib/linux/uapi/sh/asm/msgbuf.h", "/usr/lib/linux/uapi/sh/asm/param.h", "/usr/lib/linux/uapi/sh/asm/poll.h", "/usr/lib/linux/uapi/sh/asm/posix_types.h", "/usr/lib/linux/uapi/sh/asm/posix_types_32.h", "/usr/lib/linux/uapi/sh/asm/ptrace.h", "/usr/lib/linux/uapi/sh/asm/ptrace_32.h", "/usr/lib/linux/uapi/sh/asm/resource.h", "/usr/lib/linux/uapi/sh/asm/sembuf.h", "/usr/lib/linux/uapi/sh/asm/setup.h", "/usr/lib/linux/uapi/sh/asm/shmbuf.h", "/usr/lib/linux/uapi/sh/asm/sigcontext.h", "/usr/lib/linux/uapi/sh/asm/siginfo.h", "/usr/lib/linux/uapi/sh/asm/signal.h", "/usr/lib/linux/uapi/sh/asm/socket.h", "/usr/lib/linux/uapi/sh/asm/sockios.h", "/usr/lib/linux/uapi/sh/asm/stat.h", "/usr/lib/linux/uapi/sh/asm/statfs.h", "/usr/lib/linux/uapi/sh/asm/swab.h", "/usr/lib/linux/uapi/sh/asm/termbits.h", "/usr/lib/linux/uapi/sh/asm/termios.h", "/usr/lib/linux/uapi/sh/asm/types.h", "/usr/lib/linux/uapi/sh/asm/ucontext.h", "/usr/lib/linux/uapi/sh/asm/unistd.h", "/usr/lib/linux/uapi/sh/asm/unistd_32.h", "/usr/lib/linux/uapi/sparc/asm/apc.h", "/usr/lib/linux/uapi/sparc/asm/asi.h", "/usr/lib/linux/uapi/sparc/asm/auxvec.h", "/usr/lib/linux/uapi/sparc/asm/bitsperlong.h", "/usr/lib/linux/uapi/sparc/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/sparc/asm/byteorder.h", "/usr/lib/linux/uapi/sparc/asm/display7seg.h", "/usr/lib/linux/uapi/sparc/asm/envctrl.h", "/usr/lib/linux/uapi/sparc/asm/errno.h", "/usr/lib/linux/uapi/sparc/asm/fbio.h", "/usr/lib/linux/uapi/sparc/asm/fcntl.h", "/usr/lib/linux/uapi/sparc/asm/ioctl.h", "/usr/lib/linux/uapi/sparc/asm/ioctls.h", "/usr/lib/linux/uapi/sparc/asm/ipcbuf.h", "/usr/lib/linux/uapi/sparc/asm/mman.h", "/usr/lib/linux/uapi/sparc/asm/msgbuf.h", "/usr/lib/linux/uapi/sparc/asm/openpromio.h", "/usr/lib/linux/uapi/sparc/asm/oradax.h", "/usr/lib/linux/uapi/sparc/asm/param.h", "/usr/lib/linux/uapi/sparc/asm/perfctr.h", "/usr/lib/linux/uapi/sparc/asm/poll.h", "/usr/lib/linux/uapi/sparc/asm/posix_types.h", "/usr/lib/linux/uapi/sparc/asm/psr.h", "/usr/lib/linux/uapi/sparc/asm/psrcompat.h", "/usr/lib/linux/uapi/sparc/asm/pstate.h", "/usr/lib/linux/uapi/sparc/asm/ptrace.h", "/usr/lib/linux/uapi/sparc/asm/resource.h", "/usr/lib/linux/uapi/sparc/asm/sembuf.h", "/usr/lib/linux/uapi/sparc/asm/setup.h", "/usr/lib/linux/uapi/sparc/asm/shmbuf.h", "/usr/lib/linux/uapi/sparc/asm/sigcontext.h", "/usr/lib/linux/uapi/sparc/asm/siginfo.h", "/usr/lib/linux/uapi/sparc/asm/signal.h", "/usr/lib/linux/uapi/sparc/asm/socket.h", "/usr/lib/linux/uapi/sparc/asm/sockios.h", "/usr/lib/linux/uapi/sparc/asm/stat.h", "/usr/lib/linux/uapi/sparc/asm/statfs.h", "/usr/lib/linux/uapi/sparc/asm/swab.h", "/usr/lib/linux/uapi/sparc/asm/termbits.h", "/usr/lib/linux/uapi/sparc/asm/termios.h", "/usr/lib/linux/uapi/sparc/asm/traps.h", "/usr/lib/linux/uapi/sparc/asm/types.h", "/usr/lib/linux/uapi/sparc/asm/uctx.h", "/usr/lib/linux/uapi/sparc/asm/unistd.h", "/usr/lib/linux/uapi/sparc/asm/unistd_32.h", "/usr/lib/linux/uapi/sparc/asm/unistd_64.h", "/usr/lib/linux/uapi/sparc/asm/utrap.h", "/usr/lib/linux/uapi/sparc/asm/watchdog.h", "/usr/lib/linux/uapi/x86/asm/a.out.h", "/usr/lib/linux/uapi/x86/asm/amd_hsmp.h", "/usr/lib/linux/uapi/x86/asm/auxvec.h", "/usr/lib/linux/uapi/x86/asm/bitsperlong.h", "/usr/lib/linux/uapi/x86/asm/boot.h", "/usr/lib/linux/uapi/x86/asm/bootparam.h", "/usr/lib/linux/uapi/x86/asm/bpf_perf_event.h", "/usr/lib/linux/uapi/x86/asm/byteorder.h", "/usr/lib/linux/uapi/x86/asm/debugreg.h", "/usr/lib/linux/uapi/x86/asm/e820.h", "/usr/lib/linux/uapi/x86/asm/elf.h", "/usr/lib/linux/uapi/x86/asm/errno.h", "/usr/lib/linux/uapi/x86/asm/fcntl.h", "/usr/lib/linux/uapi/x86/asm/hw_breakpoint.h", "/usr/lib/linux/uapi/x86/asm/hwcap2.h", "/usr/lib/linux/uapi/x86/asm/ioctl.h", "/usr/lib/linux/uapi/x86/asm/ioctls.h", "/usr/lib/linux/uapi/x86/asm/ipcbuf.h", "/usr/lib/linux/uapi/x86/asm/ist.h", "/usr/lib/linux/uapi/x86/asm/kvm.h", "/usr/lib/linux/uapi/x86/asm/kvm_para.h", "/usr/lib/linux/uapi/x86/asm/kvm_perf.h", "/usr/lib/linux/uapi/x86/asm/ldt.h", "/usr/lib/linux/uapi/x86/asm/mce.h", "/usr/lib/linux/uapi/x86/asm/mman.h", "/usr/lib/linux/uapi/x86/asm/msgbuf.h", "/usr/lib/linux/uapi/x86/asm/msr.h", "/usr/lib/linux/uapi/x86/asm/mtrr.h", "/usr/lib/linux/uapi/x86/asm/param.h", "/usr/lib/linux/uapi/x86/asm/perf_regs.h", "/usr/lib/linux/uapi/x86/asm/poll.h", "/usr/lib/linux/uapi/x86/asm/posix_types.h", "/usr/lib/linux/uapi/x86/asm/posix_types_32.h", "/usr/lib/linux/uapi/x86/asm/posix_types_64.h", "/usr/lib/linux/uapi/x86/asm/posix_types_x32.h", "/usr/lib/linux/uapi/x86/asm/prctl.h", "/usr/lib/linux/uapi/x86/asm/processor-flags.h", "/usr/lib/linux/uapi/x86/asm/ptrace-abi.h", "/usr/lib/linux/uapi/x86/asm/ptrace.h", "/usr/lib/linux/uapi/x86/asm/resource.h", "/usr/lib/linux/uapi/x86/asm/sembuf.h", "/usr/lib/linux/uapi/x86/asm/setup.h", "/usr/lib/linux/uapi/x86/asm/setup_data.h", "/usr/lib/linux/uapi/x86/asm/sgx.h", "/usr/lib/linux/uapi/x86/asm/shmbuf.h", "/usr/lib/linux/uapi/x86/asm/sigcontext.h", "/usr/lib/linux/uapi/x86/asm/sigcontext32.h", "/usr/lib/linux/uapi/x86/asm/siginfo.h", "/usr/lib/linux/uapi/x86/asm/signal.h", "/usr/lib/linux/uapi/x86/asm/socket.h", "/usr/lib/linux/uapi/x86/asm/sockios.h", "/usr/lib/linux/uapi/x86/asm/stat.h", "/usr/lib/linux/uapi/x86/asm/statfs.h", "/usr/lib/linux/uapi/x86/asm/svm.h", "/usr/lib/linux/uapi/x86/asm/swab.h", "/usr/lib/linux/uapi/x86/asm/termbits.h", "/usr/lib/linux/uapi/x86/asm/termios.h", "/usr/lib/linux/uapi/x86/asm/types.h", "/usr/lib/linux/uapi/x86/asm/ucontext.h", "/usr/lib/linux/uapi/x86/asm/unistd.h", "/usr/lib/linux/uapi/x86/asm/unistd_32.h", "/usr/lib/linux/uapi/x86/asm/unistd_64.h", "/usr/lib/linux/uapi/x86/asm/unistd_x32.h", "/usr/lib/linux/uapi/x86/asm/vm86.h", "/usr/lib/linux/uapi/x86/asm/vmx.h", "/usr/lib/linux/uapi/x86/asm/vsyscall.h", "/usr/share/doc/linux-libc-dev/changelog.Debian.gz", "/usr/share/doc/linux-libc-dev/copyright" ] }, { "ID": "login@1:4.16.0-2+really2.41-5", "Name": "login", "Identifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "9a6da06303db8b93" }, "Version": "4.16.0-2+really2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam-runtime@1.7.0-5", "libpam0g@1.7.0-5" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/login", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/bash-completion/completions/newgrp", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/changelog.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/login.1.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man8/nologin.8.gz", "/usr/share/man/ro/man1/login.1.gz", "/usr/share/man/ro/man1/newgrp.1.gz", "/usr/share/man/ro/man8/nologin.8.gz", "/usr/share/man/sr/man1/login.1.gz", "/usr/share/man/sr/man8/nologin.8.gz", "/usr/share/man/uk/man1/login.1.gz", "/usr/share/man/uk/man1/newgrp.1.gz", "/usr/share/man/uk/man8/nologin.8.gz" ] }, { "ID": "login.defs@1:4.17.4-2", "Name": "login.defs", "Identifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.1\u0026epoch=1", "UID": "b2ebc9108569350a" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/share/doc/login.defs/NEWS.Debian.gz", "/usr/share/doc/login.defs/changelog.Debian.gz", "/usr/share/doc/login.defs/changelog.gz", "/usr/share/doc/login.defs/copyright", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/uk/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz" ] }, { "ID": "manpages@6.9.1-1", "Name": "manpages", "Identifier": { "PURL": "pkg:deb/debian/manpages@6.9.1-1?arch=all\u0026distro=debian-13.1", "UID": "37ec41d063737864" }, "Version": "6.9.1", "Release": "1", "Arch": "all", "SrcName": "manpages", "SrcVersion": "6.9.1", "SrcRelease": "1", "Licenses": [ "GPL-2.0-or-later", "may be freely modified", "distributed", "BSD-2-Clause", "BSD-3-Clause", "BSD-4-Clause", "Linux-man-pages-copyleft", "MIT", "GPL-1.0-or-later", "GPL-2.0-only", "GPL-3.0-only", "Linux-man-pages-1-para", "Linux-man-pages-copyleft-2-para", "Linux-man-pages-copyleft-var" ], "Maintainer": "Dr. Tobias Quathamer \u003ctoddy@debian.org\u003e", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/doc/manpages/Changes.old.gz", "/usr/share/doc/manpages/POSIX-MANPAGES", "/usr/share/doc/manpages/TODO.Debian", "/usr/share/doc/manpages/changelog.Debian.gz", "/usr/share/doc/manpages/changelog.gz", "/usr/share/doc/manpages/copyright", "/usr/share/doc/manpages/man-addons.el", "/usr/share/lintian/overrides/manpages", "/usr/share/man/man1/getent.1.gz", "/usr/share/man/man1/iconv.1.gz", "/usr/share/man/man1/intro.1.gz", "/usr/share/man/man1/ldd.1.gz", "/usr/share/man/man1/locale.1.gz", "/usr/share/man/man1/localedef.1.gz", "/usr/share/man/man1/memusage.1.gz", "/usr/share/man/man1/memusagestat.1.gz", "/usr/share/man/man1/mtrace.1.gz", "/usr/share/man/man1/pldd.1.gz", "/usr/share/man/man1/sprof.1.gz", "/usr/share/man/man2/intro.2.gz", "/usr/share/man/man3/S_ISBLK.3.gz", "/usr/share/man/man3/S_ISCHR.3.gz", "/usr/share/man/man3/S_ISDIR.3.gz", "/usr/share/man/man3/S_ISFIFO.3.gz", "/usr/share/man/man3/S_ISLNK.3.gz", "/usr/share/man/man3/S_ISREG.3.gz", "/usr/share/man/man3/S_ISSOCK.3.gz", "/usr/share/man/man3/intro.3.gz", "/usr/share/man/man3/queue.3.gz", "/usr/share/man/man3/siginfo_t.3type.gz", "/usr/share/man/man3/sigset_t.3type.gz", "/usr/share/man/man4/cciss.4.gz", "/usr/share/man/man4/console_codes.4.gz", "/usr/share/man/man4/cpuid.4.gz", "/usr/share/man/man4/dsp56k.4.gz", "/usr/share/man/man4/full.4.gz", "/usr/share/man/man4/fuse.4.gz", "/usr/share/man/man4/hd.4.gz", "/usr/share/man/man4/hpsa.4.gz", "/usr/share/man/man4/initrd.4.gz", "/usr/share/man/man4/intro.4.gz", "/usr/share/man/man4/lirc.4.gz", "/usr/share/man/man4/loop.4.gz", "/usr/share/man/man4/lp.4.gz", "/usr/share/man/man4/mem.4.gz", "/usr/share/man/man4/mouse.4.gz", "/usr/share/man/man4/msr.4.gz", "/usr/share/man/man4/null.4.gz", "/usr/share/man/man4/pts.4.gz", "/usr/share/man/man4/ram.4.gz", "/usr/share/man/man4/random.4.gz", "/usr/share/man/man4/rtc.4.gz", "/usr/share/man/man4/sd.4.gz", "/usr/share/man/man4/smartpqi.4.gz", "/usr/share/man/man4/st.4.gz", "/usr/share/man/man4/tty.4.gz", "/usr/share/man/man4/ttyS.4.gz", "/usr/share/man/man4/vcs.4.gz", "/usr/share/man/man4/veth.4.gz", "/usr/share/man/man4/wavelan.4.gz", "/usr/share/man/man5/acct.5.gz", "/usr/share/man/man5/charmap.5.gz", "/usr/share/man/man5/core.5.gz", "/usr/share/man/man5/dir_colors.5.gz", "/usr/share/man/man5/elf.5.gz", "/usr/share/man/man5/erofs.5.gz", "/usr/share/man/man5/filesystems.5.gz", "/usr/share/man/man5/gai.conf.5.gz", "/usr/share/man/man5/group.5.gz", "/usr/share/man/man5/host.conf.5.gz", "/usr/share/man/man5/hosts.5.gz", "/usr/share/man/man5/hosts.equiv.5.gz", "/usr/share/man/man5/intro.5.gz", "/usr/share/man/man5/issue.5.gz", "/usr/share/man/man5/locale.5.gz", "/usr/share/man/man5/motd.5.gz", "/usr/share/man/man5/networks.5.gz", "/usr/share/man/man5/nologin.5.gz", "/usr/share/man/man5/nss.5.gz", "/usr/share/man/man5/nsswitch.conf.5.gz", "/usr/share/man/man5/proc.5.gz", "/usr/share/man/man5/proc_apm.5.gz", "/usr/share/man/man5/proc_buddyinfo.5.gz", "/usr/share/man/man5/proc_bus.5.gz", "/usr/share/man/man5/proc_cgroups.5.gz", "/usr/share/man/man5/proc_cmdline.5.gz", "/usr/share/man/man5/proc_config.gz.5.gz", "/usr/share/man/man5/proc_cpuinfo.5.gz", "/usr/share/man/man5/proc_crypto.5.gz", "/usr/share/man/man5/proc_devices.5.gz", "/usr/share/man/man5/proc_diskstats.5.gz", "/usr/share/man/man5/proc_dma.5.gz", "/usr/share/man/man5/proc_driver.5.gz", "/usr/share/man/man5/proc_execdomains.5.gz", "/usr/share/man/man5/proc_fb.5.gz", "/usr/share/man/man5/proc_filesystems.5.gz", "/usr/share/man/man5/proc_fs.5.gz", "/usr/share/man/man5/proc_ide.5.gz", "/usr/share/man/man5/proc_interrupts.5.gz", "/usr/share/man/man5/proc_iomem.5.gz", "/usr/share/man/man5/proc_ioports.5.gz", "/usr/share/man/man5/proc_kallsyms.5.gz", "/usr/share/man/man5/proc_kcore.5.gz", "/usr/share/man/man5/proc_keys.5.gz", "/usr/share/man/man5/proc_kmsg.5.gz", "/usr/share/man/man5/proc_kpagecgroup.5.gz", "/usr/share/man/man5/proc_kpagecount.5.gz", "/usr/share/man/man5/proc_kpageflags.5.gz", "/usr/share/man/man5/proc_loadavg.5.gz", "/usr/share/man/man5/proc_locks.5.gz", "/usr/share/man/man5/proc_malloc.5.gz", "/usr/share/man/man5/proc_meminfo.5.gz", "/usr/share/man/man5/proc_modules.5.gz", "/usr/share/man/man5/proc_mtrr.5.gz", "/usr/share/man/man5/proc_partitions.5.gz", "/usr/share/man/man5/proc_pci.5.gz", "/usr/share/man/man5/proc_pid.5.gz", "/usr/share/man/man5/proc_pid_attr.5.gz", "/usr/share/man/man5/proc_pid_autogroup.5.gz", "/usr/share/man/man5/proc_pid_auxv.5.gz", "/usr/share/man/man5/proc_pid_cgroup.5.gz", "/usr/share/man/man5/proc_pid_clear_refs.5.gz", "/usr/share/man/man5/proc_pid_cmdline.5.gz", "/usr/share/man/man5/proc_pid_comm.5.gz", "/usr/share/man/man5/proc_pid_coredump_filter.5.gz", "/usr/share/man/man5/proc_pid_cpuset.5.gz", "/usr/share/man/man5/proc_pid_cwd.5.gz", "/usr/share/man/man5/proc_pid_environ.5.gz", "/usr/share/man/man5/proc_pid_exe.5.gz", "/usr/share/man/man5/proc_pid_fd.5.gz", "/usr/share/man/man5/proc_pid_fdinfo.5.gz", "/usr/share/man/man5/proc_pid_io.5.gz", "/usr/share/man/man5/proc_pid_limits.5.gz", "/usr/share/man/man5/proc_pid_map_files.5.gz", "/usr/share/man/man5/proc_pid_maps.5.gz", "/usr/share/man/man5/proc_pid_mem.5.gz", "/usr/share/man/man5/proc_pid_mountinfo.5.gz", "/usr/share/man/man5/proc_pid_mounts.5.gz", "/usr/share/man/man5/proc_pid_mountstats.5.gz", "/usr/share/man/man5/proc_pid_net.5.gz", "/usr/share/man/man5/proc_pid_ns.5.gz", "/usr/share/man/man5/proc_pid_numa_maps.5.gz", "/usr/share/man/man5/proc_pid_oom_score.5.gz", "/usr/share/man/man5/proc_pid_oom_score_adj.5.gz", "/usr/share/man/man5/proc_pid_pagemap.5.gz", "/usr/share/man/man5/proc_pid_personality.5.gz", "/usr/share/man/man5/proc_pid_projid_map.5.gz", "/usr/share/man/man5/proc_pid_root.5.gz", "/usr/share/man/man5/proc_pid_seccomp.5.gz", "/usr/share/man/man5/proc_pid_setgroups.5.gz", "/usr/share/man/man5/proc_pid_smaps.5.gz", "/usr/share/man/man5/proc_pid_stack.5.gz", "/usr/share/man/man5/proc_pid_stat.5.gz", "/usr/share/man/man5/proc_pid_statm.5.gz", "/usr/share/man/man5/proc_pid_status.5.gz", "/usr/share/man/man5/proc_pid_syscall.5.gz", "/usr/share/man/man5/proc_pid_task.5.gz", "/usr/share/man/man5/proc_pid_timers.5.gz", "/usr/share/man/man5/proc_pid_timerslack_ns.5.gz", "/usr/share/man/man5/proc_pid_uid_map.5.gz", "/usr/share/man/man5/proc_pid_wchan.5.gz", "/usr/share/man/man5/proc_profile.5.gz", "/usr/share/man/man5/proc_scsi.5.gz", "/usr/share/man/man5/proc_slabinfo.5.gz", "/usr/share/man/man5/proc_stat.5.gz", "/usr/share/man/man5/proc_swaps.5.gz", "/usr/share/man/man5/proc_sys.5.gz", "/usr/share/man/man5/proc_sys_abi.5.gz", "/usr/share/man/man5/proc_sys_debug.5.gz", "/usr/share/man/man5/proc_sys_dev.5.gz", "/usr/share/man/man5/proc_sys_fs.5.gz", "/usr/share/man/man5/proc_sys_kernel.5.gz", "/usr/share/man/man5/proc_sys_net.5.gz", "/usr/share/man/man5/proc_sys_proc.5.gz", "/usr/share/man/man5/proc_sys_sunrpc.5.gz", "/usr/share/man/man5/proc_sys_user.5.gz", "/usr/share/man/man5/proc_sys_vm.5.gz", "/usr/share/man/man5/proc_sysrq-trigger.5.gz", "/usr/share/man/man5/proc_sysvipc.5.gz", "/usr/share/man/man5/proc_tid_children.5.gz", "/usr/share/man/man5/proc_timer_list.5.gz", "/usr/share/man/man5/proc_timer_stats.5.gz", "/usr/share/man/man5/proc_tty.5.gz", "/usr/share/man/man5/proc_uptime.5.gz", "/usr/share/man/man5/proc_version.5.gz", "/usr/share/man/man5/proc_vmstat.5.gz", "/usr/share/man/man5/proc_zoneinfo.5.gz", "/usr/share/man/man5/protocols.5.gz", "/usr/share/man/man5/repertoiremap.5.gz", "/usr/share/man/man5/resolv.conf.5.gz", "/usr/share/man/man5/rpc.5.gz", "/usr/share/man/man5/securetty.5.gz", "/usr/share/man/man5/services.5.gz", "/usr/share/man/man5/shells.5.gz", "/usr/share/man/man5/slabinfo.5.gz", "/usr/share/man/man5/sysfs.5.gz", "/usr/share/man/man5/termcap.5.gz", "/usr/share/man/man5/tmpfs.5.gz", "/usr/share/man/man5/ttytype.5.gz", "/usr/share/man/man5/tzfile.5.gz", "/usr/share/man/man5/utmp.5.gz", "/usr/share/man/man6/intro.6.gz", "/usr/share/man/man7/address_families.7.gz", "/usr/share/man/man7/aio.7.gz", "/usr/share/man/man7/armscii-8.7.gz", "/usr/share/man/man7/arp.7.gz", "/usr/share/man/man7/ascii.7.gz", "/usr/share/man/man7/attributes.7.gz", "/usr/share/man/man7/boot.7.gz", "/usr/share/man/man7/bootparam.7.gz", "/usr/share/man/man7/bpf-helpers.7.gz", "/usr/share/man/man7/capabilities.7.gz", "/usr/share/man/man7/cgroup_namespaces.7.gz", "/usr/share/man/man7/cgroups.7.gz", "/usr/share/man/man7/charsets.7.gz", "/usr/share/man/man7/complex.7.gz", "/usr/share/man/man7/cp1251.7.gz", "/usr/share/man/man7/cp1252.7.gz", "/usr/share/man/man7/cpuset.7.gz", "/usr/share/man/man7/credentials.7.gz", "/usr/share/man/man7/ddp.7.gz", "/usr/share/man/man7/environ.7.gz", "/usr/share/man/man7/epoll.7.gz", "/usr/share/man/man7/fanotify.7.gz", "/usr/share/man/man7/feature_test_macros.7.gz", "/usr/share/man/man7/fifo.7.gz", "/usr/share/man/man7/futex.7.gz", "/usr/share/man/man7/glob.7.gz", "/usr/share/man/man7/hier.7.gz", "/usr/share/man/man7/hostname.7.gz", "/usr/share/man/man7/icmp.7.gz", "/usr/share/man/man7/inode.7.gz", "/usr/share/man/man7/inotify.7.gz", "/usr/share/man/man7/intro.7.gz", "/usr/share/man/man7/ip.7.gz", "/usr/share/man/man7/ipc_namespaces.7.gz", "/usr/share/man/man7/ipv6.7.gz", "/usr/share/man/man7/iso_8859-1.7.gz", "/usr/share/man/man7/iso_8859-10.7.gz", "/usr/share/man/man7/iso_8859-11.7.gz", "/usr/share/man/man7/iso_8859-13.7.gz", "/usr/share/man/man7/iso_8859-14.7.gz", "/usr/share/man/man7/iso_8859-15.7.gz", "/usr/share/man/man7/iso_8859-16.7.gz", "/usr/share/man/man7/iso_8859-2.7.gz", "/usr/share/man/man7/iso_8859-3.7.gz", "/usr/share/man/man7/iso_8859-4.7.gz", "/usr/share/man/man7/iso_8859-5.7.gz", "/usr/share/man/man7/iso_8859-6.7.gz", "/usr/share/man/man7/iso_8859-7.7.gz", "/usr/share/man/man7/iso_8859-8.7.gz", "/usr/share/man/man7/iso_8859-9.7.gz", "/usr/share/man/man7/kernel_lockdown.7.gz", "/usr/share/man/man7/keyrings.7.gz", "/usr/share/man/man7/koi8-r.7.gz", "/usr/share/man/man7/koi8-u.7.gz", "/usr/share/man/man7/landlock.7.gz", "/usr/share/man/man7/libc.7.gz", "/usr/share/man/man7/locale.7.gz", "/usr/share/man/man7/mailaddr.7.gz", "/usr/share/man/man7/man-pages.7.gz", "/usr/share/man/man7/man.7.gz", "/usr/share/man/man7/math_error.7.gz", "/usr/share/man/man7/mount_namespaces.7.gz", "/usr/share/man/man7/mq_overview.7.gz", "/usr/share/man/man7/namespaces.7.gz", "/usr/share/man/man7/netdevice.7.gz", "/usr/share/man/man7/netlink.7.gz", "/usr/share/man/man7/network_namespaces.7.gz", "/usr/share/man/man7/nptl.7.gz", "/usr/share/man/man7/numa.7.gz", "/usr/share/man/man7/operator.7.gz", "/usr/share/man/man7/packet.7.gz", "/usr/share/man/man7/path_resolution.7.gz", "/usr/share/man/man7/persistent-keyring.7.gz", "/usr/share/man/man7/pid_namespaces.7.gz", "/usr/share/man/man7/pipe.7.gz", "/usr/share/man/man7/pkeys.7.gz", "/usr/share/man/man7/posixoptions.7.gz", "/usr/share/man/man7/process-keyring.7.gz", "/usr/share/man/man7/pthreads.7.gz", "/usr/share/man/man7/pty.7.gz", "/usr/share/man/man7/queue.7.gz", "/usr/share/man/man7/random.7.gz", "/usr/share/man/man7/raw.7.gz", "/usr/share/man/man7/regex.7.gz", "/usr/share/man/man7/rtld-audit.7.gz", "/usr/share/man/man7/rtnetlink.7.gz", "/usr/share/man/man7/sched.7.gz", "/usr/share/man/man7/sem_overview.7.gz", "/usr/share/man/man7/session-keyring.7.gz", "/usr/share/man/man7/shm_overview.7.gz", "/usr/share/man/man7/signal-safety.7.gz", "/usr/share/man/man7/signal.7.gz", "/usr/share/man/man7/sock_diag.7.gz", "/usr/share/man/man7/socket.7.gz", "/usr/share/man/man7/spufs.7.gz", "/usr/share/man/man7/standards.7.gz", "/usr/share/man/man7/string_copying.7.gz", "/usr/share/man/man7/suffixes.7.gz", "/usr/share/man/man7/symlink.7.gz", "/usr/share/man/man7/system_data_types.7.gz", "/usr/share/man/man7/sysvipc.7.gz", "/usr/share/man/man7/tcp.7.gz", "/usr/share/man/man7/termio.7.gz", "/usr/share/man/man7/thread-keyring.7.gz", "/usr/share/man/man7/time.7.gz", "/usr/share/man/man7/time_namespaces.7.gz", "/usr/share/man/man7/udp.7.gz", "/usr/share/man/man7/udplite.7.gz", "/usr/share/man/man7/unicode.7.gz", "/usr/share/man/man7/units.7.gz", "/usr/share/man/man7/unix.7.gz", "/usr/share/man/man7/uri.7.gz", "/usr/share/man/man7/user-keyring.7.gz", "/usr/share/man/man7/user-session-keyring.7.gz", "/usr/share/man/man7/user_namespaces.7.gz", "/usr/share/man/man7/utf-8.7.gz", "/usr/share/man/man7/uts_namespaces.7.gz", "/usr/share/man/man7/vdso.7.gz", "/usr/share/man/man7/vsock.7.gz", "/usr/share/man/man7/x25.7.gz", "/usr/share/man/man7/xattr.7.gz", "/usr/share/man/man8/iconvconfig.8.gz", "/usr/share/man/man8/intro.8.gz", "/usr/share/man/man8/ld.so.8.gz", "/usr/share/man/man8/ldconfig.8.gz", "/usr/share/man/man8/sln.8.gz", "/usr/share/man/man8/tzselect.8.gz", "/usr/share/man/man8/zdump.8.gz", "/usr/share/man/man8/zic.8.gz" ] }, { "ID": "manpages-dev@6.9.1-1", "Name": "manpages-dev", "Identifier": { "PURL": "pkg:deb/debian/manpages-dev@6.9.1-1?arch=all\u0026distro=debian-13.1", "UID": "abfc34cc9960bd6a" }, "Version": "6.9.1", "Release": "1", "Arch": "all", "SrcName": "manpages", "SrcVersion": "6.9.1", "SrcRelease": "1", "Maintainer": "Dr. Tobias Quathamer \u003ctoddy@debian.org\u003e", "DependsOn": [ "manpages@6.9.1-1" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/share/lintian/overrides/manpages-dev", "/usr/share/man/man2/FAT_IOCTL_GET_VOLUME_ID.2const.gz", "/usr/share/man/man2/FAT_IOCTL_SET_ATTRIBUTES.2const.gz", "/usr/share/man/man2/FICLONE.2const.gz", "/usr/share/man/man2/FIDEDUPERANGE.2const.gz", "/usr/share/man/man2/FIONREAD.2const.gz", "/usr/share/man/man2/FS_IOC_SETFLAGS.2const.gz", "/usr/share/man/man2/FS_IOC_SETFSLABEL.2const.gz", "/usr/share/man/man2/NS_GET_NSTYPE.2const.gz", "/usr/share/man/man2/NS_GET_OWNER_UID.2const.gz", "/usr/share/man/man2/NS_GET_USERNS.2const.gz", "/usr/share/man/man2/PAGEMAP_SCAN.2const.gz", "/usr/share/man/man2/PR_CAPBSET_DROP.2const.gz", "/usr/share/man/man2/PR_CAPBSET_READ.2const.gz", "/usr/share/man/man2/PR_CAP_AMBIENT.2const.gz", "/usr/share/man/man2/PR_CAP_AMBIENT_CLEAR_ALL.2const.gz", "/usr/share/man/man2/PR_CAP_AMBIENT_IS_SET.2const.gz", "/usr/share/man/man2/PR_CAP_AMBIENT_LOWER.2const.gz", "/usr/share/man/man2/PR_CAP_AMBIENT_RAISE.2const.gz", "/usr/share/man/man2/PR_GET_AUXV.2const.gz", "/usr/share/man/man2/PR_GET_CHILD_SUBREAPER.2const.gz", "/usr/share/man/man2/PR_GET_DUMPABLE.2const.gz", "/usr/share/man/man2/PR_GET_ENDIAN.2const.gz", "/usr/share/man/man2/PR_GET_FPEMU.2const.gz", "/usr/share/man/man2/PR_GET_FPEXC.2const.gz", "/usr/share/man/man2/PR_GET_FP_MODE.2const.gz", "/usr/share/man/man2/PR_GET_IO_FLUSHER.2const.gz", "/usr/share/man/man2/PR_GET_KEEPCAPS.2const.gz", "/usr/share/man/man2/PR_GET_MDWE.2const.gz", "/usr/share/man/man2/PR_GET_NO_NEW_PRIVS.2const.gz", "/usr/share/man/man2/PR_GET_PDEATHSIG.2const.gz", "/usr/share/man/man2/PR_GET_SECCOMP.2.gz", "/usr/share/man/man2/PR_GET_SECUREBITS.2const.gz", "/usr/share/man/man2/PR_GET_SPECULATION_CTRL.2const.gz", "/usr/share/man/man2/PR_GET_TAGGED_ADDR_CTRL.2const.gz", "/usr/share/man/man2/PR_GET_THP_DISABLE.2const.gz", "/usr/share/man/man2/PR_GET_TID_ADDRESS.2const.gz", "/usr/share/man/man2/PR_GET_TIMERSLACK.2const.gz", "/usr/share/man/man2/PR_GET_TIMING.2const.gz", "/usr/share/man/man2/PR_GET_TSC.2const.gz", "/usr/share/man/man2/PR_GET_UNALIGN.2const.gz", "/usr/share/man/man2/PR_MCE_KILL.2const.gz", "/usr/share/man/man2/PR_MCE_KILL_CLEAR.2const.gz", "/usr/share/man/man2/PR_MCE_KILL_GET.2const.gz", "/usr/share/man/man2/PR_MCE_KILL_SET.2const.gz", "/usr/share/man/man2/PR_MPX_DISABLE_MANAGEMENT.2const.gz", "/usr/share/man/man2/PR_MPX_ENABLE_MANAGEMENT.2.gz", "/usr/share/man/man2/PR_PAC_RESET_KEYS.2const.gz", "/usr/share/man/man2/PR_SET_CHILD_SUBREAPER.2const.gz", "/usr/share/man/man2/PR_SET_DUMPABLE.2const.gz", "/usr/share/man/man2/PR_SET_ENDIAN.2const.gz", "/usr/share/man/man2/PR_SET_FPEMU.2const.gz", "/usr/share/man/man2/PR_SET_FPEXC.2const.gz", "/usr/share/man/man2/PR_SET_FP_MODE.2const.gz", "/usr/share/man/man2/PR_SET_IO_FLUSHER.2const.gz", "/usr/share/man/man2/PR_SET_KEEPCAPS.2const.gz", "/usr/share/man/man2/PR_SET_MDWE.2const.gz", "/usr/share/man/man2/PR_SET_MM.2const.gz", "/usr/share/man/man2/PR_SET_MM_ARG_START.2const.gz", "/usr/share/man/man2/PR_SET_MM_AUXV.2const.gz", "/usr/share/man/man2/PR_SET_MM_BRK.2const.gz", "/usr/share/man/man2/PR_SET_MM_EXE_FILE.2const.gz", "/usr/share/man/man2/PR_SET_MM_MAP.2const.gz", "/usr/share/man/man2/PR_SET_MM_START_BRK.2const.gz", "/usr/share/man/man2/PR_SET_MM_START_CODE.2const.gz", "/usr/share/man/man2/PR_SET_MM_START_DATA.2const.gz", "/usr/share/man/man2/PR_SET_MM_START_STACK.2const.gz", "/usr/share/man/man2/PR_SET_NAME.2const.gz", "/usr/share/man/man2/PR_SET_NO_NEW_PRIVS.2const.gz", "/usr/share/man/man2/PR_SET_PDEATHSIG.2const.gz", "/usr/share/man/man2/PR_SET_PTRACER.2const.gz", "/usr/share/man/man2/PR_SET_SECCOMP.2const.gz", "/usr/share/man/man2/PR_SET_SECUREBITS.2const.gz", "/usr/share/man/man2/PR_SET_SPECULATION_CTRL.2const.gz", "/usr/share/man/man2/PR_SET_SYSCALL_USER_DISPATCH.2const.gz", "/usr/share/man/man2/PR_SET_TAGGED_ADDR_CTRL.2const.gz", "/usr/share/man/man2/PR_SET_THP_DISABLE.2const.gz", "/usr/share/man/man2/PR_SET_TIMERSLACK.2const.gz", "/usr/share/man/man2/PR_SET_TIMING.2const.gz", "/usr/share/man/man2/PR_SET_TSC.2const.gz", "/usr/share/man/man2/PR_SET_UNALIGN.2const.gz", "/usr/share/man/man2/PR_SET_VMA.2const.gz", "/usr/share/man/man2/PR_SVE_GET_VL.2const.gz", "/usr/share/man/man2/PR_SVE_SET_VL.2const.gz", "/usr/share/man/man2/PR_TASK_PERF_EVENTS_DISABLE.2.gz", "/usr/share/man/man2/PR_TASK_PERF_EVENTS_ENABLE.2const.gz", "/usr/share/man/man2/TCSBRK.2const.gz", "/usr/share/man/man2/TCSETS.2const.gz", "/usr/share/man/man2/TCXONC.2const.gz", "/usr/share/man/man2/TIOCCONS.2const.gz", "/usr/share/man/man2/TIOCEXCL.2const.gz", "/usr/share/man/man2/TIOCLINUX.2const.gz", "/usr/share/man/man2/TIOCMSET.2const.gz", "/usr/share/man/man2/TIOCPKT.2const.gz", "/usr/share/man/man2/TIOCSCTTY.2const.gz", "/usr/share/man/man2/TIOCSETD.2const.gz", "/usr/share/man/man2/TIOCSLCKTRMIOS.2const.gz", "/usr/share/man/man2/TIOCSPGRP.2const.gz", "/usr/share/man/man2/TIOCSSOFTCAR.2const.gz", "/usr/share/man/man2/TIOCSTI.2const.gz", "/usr/share/man/man2/TIOCSWINSZ.2const.gz", "/usr/share/man/man2/TIOCTTYGSTRUCT.2const.gz", "/usr/share/man/man2/UFFDIO_API.2const.gz", "/usr/share/man/man2/UFFDIO_CONTINUE.2const.gz", "/usr/share/man/man2/UFFDIO_COPY.2const.gz", "/usr/share/man/man2/UFFDIO_POISON.2const.gz", "/usr/share/man/man2/UFFDIO_REGISTER.2const.gz", "/usr/share/man/man2/UFFDIO_UNREGISTER.2const.gz", "/usr/share/man/man2/UFFDIO_WAKE.2const.gz", "/usr/share/man/man2/UFFDIO_WRITEPROTECT.2const.gz", "/usr/share/man/man2/UFFDIO_ZEROPAGE.2const.gz", "/usr/share/man/man2/VFAT_IOCTL_READDIR_BOTH.2const.gz", "/usr/share/man/man2/_exit.2.gz", "/usr/share/man/man2/_syscall.2.gz", "/usr/share/man/man2/accept.2.gz", "/usr/share/man/man2/access.2.gz", "/usr/share/man/man2/acct.2.gz", "/usr/share/man/man2/add_key.2.gz", "/usr/share/man/man2/adjtimex.2.gz", "/usr/share/man/man2/alarm.2.gz", "/usr/share/man/man2/alloc_hugepages.2.gz", "/usr/share/man/man2/arch_prctl.2.gz", "/usr/share/man/man2/bdflush.2.gz", "/usr/share/man/man2/bind.2.gz", "/usr/share/man/man2/bpf.2.gz", "/usr/share/man/man2/brk.2.gz", "/usr/share/man/man2/cacheflush.2.gz", "/usr/share/man/man2/capget.2.gz", "/usr/share/man/man2/chdir.2.gz", "/usr/share/man/man2/chmod.2.gz", "/usr/share/man/man2/chown.2.gz", "/usr/share/man/man2/chroot.2.gz", "/usr/share/man/man2/clock_getres.2.gz", "/usr/share/man/man2/clock_nanosleep.2.gz", "/usr/share/man/man2/clone.2.gz", "/usr/share/man/man2/close.2.gz", "/usr/share/man/man2/close_range.2.gz", "/usr/share/man/man2/connect.2.gz", "/usr/share/man/man2/copy_file_range.2.gz", "/usr/share/man/man2/create_module.2.gz", "/usr/share/man/man2/delete_module.2.gz", "/usr/share/man/man2/dup.2.gz", "/usr/share/man/man2/epoll_create.2.gz", "/usr/share/man/man2/epoll_ctl.2.gz", "/usr/share/man/man2/epoll_wait.2.gz", "/usr/share/man/man2/eventfd.2.gz", "/usr/share/man/man2/execve.2.gz", "/usr/share/man/man2/execveat.2.gz", "/usr/share/man/man2/exit_group.2.gz", "/usr/share/man/man2/fallocate.2.gz", "/usr/share/man/man2/fanotify_init.2.gz", "/usr/share/man/man2/fanotify_mark.2.gz", "/usr/share/man/man2/fcntl.2.gz", "/usr/share/man/man2/flock.2.gz", "/usr/share/man/man2/fork.2.gz", "/usr/share/man/man2/fsync.2.gz", "/usr/share/man/man2/futex.2.gz", "/usr/share/man/man2/futimesat.2.gz", "/usr/share/man/man2/get_kernel_syms.2.gz", "/usr/share/man/man2/get_mempolicy.2.gz", "/usr/share/man/man2/get_robust_list.2.gz", "/usr/share/man/man2/getcpu.2.gz", "/usr/share/man/man2/getdents.2.gz", "/usr/share/man/man2/getdomainname.2.gz", "/usr/share/man/man2/getgid.2.gz", "/usr/share/man/man2/getgroups.2.gz", "/usr/share/man/man2/gethostname.2.gz", "/usr/share/man/man2/getitimer.2.gz", "/usr/share/man/man2/getpagesize.2.gz", "/usr/share/man/man2/getpeername.2.gz", "/usr/share/man/man2/getpid.2.gz", "/usr/share/man/man2/getpriority.2.gz", "/usr/share/man/man2/getrandom.2.gz", "/usr/share/man/man2/getresuid.2.gz", "/usr/share/man/man2/getrlimit.2.gz", "/usr/share/man/man2/getrusage.2.gz", "/usr/share/man/man2/getsid.2.gz", "/usr/share/man/man2/getsockname.2.gz", "/usr/share/man/man2/getsockopt.2.gz", "/usr/share/man/man2/gettid.2.gz", "/usr/share/man/man2/gettimeofday.2.gz", "/usr/share/man/man2/getuid.2.gz", "/usr/share/man/man2/getunwind.2.gz", "/usr/share/man/man2/getxattr.2.gz", "/usr/share/man/man2/idle.2.gz", "/usr/share/man/man2/init_module.2.gz", "/usr/share/man/man2/inotify_add_watch.2.gz", "/usr/share/man/man2/inotify_init.2.gz", "/usr/share/man/man2/inotify_rm_watch.2.gz", "/usr/share/man/man2/io_cancel.2.gz", "/usr/share/man/man2/io_destroy.2.gz", "/usr/share/man/man2/io_getevents.2.gz", "/usr/share/man/man2/io_setup.2.gz", "/usr/share/man/man2/io_submit.2.gz", "/usr/share/man/man2/ioctl.2.gz", "/usr/share/man/man2/ioctl_console.2.gz", "/usr/share/man/man2/ioctl_eventpoll.2.gz", "/usr/share/man/man2/ioctl_fat.2.gz", "/usr/share/man/man2/ioctl_fs.2.gz", "/usr/share/man/man2/ioctl_fsmap.2.gz", "/usr/share/man/man2/ioctl_kd.2.gz", "/usr/share/man/man2/ioctl_nsfs.2.gz", "/usr/share/man/man2/ioctl_pipe.2.gz", "/usr/share/man/man2/ioctl_tty.2.gz", "/usr/share/man/man2/ioctl_userfaultfd.2.gz", "/usr/share/man/man2/ioctl_vt.2.gz", "/usr/share/man/man2/ioperm.2.gz", "/usr/share/man/man2/iopl.2.gz", "/usr/share/man/man2/ioprio_set.2.gz", "/usr/share/man/man2/ipc.2.gz", "/usr/share/man/man2/kcmp.2.gz", "/usr/share/man/man2/kexec_load.2.gz", "/usr/share/man/man2/keyctl.2.gz", "/usr/share/man/man2/kill.2.gz", "/usr/share/man/man2/landlock_add_rule.2.gz", "/usr/share/man/man2/landlock_create_ruleset.2.gz", "/usr/share/man/man2/landlock_restrict_self.2.gz", "/usr/share/man/man2/link.2.gz", "/usr/share/man/man2/listen.2.gz", "/usr/share/man/man2/listxattr.2.gz", "/usr/share/man/man2/llseek.2.gz", "/usr/share/man/man2/lookup_dcookie.2.gz", "/usr/share/man/man2/lseek.2.gz", "/usr/share/man/man2/madvise.2.gz", "/usr/share/man/man2/mbind.2.gz", "/usr/share/man/man2/membarrier.2.gz", "/usr/share/man/man2/memfd_create.2.gz", "/usr/share/man/man2/memfd_secret.2.gz", "/usr/share/man/man2/migrate_pages.2.gz", "/usr/share/man/man2/mincore.2.gz", "/usr/share/man/man2/mkdir.2.gz", "/usr/share/man/man2/mknod.2.gz", "/usr/share/man/man2/mlock.2.gz", "/usr/share/man/man2/mmap.2.gz", "/usr/share/man/man2/mmap2.2.gz", "/usr/share/man/man2/modify_ldt.2.gz", "/usr/share/man/man2/mount.2.gz", "/usr/share/man/man2/mount_setattr.2.gz", "/usr/share/man/man2/move_pages.2.gz", "/usr/share/man/man2/mprotect.2.gz", "/usr/share/man/man2/mq_getsetattr.2.gz", "/usr/share/man/man2/mremap.2.gz", "/usr/share/man/man2/msgctl.2.gz", "/usr/share/man/man2/msgget.2.gz", "/usr/share/man/man2/msgop.2.gz", "/usr/share/man/man2/msync.2.gz", "/usr/share/man/man2/nanosleep.2.gz", "/usr/share/man/man2/nfsservctl.2.gz", "/usr/share/man/man2/nice.2.gz", "/usr/share/man/man2/open.2.gz", "/usr/share/man/man2/open_by_handle_at.2.gz", "/usr/share/man/man2/open_how.2type.gz", "/usr/share/man/man2/openat2.2.gz", "/usr/share/man/man2/outb.2.gz", "/usr/share/man/man2/pause.2.gz", "/usr/share/man/man2/pciconfig_read.2.gz", "/usr/share/man/man2/perf_event_open.2.gz", "/usr/share/man/man2/perfmonctl.2.gz", "/usr/share/man/man2/personality.2.gz", "/usr/share/man/man2/pidfd_getfd.2.gz", "/usr/share/man/man2/pidfd_open.2.gz", "/usr/share/man/man2/pidfd_send_signal.2.gz", "/usr/share/man/man2/pipe.2.gz", "/usr/share/man/man2/pivot_root.2.gz", "/usr/share/man/man2/pkey_alloc.2.gz", "/usr/share/man/man2/poll.2.gz", "/usr/share/man/man2/posix_fadvise.2.gz", "/usr/share/man/man2/prctl.2.gz", "/usr/share/man/man2/pread.2.gz", "/usr/share/man/man2/process_madvise.2.gz", "/usr/share/man/man2/process_vm_readv.2.gz", "/usr/share/man/man2/ptrace.2.gz", "/usr/share/man/man2/query_module.2.gz", "/usr/share/man/man2/quotactl.2.gz", "/usr/share/man/man2/read.2.gz", "/usr/share/man/man2/readahead.2.gz", "/usr/share/man/man2/readdir.2.gz", "/usr/share/man/man2/readlink.2.gz", "/usr/share/man/man2/readv.2.gz", "/usr/share/man/man2/reboot.2.gz", "/usr/share/man/man2/recv.2.gz", "/usr/share/man/man2/recvmmsg.2.gz", "/usr/share/man/man2/remap_file_pages.2.gz", "/usr/share/man/man2/removexattr.2.gz", "/usr/share/man/man2/rename.2.gz", "/usr/share/man/man2/request_key.2.gz", "/usr/share/man/man2/restart_syscall.2.gz", "/usr/share/man/man2/rmdir.2.gz", "/usr/share/man/man2/rt_sigqueueinfo.2.gz", "/usr/share/man/man2/s390_guarded_storage.2.gz", "/usr/share/man/man2/s390_pci_mmio_write.2.gz", "/usr/share/man/man2/s390_runtime_instr.2.gz", "/usr/share/man/man2/s390_sthyi.2.gz", "/usr/share/man/man2/sched_get_priority_max.2.gz", "/usr/share/man/man2/sched_rr_get_interval.2.gz", "/usr/share/man/man2/sched_setaffinity.2.gz", "/usr/share/man/man2/sched_setattr.2.gz", "/usr/share/man/man2/sched_setparam.2.gz", "/usr/share/man/man2/sched_setscheduler.2.gz", "/usr/share/man/man2/sched_yield.2.gz", "/usr/share/man/man2/seccomp.2.gz", "/usr/share/man/man2/seccomp_unotify.2.gz", "/usr/share/man/man2/select.2.gz", "/usr/share/man/man2/select_tut.2.gz", "/usr/share/man/man2/semctl.2.gz", "/usr/share/man/man2/semget.2.gz", "/usr/share/man/man2/semop.2.gz", "/usr/share/man/man2/send.2.gz", "/usr/share/man/man2/sendfile.2.gz", "/usr/share/man/man2/sendmmsg.2.gz", "/usr/share/man/man2/set_mempolicy.2.gz", "/usr/share/man/man2/set_thread_area.2.gz", "/usr/share/man/man2/set_tid_address.2.gz", "/usr/share/man/man2/seteuid.2.gz", "/usr/share/man/man2/setfsgid.2.gz", "/usr/share/man/man2/setfsuid.2.gz", "/usr/share/man/man2/setgid.2.gz", "/usr/share/man/man2/setns.2.gz", "/usr/share/man/man2/setpgid.2.gz", "/usr/share/man/man2/setresuid.2.gz", "/usr/share/man/man2/setreuid.2.gz", "/usr/share/man/man2/setsid.2.gz", "/usr/share/man/man2/setuid.2.gz", "/usr/share/man/man2/setup.2.gz", "/usr/share/man/man2/setxattr.2.gz", "/usr/share/man/man2/sgetmask.2.gz", "/usr/share/man/man2/shmctl.2.gz", "/usr/share/man/man2/shmget.2.gz", "/usr/share/man/man2/shmop.2.gz", "/usr/share/man/man2/shutdown.2.gz", "/usr/share/man/man2/sigaction.2.gz", "/usr/share/man/man2/sigaltstack.2.gz", "/usr/share/man/man2/signal.2.gz", "/usr/share/man/man2/signalfd.2.gz", "/usr/share/man/man2/sigpending.2.gz", "/usr/share/man/man2/sigprocmask.2.gz", "/usr/share/man/man2/sigreturn.2.gz", "/usr/share/man/man2/sigsuspend.2.gz", "/usr/share/man/man2/sigwaitinfo.2.gz", "/usr/share/man/man2/socket.2.gz", "/usr/share/man/man2/socketcall.2.gz", "/usr/share/man/man2/socketpair.2.gz", "/usr/share/man/man2/splice.2.gz", "/usr/share/man/man2/spu_create.2.gz", "/usr/share/man/man2/spu_run.2.gz", "/usr/share/man/man2/stat.2.gz", "/usr/share/man/man2/statfs.2.gz", "/usr/share/man/man2/statx.2.gz", "/usr/share/man/man2/stime.2.gz", "/usr/share/man/man2/subpage_prot.2.gz", "/usr/share/man/man2/swapon.2.gz", "/usr/share/man/man2/symlink.2.gz", "/usr/share/man/man2/sync.2.gz", "/usr/share/man/man2/sync_file_range.2.gz", "/usr/share/man/man2/syscall.2.gz", "/usr/share/man/man2/syscalls.2.gz", "/usr/share/man/man2/sysctl.2.gz", "/usr/share/man/man2/sysfs.2.gz", "/usr/share/man/man2/sysinfo.2.gz", "/usr/share/man/man2/syslog.2.gz", "/usr/share/man/man2/tee.2.gz", "/usr/share/man/man2/time.2.gz", "/usr/share/man/man2/timer_create.2.gz", "/usr/share/man/man2/timer_delete.2.gz", "/usr/share/man/man2/timer_getoverrun.2.gz", "/usr/share/man/man2/timer_settime.2.gz", "/usr/share/man/man2/timerfd_create.2.gz", "/usr/share/man/man2/times.2.gz", "/usr/share/man/man2/tkill.2.gz", "/usr/share/man/man2/truncate.2.gz", "/usr/share/man/man2/umask.2.gz", "/usr/share/man/man2/umount.2.gz", "/usr/share/man/man2/uname.2.gz", "/usr/share/man/man2/unimplemented.2.gz", "/usr/share/man/man2/unlink.2.gz", "/usr/share/man/man2/unshare.2.gz", "/usr/share/man/man2/uselib.2.gz", "/usr/share/man/man2/userfaultfd.2.gz", "/usr/share/man/man2/ustat.2.gz", "/usr/share/man/man2/utime.2.gz", "/usr/share/man/man2/utimensat.2.gz", "/usr/share/man/man2/vfork.2.gz", "/usr/share/man/man2/vhangup.2.gz", "/usr/share/man/man2/vm86.2.gz", "/usr/share/man/man2/vmsplice.2.gz", "/usr/share/man/man2/wait.2.gz", "/usr/share/man/man2/wait4.2.gz", "/usr/share/man/man2/write.2.gz", "/usr/share/man/man3/CPU_SET.3.gz", "/usr/share/man/man3/EOF.3const.gz", "/usr/share/man/man3/EXIT_SUCCESS.3const.gz", "/usr/share/man/man3/FILE.3type.gz", "/usr/share/man/man3/INFINITY.3.gz", "/usr/share/man/man3/MAX.3.gz", "/usr/share/man/man3/MB_CUR_MAX.3.gz", "/usr/share/man/man3/MB_LEN_MAX.3.gz", "/usr/share/man/man3/NULL.3const.gz", "/usr/share/man/man3/TIMEVAL_TO_TIMESPEC.3.gz", "/usr/share/man/man3/_Generic.3.gz", "/usr/share/man/man3/__ppc_get_timebase.3.gz", "/usr/share/man/man3/__ppc_set_ppr_med.3.gz", "/usr/share/man/man3/__ppc_yield.3.gz", "/usr/share/man/man3/__setfpucw.3.gz", "/usr/share/man/man3/a64l.3.gz", "/usr/share/man/man3/abort.3.gz", "/usr/share/man/man3/abs.3.gz", "/usr/share/man/man3/acos.3.gz", "/usr/share/man/man3/acosh.3.gz", "/usr/share/man/man3/addseverity.3.gz", "/usr/share/man/man3/adjtime.3.gz", "/usr/share/man/man3/aio_cancel.3.gz", "/usr/share/man/man3/aio_error.3.gz", "/usr/share/man/man3/aio_fsync.3.gz", "/usr/share/man/man3/aio_init.3.gz", "/usr/share/man/man3/aio_read.3.gz", "/usr/share/man/man3/aio_return.3.gz", "/usr/share/man/man3/aio_suspend.3.gz", "/usr/share/man/man3/aio_write.3.gz", "/usr/share/man/man3/aiocb.3type.gz", "/usr/share/man/man3/alloca.3.gz", "/usr/share/man/man3/arc4random.3.gz", "/usr/share/man/man3/argz_add.3.gz", "/usr/share/man/man3/asin.3.gz", "/usr/share/man/man3/asinh.3.gz", "/usr/share/man/man3/asprintf.3.gz", "/usr/share/man/man3/assert.3.gz", "/usr/share/man/man3/assert_perror.3.gz", "/usr/share/man/man3/atan.3.gz", "/usr/share/man/man3/atan2.3.gz", "/usr/share/man/man3/atanh.3.gz", "/usr/share/man/man3/atexit.3.gz", "/usr/share/man/man3/atof.3.gz", "/usr/share/man/man3/atoi.3.gz", "/usr/share/man/man3/backtrace.3.gz", "/usr/share/man/man3/basename.3.gz", "/usr/share/man/man3/bcmp.3.gz", "/usr/share/man/man3/bcopy.3.gz", "/usr/share/man/man3/bindresvport.3.gz", "/usr/share/man/man3/blkcnt_t.3type.gz", "/usr/share/man/man3/blksize_t.3type.gz", "/usr/share/man/man3/bsd_signal.3.gz", "/usr/share/man/man3/bsearch.3.gz", "/usr/share/man/man3/bstring.3.gz", "/usr/share/man/man3/bswap.3.gz", "/usr/share/man/man3/btowc.3.gz", "/usr/share/man/man3/btree.3.gz", "/usr/share/man/man3/byteorder.3.gz", "/usr/share/man/man3/bzero.3.gz", "/usr/share/man/man3/cabs.3.gz", "/usr/share/man/man3/cacos.3.gz", "/usr/share/man/man3/cacosh.3.gz", "/usr/share/man/man3/canonicalize_file_name.3.gz", "/usr/share/man/man3/carg.3.gz", "/usr/share/man/man3/casin.3.gz", "/usr/share/man/man3/casinh.3.gz", "/usr/share/man/man3/catan.3.gz", "/usr/share/man/man3/catanh.3.gz", "/usr/share/man/man3/catgets.3.gz", "/usr/share/man/man3/catopen.3.gz", "/usr/share/man/man3/cbrt.3.gz", "/usr/share/man/man3/cc_t.3type.gz", "/usr/share/man/man3/ccos.3.gz", "/usr/share/man/man3/ccosh.3.gz", "/usr/share/man/man3/ceil.3.gz", "/usr/share/man/man3/cexp.3.gz", "/usr/share/man/man3/cexp2.3.gz", "/usr/share/man/man3/cfree.3.gz", "/usr/share/man/man3/cimag.3.gz", "/usr/share/man/man3/circleq.3.gz", "/usr/share/man/man3/clearenv.3.gz", "/usr/share/man/man3/clock.3.gz", "/usr/share/man/man3/clock_getcpuclockid.3.gz", "/usr/share/man/man3/clock_t.3type.gz", "/usr/share/man/man3/clockid_t.3type.gz", "/usr/share/man/man3/clog.3.gz", "/usr/share/man/man3/clog10.3.gz", "/usr/share/man/man3/clog2.3.gz", "/usr/share/man/man3/closedir.3.gz", "/usr/share/man/man3/cmsg.3.gz", "/usr/share/man/man3/confstr.3.gz", "/usr/share/man/man3/conj.3.gz", "/usr/share/man/man3/copysign.3.gz", "/usr/share/man/man3/cos.3.gz", "/usr/share/man/man3/cosh.3.gz", "/usr/share/man/man3/cpow.3.gz", "/usr/share/man/man3/cproj.3.gz", "/usr/share/man/man3/creal.3.gz", "/usr/share/man/man3/csin.3.gz", "/usr/share/man/man3/csinh.3.gz", "/usr/share/man/man3/csqrt.3.gz", "/usr/share/man/man3/ctan.3.gz", "/usr/share/man/man3/ctanh.3.gz", "/usr/share/man/man3/ctermid.3.gz", "/usr/share/man/man3/ctime.3.gz", "/usr/share/man/man3/daemon.3.gz", "/usr/share/man/man3/dbopen.3.gz", "/usr/share/man/man3/des_crypt.3.gz", "/usr/share/man/man3/dev_t.3type.gz", "/usr/share/man/man3/difftime.3.gz", "/usr/share/man/man3/dirfd.3.gz", "/usr/share/man/man3/div.3.gz", "/usr/share/man/man3/div_t.3type.gz", "/usr/share/man/man3/dl_iterate_phdr.3.gz", "/usr/share/man/man3/dladdr.3.gz", "/usr/share/man/man3/dlerror.3.gz", "/usr/share/man/man3/dlinfo.3.gz", "/usr/share/man/man3/dlopen.3.gz", "/usr/share/man/man3/dlsym.3.gz", "/usr/share/man/man3/double_t.3type.gz", "/usr/share/man/man3/drand48.3.gz", "/usr/share/man/man3/drand48_r.3.gz", "/usr/share/man/man3/duplocale.3.gz", "/usr/share/man/man3/dysize.3.gz", "/usr/share/man/man3/ecvt.3.gz", "/usr/share/man/man3/ecvt_r.3.gz", "/usr/share/man/man3/encrypt.3.gz", "/usr/share/man/man3/end.3.gz", "/usr/share/man/man3/endian.3.gz", "/usr/share/man/man3/envz_add.3.gz", "/usr/share/man/man3/epoll_event.3type.gz", "/usr/share/man/man3/erf.3.gz", "/usr/share/man/man3/erfc.3.gz", "/usr/share/man/man3/err.3.gz", "/usr/share/man/man3/errno.3.gz", "/usr/share/man/man3/error.3.gz", "/usr/share/man/man3/ether_aton.3.gz", "/usr/share/man/man3/euidaccess.3.gz", "/usr/share/man/man3/exec.3.gz", "/usr/share/man/man3/exit.3.gz", "/usr/share/man/man3/exp.3.gz", "/usr/share/man/man3/exp10.3.gz", "/usr/share/man/man3/exp2.3.gz", "/usr/share/man/man3/expm1.3.gz", "/usr/share/man/man3/fabs.3.gz", "/usr/share/man/man3/fclose.3.gz", "/usr/share/man/man3/fcloseall.3.gz", "/usr/share/man/man3/fdim.3.gz", "/usr/share/man/man3/fenv.3.gz", "/usr/share/man/man3/fenv_t.3type.gz", "/usr/share/man/man3/ferror.3.gz", "/usr/share/man/man3/fexecve.3.gz", "/usr/share/man/man3/fflush.3.gz", "/usr/share/man/man3/ffs.3.gz", "/usr/share/man/man3/fgetc.3.gz", "/usr/share/man/man3/fgetgrent.3.gz", "/usr/share/man/man3/fgetpwent.3.gz", "/usr/share/man/man3/fgetwc.3.gz", "/usr/share/man/man3/fgetws.3.gz", "/usr/share/man/man3/fileno.3.gz", "/usr/share/man/man3/finite.3.gz", "/usr/share/man/man3/flockfile.3.gz", "/usr/share/man/man3/floor.3.gz", "/usr/share/man/man3/fma.3.gz", "/usr/share/man/man3/fmax.3.gz", "/usr/share/man/man3/fmemopen.3.gz", "/usr/share/man/man3/fmin.3.gz", "/usr/share/man/man3/fmod.3.gz", "/usr/share/man/man3/fmtmsg.3.gz", "/usr/share/man/man3/fnmatch.3.gz", "/usr/share/man/man3/fopen.3.gz", "/usr/share/man/man3/fopencookie.3.gz", "/usr/share/man/man3/fpathconf.3.gz", "/usr/share/man/man3/fpclassify.3.gz", "/usr/share/man/man3/fpurge.3.gz", "/usr/share/man/man3/fputwc.3.gz", "/usr/share/man/man3/fputws.3.gz", "/usr/share/man/man3/fread.3.gz", "/usr/share/man/man3/frexp.3.gz", "/usr/share/man/man3/fseek.3.gz", "/usr/share/man/man3/fseeko.3.gz", "/usr/share/man/man3/ftime.3.gz", "/usr/share/man/man3/ftok.3.gz", "/usr/share/man/man3/fts.3.gz", "/usr/share/man/man3/ftw.3.gz", "/usr/share/man/man3/futimes.3.gz", "/usr/share/man/man3/fwide.3.gz", "/usr/share/man/man3/gamma.3.gz", "/usr/share/man/man3/gcvt.3.gz", "/usr/share/man/man3/get_nprocs.3.gz", "/usr/share/man/man3/get_phys_pages.3.gz", "/usr/share/man/man3/getaddrinfo.3.gz", "/usr/share/man/man3/getaddrinfo_a.3.gz", "/usr/share/man/man3/getauxval.3.gz", "/usr/share/man/man3/getcontext.3.gz", "/usr/share/man/man3/getcwd.3.gz", "/usr/share/man/man3/getdate.3.gz", "/usr/share/man/man3/getdirentries.3.gz", "/usr/share/man/man3/getdtablesize.3.gz", "/usr/share/man/man3/getentropy.3.gz", "/usr/share/man/man3/getenv.3.gz", "/usr/share/man/man3/getfsent.3.gz", "/usr/share/man/man3/getgrent.3.gz", "/usr/share/man/man3/getgrent_r.3.gz", "/usr/share/man/man3/getgrnam.3.gz", "/usr/share/man/man3/getgrouplist.3.gz", "/usr/share/man/man3/gethostbyname.3.gz", "/usr/share/man/man3/gethostid.3.gz", "/usr/share/man/man3/getifaddrs.3.gz", "/usr/share/man/man3/getipnodebyname.3.gz", "/usr/share/man/man3/getline.3.gz", "/usr/share/man/man3/getloadavg.3.gz", "/usr/share/man/man3/getlogin.3.gz", "/usr/share/man/man3/getmntent.3.gz", "/usr/share/man/man3/getnameinfo.3.gz", "/usr/share/man/man3/getnetent.3.gz", "/usr/share/man/man3/getnetent_r.3.gz", "/usr/share/man/man3/getopt.3.gz", "/usr/share/man/man3/getpass.3.gz", "/usr/share/man/man3/getprotoent.3.gz", "/usr/share/man/man3/getprotoent_r.3.gz", "/usr/share/man/man3/getpt.3.gz", "/usr/share/man/man3/getpw.3.gz", "/usr/share/man/man3/getpwent.3.gz", "/usr/share/man/man3/getpwent_r.3.gz", "/usr/share/man/man3/getpwnam.3.gz", "/usr/share/man/man3/getrpcent.3.gz", "/usr/share/man/man3/getrpcent_r.3.gz", "/usr/share/man/man3/getrpcport.3.gz", "/usr/share/man/man3/gets.3.gz", "/usr/share/man/man3/getservent.3.gz", "/usr/share/man/man3/getservent_r.3.gz", "/usr/share/man/man3/getspnam.3.gz", "/usr/share/man/man3/getsubopt.3.gz", "/usr/share/man/man3/getttyent.3.gz", "/usr/share/man/man3/getusershell.3.gz", "/usr/share/man/man3/getutent.3.gz", "/usr/share/man/man3/getutmp.3.gz", "/usr/share/man/man3/getw.3.gz", "/usr/share/man/man3/getwchar.3.gz", "/usr/share/man/man3/glob.3.gz", "/usr/share/man/man3/gnu_get_libc_version.3.gz", "/usr/share/man/man3/grantpt.3.gz", "/usr/share/man/man3/group_member.3.gz", "/usr/share/man/man3/gsignal.3.gz", "/usr/share/man/man3/hash.3.gz", "/usr/share/man/man3/hsearch.3.gz", "/usr/share/man/man3/hypot.3.gz", "/usr/share/man/man3/iconv.3.gz", "/usr/share/man/man3/iconv_close.3.gz", "/usr/share/man/man3/iconv_open.3.gz", "/usr/share/man/man3/id_t.3type.gz", "/usr/share/man/man3/if_nameindex.3.gz", "/usr/share/man/man3/if_nametoindex.3.gz", "/usr/share/man/man3/ilogb.3.gz", "/usr/share/man/man3/index.3.gz", "/usr/share/man/man3/inet.3.gz", "/usr/share/man/man3/inet_net_pton.3.gz", "/usr/share/man/man3/inet_ntop.3.gz", "/usr/share/man/man3/inet_pton.3.gz", "/usr/share/man/man3/initgroups.3.gz", "/usr/share/man/man3/insque.3.gz", "/usr/share/man/man3/intN_t.3type.gz", "/usr/share/man/man3/intmax_t.3type.gz", "/usr/share/man/man3/intptr_t.3type.gz", "/usr/share/man/man3/iovec.3type.gz", "/usr/share/man/man3/isalpha.3.gz", "/usr/share/man/man3/isatty.3.gz", "/usr/share/man/man3/isfdtype.3.gz", "/usr/share/man/man3/isgreater.3.gz", "/usr/share/man/man3/iswalnum.3.gz", "/usr/share/man/man3/iswalpha.3.gz", "/usr/share/man/man3/iswblank.3.gz", "/usr/share/man/man3/iswcntrl.3.gz", "/usr/share/man/man3/iswctype.3.gz", "/usr/share/man/man3/iswdigit.3.gz", "/usr/share/man/man3/iswgraph.3.gz", "/usr/share/man/man3/iswlower.3.gz", "/usr/share/man/man3/iswprint.3.gz", "/usr/share/man/man3/iswpunct.3.gz", "/usr/share/man/man3/iswspace.3.gz", "/usr/share/man/man3/iswupper.3.gz", "/usr/share/man/man3/iswxdigit.3.gz", "/usr/share/man/man3/itimerspec.3type.gz", "/usr/share/man/man3/j0.3.gz", "/usr/share/man/man3/key_setsecret.3.gz", "/usr/share/man/man3/killpg.3.gz", "/usr/share/man/man3/lconv.3type.gz", "/usr/share/man/man3/ldexp.3.gz", "/usr/share/man/man3/lgamma.3.gz", "/usr/share/man/man3/lio_listio.3.gz", "/usr/share/man/man3/list.3.gz", "/usr/share/man/man3/locale_t.3type.gz", "/usr/share/man/man3/localeconv.3.gz", "/usr/share/man/man3/lockf.3.gz", "/usr/share/man/man3/log.3.gz", "/usr/share/man/man3/log10.3.gz", "/usr/share/man/man3/log1p.3.gz", "/usr/share/man/man3/log2.3.gz", "/usr/share/man/man3/logb.3.gz", "/usr/share/man/man3/login.3.gz", "/usr/share/man/man3/lrint.3.gz", "/usr/share/man/man3/lround.3.gz", "/usr/share/man/man3/lsearch.3.gz", "/usr/share/man/man3/lseek64.3.gz", "/usr/share/man/man3/makecontext.3.gz", "/usr/share/man/man3/makedev.3.gz", "/usr/share/man/man3/mallinfo.3.gz", "/usr/share/man/man3/malloc.3.gz", "/usr/share/man/man3/malloc_get_state.3.gz", "/usr/share/man/man3/malloc_hook.3.gz", "/usr/share/man/man3/malloc_info.3.gz", "/usr/share/man/man3/malloc_stats.3.gz", "/usr/share/man/man3/malloc_trim.3.gz", "/usr/share/man/man3/malloc_usable_size.3.gz", "/usr/share/man/man3/mallopt.3.gz", "/usr/share/man/man3/matherr.3.gz", "/usr/share/man/man3/mblen.3.gz", "/usr/share/man/man3/mbrlen.3.gz", "/usr/share/man/man3/mbrtowc.3.gz", "/usr/share/man/man3/mbsinit.3.gz", "/usr/share/man/man3/mbsnrtowcs.3.gz", "/usr/share/man/man3/mbsrtowcs.3.gz", "/usr/share/man/man3/mbstate_t.3type.gz", "/usr/share/man/man3/mbstowcs.3.gz", "/usr/share/man/man3/mbtowc.3.gz", "/usr/share/man/man3/mcheck.3.gz", "/usr/share/man/man3/memccpy.3.gz", "/usr/share/man/man3/memchr.3.gz", "/usr/share/man/man3/memcmp.3.gz", "/usr/share/man/man3/memcpy.3.gz", "/usr/share/man/man3/memfrob.3.gz", "/usr/share/man/man3/memmem.3.gz", "/usr/share/man/man3/memmove.3.gz", "/usr/share/man/man3/mempcpy.3.gz", "/usr/share/man/man3/memset.3.gz", "/usr/share/man/man3/mkdtemp.3.gz", "/usr/share/man/man3/mkfifo.3.gz", "/usr/share/man/man3/mkstemp.3.gz", "/usr/share/man/man3/mktemp.3.gz", "/usr/share/man/man3/mode_t.3type.gz", "/usr/share/man/man3/modf.3.gz", "/usr/share/man/man3/mpool.3.gz", "/usr/share/man/man3/mq_close.3.gz", "/usr/share/man/man3/mq_getattr.3.gz", "/usr/share/man/man3/mq_notify.3.gz", "/usr/share/man/man3/mq_open.3.gz", "/usr/share/man/man3/mq_receive.3.gz", "/usr/share/man/man3/mq_send.3.gz", "/usr/share/man/man3/mq_unlink.3.gz", "/usr/share/man/man3/mtrace.3.gz", "/usr/share/man/man3/nan.3.gz", "/usr/share/man/man3/netlink.3.gz", "/usr/share/man/man3/newlocale.3.gz", "/usr/share/man/man3/nextafter.3.gz", "/usr/share/man/man3/nextup.3.gz", "/usr/share/man/man3/nl_langinfo.3.gz", "/usr/share/man/man3/ntp_gettime.3.gz", "/usr/share/man/man3/off_t.3type.gz", "/usr/share/man/man3/offsetof.3.gz", "/usr/share/man/man3/on_exit.3.gz", "/usr/share/man/man3/open_memstream.3.gz", "/usr/share/man/man3/opendir.3.gz", "/usr/share/man/man3/openpty.3.gz", "/usr/share/man/man3/perror.3.gz", "/usr/share/man/man3/popen.3.gz", "/usr/share/man/man3/posix_fallocate.3.gz", "/usr/share/man/man3/posix_madvise.3.gz", "/usr/share/man/man3/posix_memalign.3.gz", "/usr/share/man/man3/posix_openpt.3.gz", "/usr/share/man/man3/posix_spawn.3.gz", "/usr/share/man/man3/pow.3.gz", "/usr/share/man/man3/pow10.3.gz", "/usr/share/man/man3/powerof2.3.gz", "/usr/share/man/man3/printf.3.gz", "/usr/share/man/man3/printf.h.3head.gz", "/usr/share/man/man3/profil.3.gz", "/usr/share/man/man3/program_invocation_name.3.gz", "/usr/share/man/man3/psignal.3.gz", "/usr/share/man/man3/pthread_atfork.3.gz", "/usr/share/man/man3/pthread_attr_init.3.gz", "/usr/share/man/man3/pthread_attr_setaffinity_np.3.gz", "/usr/share/man/man3/pthread_attr_setdetachstate.3.gz", "/usr/share/man/man3/pthread_attr_setguardsize.3.gz", "/usr/share/man/man3/pthread_attr_setinheritsched.3.gz", "/usr/share/man/man3/pthread_attr_setschedparam.3.gz", "/usr/share/man/man3/pthread_attr_setschedpolicy.3.gz", "/usr/share/man/man3/pthread_attr_setscope.3.gz", "/usr/share/man/man3/pthread_attr_setsigmask_np.3.gz", "/usr/share/man/man3/pthread_attr_setstack.3.gz", "/usr/share/man/man3/pthread_attr_setstackaddr.3.gz", "/usr/share/man/man3/pthread_attr_setstacksize.3.gz", "/usr/share/man/man3/pthread_cancel.3.gz", "/usr/share/man/man3/pthread_cleanup_push.3.gz", "/usr/share/man/man3/pthread_cleanup_push_defer_np.3.gz", "/usr/share/man/man3/pthread_cond_init.3.gz", "/usr/share/man/man3/pthread_condattr_init.3.gz", "/usr/share/man/man3/pthread_create.3.gz", "/usr/share/man/man3/pthread_detach.3.gz", "/usr/share/man/man3/pthread_equal.3.gz", "/usr/share/man/man3/pthread_exit.3.gz", "/usr/share/man/man3/pthread_getattr_default_np.3.gz", "/usr/share/man/man3/pthread_getattr_np.3.gz", "/usr/share/man/man3/pthread_getcpuclockid.3.gz", "/usr/share/man/man3/pthread_join.3.gz", "/usr/share/man/man3/pthread_key_create.3.gz", "/usr/share/man/man3/pthread_kill.3.gz", "/usr/share/man/man3/pthread_kill_other_threads_np.3.gz", "/usr/share/man/man3/pthread_mutex_consistent.3.gz", "/usr/share/man/man3/pthread_mutex_init.3.gz", "/usr/share/man/man3/pthread_mutexattr_getpshared.3.gz", "/usr/share/man/man3/pthread_mutexattr_init.3.gz", "/usr/share/man/man3/pthread_mutexattr_setkind_np.3.gz", "/usr/share/man/man3/pthread_mutexattr_setrobust.3.gz", "/usr/share/man/man3/pthread_once.3.gz", "/usr/share/man/man3/pthread_rwlockattr_setkind_np.3.gz", "/usr/share/man/man3/pthread_self.3.gz", "/usr/share/man/man3/pthread_setaffinity_np.3.gz", "/usr/share/man/man3/pthread_setcancelstate.3.gz", "/usr/share/man/man3/pthread_setconcurrency.3.gz", "/usr/share/man/man3/pthread_setname_np.3.gz", "/usr/share/man/man3/pthread_setschedparam.3.gz", "/usr/share/man/man3/pthread_setschedprio.3.gz", "/usr/share/man/man3/pthread_sigmask.3.gz", "/usr/share/man/man3/pthread_sigqueue.3.gz", "/usr/share/man/man3/pthread_spin_init.3.gz", "/usr/share/man/man3/pthread_spin_lock.3.gz", "/usr/share/man/man3/pthread_testcancel.3.gz", "/usr/share/man/man3/pthread_tryjoin_np.3.gz", "/usr/share/man/man3/pthread_yield.3.gz", "/usr/share/man/man3/ptrdiff_t.3type.gz", "/usr/share/man/man3/ptsname.3.gz", "/usr/share/man/man3/putenv.3.gz", "/usr/share/man/man3/putgrent.3.gz", "/usr/share/man/man3/putpwent.3.gz", "/usr/share/man/man3/puts.3.gz", "/usr/share/man/man3/putwchar.3.gz", "/usr/share/man/man3/qecvt.3.gz", "/usr/share/man/man3/qsort.3.gz", "/usr/share/man/man3/raise.3.gz", "/usr/share/man/man3/rand.3.gz", "/usr/share/man/man3/random.3.gz", "/usr/share/man/man3/random_r.3.gz", "/usr/share/man/man3/rcmd.3.gz", "/usr/share/man/man3/re_comp.3.gz", "/usr/share/man/man3/readdir.3.gz", "/usr/share/man/man3/readdir_r.3.gz", "/usr/share/man/man3/realpath.3.gz", "/usr/share/man/man3/recno.3.gz", "/usr/share/man/man3/regex.3.gz", "/usr/share/man/man3/remainder.3.gz", "/usr/share/man/man3/remove.3.gz", "/usr/share/man/man3/remquo.3.gz", "/usr/share/man/man3/resolver.3.gz", "/usr/share/man/man3/rewinddir.3.gz", "/usr/share/man/man3/rexec.3.gz", "/usr/share/man/man3/rint.3.gz", "/usr/share/man/man3/round.3.gz", "/usr/share/man/man3/roundup.3.gz", "/usr/share/man/man3/rpc.3.gz", "/usr/share/man/man3/rpmatch.3.gz", "/usr/share/man/man3/rtime.3.gz", "/usr/share/man/man3/rtnetlink.3.gz", "/usr/share/man/man3/scalb.3.gz", "/usr/share/man/man3/scalbln.3.gz", "/usr/share/man/man3/scandir.3.gz", "/usr/share/man/man3/scanf.3.gz", "/usr/share/man/man3/sched_getcpu.3.gz", "/usr/share/man/man3/seekdir.3.gz", "/usr/share/man/man3/sem_close.3.gz", "/usr/share/man/man3/sem_destroy.3.gz", "/usr/share/man/man3/sem_getvalue.3.gz", "/usr/share/man/man3/sem_init.3.gz", "/usr/share/man/man3/sem_open.3.gz", "/usr/share/man/man3/sem_post.3.gz", "/usr/share/man/man3/sem_unlink.3.gz", "/usr/share/man/man3/sem_wait.3.gz", "/usr/share/man/man3/setaliasent.3.gz", "/usr/share/man/man3/setbuf.3.gz", "/usr/share/man/man3/setenv.3.gz", "/usr/share/man/man3/setjmp.3.gz", "/usr/share/man/man3/setlocale.3.gz", "/usr/share/man/man3/setlogmask.3.gz", "/usr/share/man/man3/setnetgrent.3.gz", "/usr/share/man/man3/shm_open.3.gz", "/usr/share/man/man3/sigevent.3type.gz", "/usr/share/man/man3/siginterrupt.3.gz", "/usr/share/man/man3/signbit.3.gz", "/usr/share/man/man3/significand.3.gz", "/usr/share/man/man3/sigpause.3.gz", "/usr/share/man/man3/sigqueue.3.gz", "/usr/share/man/man3/sigset.3.gz", "/usr/share/man/man3/sigsetops.3.gz", "/usr/share/man/man3/sigvec.3.gz", "/usr/share/man/man3/sigwait.3.gz", "/usr/share/man/man3/sin.3.gz", "/usr/share/man/man3/sincos.3.gz", "/usr/share/man/man3/sinh.3.gz", "/usr/share/man/man3/size_t.3type.gz", "/usr/share/man/man3/sleep.3.gz", "/usr/share/man/man3/slist.3.gz", "/usr/share/man/man3/sockaddr.3type.gz", "/usr/share/man/man3/sockatmark.3.gz", "/usr/share/man/man3/sqrt.3.gz", "/usr/share/man/man3/sscanf.3.gz", "/usr/share/man/man3/stailq.3.gz", "/usr/share/man/man3/stat.3type.gz", "/usr/share/man/man3/static_assert.3.gz", "/usr/share/man/man3/statvfs.3.gz", "/usr/share/man/man3/stdarg.3.gz", "/usr/share/man/man3/stdin.3.gz", "/usr/share/man/man3/stdio.3.gz", "/usr/share/man/man3/stdio_ext.3.gz", "/usr/share/man/man3/stpncpy.3.gz", "/usr/share/man/man3/strcasecmp.3.gz", "/usr/share/man/man3/strchr.3.gz", "/usr/share/man/man3/strcmp.3.gz", "/usr/share/man/man3/strcoll.3.gz", "/usr/share/man/man3/strcpy.3.gz", "/usr/share/man/man3/strdup.3.gz", "/usr/share/man/man3/strerror.3.gz", "/usr/share/man/man3/strfmon.3.gz", "/usr/share/man/man3/strfromd.3.gz", "/usr/share/man/man3/strfry.3.gz", "/usr/share/man/man3/strftime.3.gz", "/usr/share/man/man3/string.3.gz", "/usr/share/man/man3/strlen.3.gz", "/usr/share/man/man3/strncat.3.gz", "/usr/share/man/man3/strnlen.3.gz", "/usr/share/man/man3/strpbrk.3.gz", "/usr/share/man/man3/strptime.3.gz", "/usr/share/man/man3/strsep.3.gz", "/usr/share/man/man3/strsignal.3.gz", "/usr/share/man/man3/strspn.3.gz", "/usr/share/man/man3/strstr.3.gz", "/usr/share/man/man3/strtod.3.gz", "/usr/share/man/man3/strtoimax.3.gz", "/usr/share/man/man3/strtok.3.gz", "/usr/share/man/man3/strtol.3.gz", "/usr/share/man/man3/strtoul.3.gz", "/usr/share/man/man3/strverscmp.3.gz", "/usr/share/man/man3/strxfrm.3.gz", "/usr/share/man/man3/swab.3.gz", "/usr/share/man/man3/sysconf.3.gz", "/usr/share/man/man3/sysexits.h.3head.gz", "/usr/share/man/man3/syslog.3.gz", "/usr/share/man/man3/system.3.gz", "/usr/share/man/man3/sysv_signal.3.gz", "/usr/share/man/man3/tailq.3.gz", "/usr/share/man/man3/tan.3.gz", "/usr/share/man/man3/tanh.3.gz", "/usr/share/man/man3/tcgetpgrp.3.gz", "/usr/share/man/man3/tcgetsid.3.gz", "/usr/share/man/man3/telldir.3.gz", "/usr/share/man/man3/tempnam.3.gz", "/usr/share/man/man3/termios.3.gz", "/usr/share/man/man3/tgamma.3.gz", "/usr/share/man/man3/time_t.3type.gz", "/usr/share/man/man3/timegm.3.gz", "/usr/share/man/man3/timer_t.3type.gz", "/usr/share/man/man3/timeradd.3.gz", "/usr/share/man/man3/timespec.3type.gz", "/usr/share/man/man3/timeval.3type.gz", "/usr/share/man/man3/tm.3type.gz", "/usr/share/man/man3/tmpfile.3.gz", "/usr/share/man/man3/tmpnam.3.gz", "/usr/share/man/man3/toascii.3.gz", "/usr/share/man/man3/toupper.3.gz", "/usr/share/man/man3/towctrans.3.gz", "/usr/share/man/man3/towlower.3.gz", "/usr/share/man/man3/towupper.3.gz", "/usr/share/man/man3/trunc.3.gz", "/usr/share/man/man3/tsearch.3.gz", "/usr/share/man/man3/ttyname.3.gz", "/usr/share/man/man3/ttyslot.3.gz", "/usr/share/man/man3/tzset.3.gz", "/usr/share/man/man3/ualarm.3.gz", "/usr/share/man/man3/ulimit.3.gz", "/usr/share/man/man3/undocumented.3.gz", "/usr/share/man/man3/ungetwc.3.gz", "/usr/share/man/man3/unlocked_stdio.3.gz", "/usr/share/man/man3/unlockpt.3.gz", "/usr/share/man/man3/updwtmp.3.gz", "/usr/share/man/man3/uselocale.3.gz", "/usr/share/man/man3/usleep.3.gz", "/usr/share/man/man3/va_list.3type.gz", "/usr/share/man/man3/void.3type.gz", "/usr/share/man/man3/wchar_t.3type.gz", "/usr/share/man/man3/wcpcpy.3.gz", "/usr/share/man/man3/wcpncpy.3.gz", "/usr/share/man/man3/wcrtomb.3.gz", "/usr/share/man/man3/wcscasecmp.3.gz", "/usr/share/man/man3/wcscat.3.gz", "/usr/share/man/man3/wcschr.3.gz", "/usr/share/man/man3/wcscmp.3.gz", "/usr/share/man/man3/wcscpy.3.gz", "/usr/share/man/man3/wcscspn.3.gz", "/usr/share/man/man3/wcsdup.3.gz", "/usr/share/man/man3/wcslen.3.gz", "/usr/share/man/man3/wcsncasecmp.3.gz", "/usr/share/man/man3/wcsncat.3.gz", "/usr/share/man/man3/wcsncmp.3.gz", "/usr/share/man/man3/wcsncpy.3.gz", "/usr/share/man/man3/wcsnlen.3.gz", "/usr/share/man/man3/wcsnrtombs.3.gz", "/usr/share/man/man3/wcspbrk.3.gz", "/usr/share/man/man3/wcsrchr.3.gz", "/usr/share/man/man3/wcsrtombs.3.gz", "/usr/share/man/man3/wcsspn.3.gz", "/usr/share/man/man3/wcsstr.3.gz", "/usr/share/man/man3/wcstoimax.3.gz", "/usr/share/man/man3/wcstok.3.gz", "/usr/share/man/man3/wcstombs.3.gz", "/usr/share/man/man3/wcswidth.3.gz", "/usr/share/man/man3/wctob.3.gz", "/usr/share/man/man3/wctomb.3.gz", "/usr/share/man/man3/wctrans.3.gz", "/usr/share/man/man3/wctype.3.gz", "/usr/share/man/man3/wcwidth.3.gz", "/usr/share/man/man3/wint_t.3type.gz", "/usr/share/man/man3/wmemchr.3.gz", "/usr/share/man/man3/wmemcmp.3.gz", "/usr/share/man/man3/wmemcpy.3.gz", "/usr/share/man/man3/wmemmove.3.gz", "/usr/share/man/man3/wmemset.3.gz", "/usr/share/man/man3/wordexp.3.gz", "/usr/share/man/man3/wprintf.3.gz", "/usr/share/man/man3/xcrypt.3.gz", "/usr/share/man/man3/xdr.3.gz", "/usr/share/man/man3/y0.3.gz", "/usr/share/man/man4/console_ioctl.4.gz", "/usr/share/man/man4/tty_ioctl.4.gz", "/usr/share/man/man7/sigevent.7.gz" ] }, { "ID": "mawk@1.3.4.20250131-1", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.1", "UID": "bea9bf7f923106e2" }, "Version": "1.3.4.20250131", "Release": "1", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20250131", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "X11", "CC-BY-3.0" ], "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/changelog.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz", "/usr/share/man/man7/mawk-arrays.7.gz", "/usr/share/man/man7/mawk-code.7.gz" ] }, { "ID": "mount@2.41-5", "Name": "mount", "Identifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "c6fdc5cf989db569" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/mount", "/usr/bin/umount", "/usr/sbin/losetup", "/usr/sbin/swapoff", "/usr/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/NEWS.Debian.gz", "/usr/share/doc/mount/changelog.Debian.gz", "/usr/share/doc/mount/changelog.gz", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/filesystems", "/usr/share/doc/mount/examples/fstab", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/doc/mount/mount.txt", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ] }, { "ID": "ncurses-base@6.5+20250216-2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.1", "UID": "76a1fb5936f344dc" }, "Version": "6.5+20250216", "Release": "2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/share/doc/ncurses-base/FAQ", "/usr/share/doc/ncurses-base/TODO.Debian", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/changelog.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300", "/usr/share/terminfo/E/Eterm", "/usr/share/terminfo/a/ansi", "/usr/share/terminfo/c/cons25", "/usr/share/terminfo/c/cygwin", "/usr/share/terminfo/d/dumb", "/usr/share/terminfo/h/hurd", "/usr/share/terminfo/l/linux", "/usr/share/terminfo/m/mach", "/usr/share/terminfo/m/mach-bold", "/usr/share/terminfo/m/mach-color", "/usr/share/terminfo/m/mach-gnu", "/usr/share/terminfo/m/mach-gnu-color", "/usr/share/terminfo/p/pcansi", "/usr/share/terminfo/r/rxvt", "/usr/share/terminfo/r/rxvt-basic", "/usr/share/terminfo/r/rxvt-unicode", "/usr/share/terminfo/r/rxvt-unicode-256color", "/usr/share/terminfo/s/screen", "/usr/share/terminfo/s/screen-256color", "/usr/share/terminfo/s/screen-256color-bce", "/usr/share/terminfo/s/screen-bce", "/usr/share/terminfo/s/screen-s", "/usr/share/terminfo/s/screen-w", "/usr/share/terminfo/s/screen.xterm-256color", "/usr/share/terminfo/s/sun", "/usr/share/terminfo/t/tmux", "/usr/share/terminfo/t/tmux-256color", "/usr/share/terminfo/v/vt100", "/usr/share/terminfo/v/vt102", "/usr/share/terminfo/v/vt220", "/usr/share/terminfo/v/vt52", "/usr/share/terminfo/w/wsvt25", "/usr/share/terminfo/w/wsvt25m", "/usr/share/terminfo/x/xterm", "/usr/share/terminfo/x/xterm-256color", "/usr/share/terminfo/x/xterm-color", "/usr/share/terminfo/x/xterm-mono", "/usr/share/terminfo/x/xterm-r5", "/usr/share/terminfo/x/xterm-r6", "/usr/share/terminfo/x/xterm-vt220", "/usr/share/terminfo/x/xterm-xfree86" ] }, { "ID": "ncurses-bin@6.5+20250216-2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.1", "UID": "d03e89ad6a7a5243" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/changelog.Debian.gz", "/usr/share/doc/ncurses-bin/changelog.gz", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ] }, { "ID": "netbase@6.5", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.1", "UID": "b9a2c240e75fe15e" }, "Version": "6.5", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Layer": { "DiffID": "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ] }, { "ID": "openssl@3.5.1-1+deb13u1", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/debian/openssl@3.5.1-1%2Bdeb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "d499b047116a6127" }, "Version": "3.5.1", "Release": "1+deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.1", "SrcRelease": "1+deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "DependsOn": [ "libc6@2.41-12", "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", "/usr/share/doc/openssl/HOWTO/keys.txt.gz", "/usr/share/doc/openssl/NEWS.md.gz", "/usr/share/doc/openssl/README-ENGINES.md.gz", "/usr/share/doc/openssl/README-PROVIDERS.md.gz", "/usr/share/doc/openssl/README-QUIC.md.gz", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.md.gz", "/usr/share/doc/openssl/changelog.Debian.gz", "/usr/share/doc/openssl/changelog.gz", "/usr/share/doc/openssl/copyright", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", "/usr/share/man/man1/openssl-ca.1ssl.gz", "/usr/share/man/man1/openssl-ciphers.1ssl.gz", "/usr/share/man/man1/openssl-cmds.1ssl.gz", "/usr/share/man/man1/openssl-cmp.1ssl.gz", "/usr/share/man/man1/openssl-cms.1ssl.gz", "/usr/share/man/man1/openssl-crl.1ssl.gz", "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-dgst.1ssl.gz", "/usr/share/man/man1/openssl-dhparam.1ssl.gz", "/usr/share/man/man1/openssl-dsa.1ssl.gz", "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", "/usr/share/man/man1/openssl-ec.1ssl.gz", "/usr/share/man/man1/openssl-ecparam.1ssl.gz", "/usr/share/man/man1/openssl-enc.1ssl.gz", "/usr/share/man/man1/openssl-engine.1ssl.gz", "/usr/share/man/man1/openssl-errstr.1ssl.gz", "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", "/usr/share/man/man1/openssl-format-options.1ssl.gz", "/usr/share/man/man1/openssl-gendsa.1ssl.gz", "/usr/share/man/man1/openssl-genpkey.1ssl.gz", "/usr/share/man/man1/openssl-genrsa.1ssl.gz", "/usr/share/man/man1/openssl-info.1ssl.gz", "/usr/share/man/man1/openssl-kdf.1ssl.gz", "/usr/share/man/man1/openssl-list.1ssl.gz", "/usr/share/man/man1/openssl-mac.1ssl.gz", "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", "/usr/share/man/man1/openssl-nseq.1ssl.gz", "/usr/share/man/man1/openssl-ocsp.1ssl.gz", "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", "/usr/share/man/man1/openssl-passwd.1ssl.gz", "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", "/usr/share/man/man1/openssl-pkey.1ssl.gz", "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", "/usr/share/man/man1/openssl-prime.1ssl.gz", "/usr/share/man/man1/openssl-rand.1ssl.gz", "/usr/share/man/man1/openssl-rehash.1ssl.gz", "/usr/share/man/man1/openssl-req.1ssl.gz", "/usr/share/man/man1/openssl-rsa.1ssl.gz", "/usr/share/man/man1/openssl-rsautl.1ssl.gz", "/usr/share/man/man1/openssl-s_client.1ssl.gz", "/usr/share/man/man1/openssl-s_server.1ssl.gz", "/usr/share/man/man1/openssl-s_time.1ssl.gz", "/usr/share/man/man1/openssl-sess_id.1ssl.gz", "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", "/usr/share/man/man1/openssl-smime.1ssl.gz", "/usr/share/man/man1/openssl-speed.1ssl.gz", "/usr/share/man/man1/openssl-spkac.1ssl.gz", "/usr/share/man/man1/openssl-srp.1ssl.gz", "/usr/share/man/man1/openssl-storeutl.1ssl.gz", "/usr/share/man/man1/openssl-ts.1ssl.gz", "/usr/share/man/man1/openssl-verification-options.1ssl.gz", "/usr/share/man/man1/openssl-verify.1ssl.gz", "/usr/share/man/man1/openssl-version.1ssl.gz", "/usr/share/man/man1/openssl-x509.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/fips_config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", "/usr/share/man/man7/EVP_MD-common.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", "/usr/share/man/man7/EVP_RAND.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/fips_module.7ssl.gz", "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", "/usr/share/man/man7/life_cycle-digest.7ssl.gz", "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", "/usr/share/man/man7/life_cycle-mac.7ssl.gz", "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", "/usr/share/man/man7/life_cycle-rand.7ssl.gz", "/usr/share/man/man7/openssl-core.h.7ssl.gz", "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", "/usr/share/man/man7/openssl-env.7ssl.gz", "/usr/share/man/man7/openssl-glossary.7ssl.gz", "/usr/share/man/man7/openssl-qlog.7ssl.gz", "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", "/usr/share/man/man7/openssl-quic.7ssl.gz", "/usr/share/man/man7/openssl-threads.7ssl.gz", "/usr/share/man/man7/openssl_user_macros.7ssl.gz", "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/property.7ssl.gz", "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", "/usr/share/man/man7/provider-base.7ssl.gz", "/usr/share/man/man7/provider-cipher.7ssl.gz", "/usr/share/man/man7/provider-decoder.7ssl.gz", "/usr/share/man/man7/provider-digest.7ssl.gz", "/usr/share/man/man7/provider-encoder.7ssl.gz", "/usr/share/man/man7/provider-kdf.7ssl.gz", "/usr/share/man/man7/provider-kem.7ssl.gz", "/usr/share/man/man7/provider-keyexch.7ssl.gz", "/usr/share/man/man7/provider-keymgmt.7ssl.gz", "/usr/share/man/man7/provider-mac.7ssl.gz", "/usr/share/man/man7/provider-object.7ssl.gz", "/usr/share/man/man7/provider-rand.7ssl.gz", "/usr/share/man/man7/provider-signature.7ssl.gz", "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", "/usr/share/man/man7/provider-storemgmt.7ssl.gz", "/usr/share/man/man7/provider.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ] }, { "ID": "openssl-provider-legacy@3.5.1-1+deb13u1", "Name": "openssl-provider-legacy", "Identifier": { "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.1-1%2Bdeb13u1?arch=amd64\u0026distro=debian-13.1", "UID": "8072c3a4dafcd517" }, "Version": "3.5.1", "Release": "1+deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.1", "SrcRelease": "1+deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "DependsOn": [ "libc6@2.41-12", "libssl3t64@3.5.1-1+deb13u1" ], "Layer": { "DiffID": "sha256:c9cf0647c3882a77b947246ce8bc999f0ed98d1cf9625179568100ba9fd3a7b4" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", "/usr/share/doc/openssl-provider-legacy/changelog.gz", "/usr/share/doc/openssl-provider-legacy/copyright" ] }, { "ID": "passwd@1:4.17.4-2", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "5e15080d1eeaf8e8" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "DependsOn": [ "base-passwd@3.6.7", "libacl1@2.3.2-2+b1", "libattr1@1:2.5.2-3", "libaudit1@1:4.0.2-2+b2", "libbsd0@0.12.2-2", "libc6@2.41-12", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsemanage2@3.8.1-1", "login.defs@1:4.17.4-2" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/shadowconfig", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/changelog.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", "/usr/share/locale/da/LC_MESSAGES/shadow.mo", "/usr/share/locale/de/LC_MESSAGES/shadow.mo", "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", "/usr/share/locale/el/LC_MESSAGES/shadow.mo", "/usr/share/locale/es/LC_MESSAGES/shadow.mo", "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", "/usr/share/locale/he/LC_MESSAGES/shadow.mo", "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", "/usr/share/locale/id/LC_MESSAGES/shadow.mo", "/usr/share/locale/it/LC_MESSAGES/shadow.mo", "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", "/usr/share/locale/km/LC_MESSAGES/shadow.mo", "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chgpasswd.8.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man5/subgid.5.gz", "/usr/share/man/fr/man5/subuid.5.gz", "/usr/share/man/fr/man8/chgpasswd.8.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chgpasswd.8.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/shadowconfig.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chgpasswd.8.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/uk/man1/chage.1.gz", "/usr/share/man/uk/man1/chfn.1.gz", "/usr/share/man/uk/man1/chsh.1.gz", "/usr/share/man/uk/man1/expiry.1.gz", "/usr/share/man/uk/man1/gpasswd.1.gz", "/usr/share/man/uk/man1/passwd.1.gz", "/usr/share/man/uk/man5/gshadow.5.gz", "/usr/share/man/uk/man5/passwd.5.gz", "/usr/share/man/uk/man5/shadow.5.gz", "/usr/share/man/uk/man8/chgpasswd.8.gz", "/usr/share/man/uk/man8/chpasswd.8.gz", "/usr/share/man/uk/man8/groupadd.8.gz", "/usr/share/man/uk/man8/groupdel.8.gz", "/usr/share/man/uk/man8/groupmod.8.gz", "/usr/share/man/uk/man8/grpck.8.gz", "/usr/share/man/uk/man8/newusers.8.gz", "/usr/share/man/uk/man8/pwck.8.gz", "/usr/share/man/uk/man8/pwconv.8.gz", "/usr/share/man/uk/man8/useradd.8.gz", "/usr/share/man/uk/man8/userdel.8.gz", "/usr/share/man/uk/man8/usermod.8.gz", "/usr/share/man/uk/man8/vipw.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ] }, { "ID": "perl-base@5.40.1-6", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.1", "UID": "17f06da2c02a11c6" }, "Version": "5.40.1", "Release": "6", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.40.1", "SrcRelease": "6", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "FSFAP", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2" ], "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.40.1", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/changelog.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ] }, { "ID": "readline-common@8.2-6", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.1", "UID": "2ef8ce2c5e541e0b" }, "Version": "8.2", "Release": "6", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "InstalledFiles": [ "/usr/share/doc/readline-common/changelog.Debian.gz", "/usr/share/doc/readline-common/changelog.gz", "/usr/share/doc/readline-common/copyright", "/usr/share/doc/readline-common/inputrc.arrows", "/usr/share/info/rluserman.info.gz", "/usr/share/lintian/overrides/readline-common", "/usr/share/man/man3/history.3readline.gz", "/usr/share/man/man3/readline.3readline.gz", "/usr/share/readline/inputrc" ] }, { "ID": "rpcsvc-proto@1.4.3-1", "Name": "rpcsvc-proto", "Identifier": { "PURL": "pkg:deb/debian/rpcsvc-proto@1.4.3-1?arch=amd64\u0026distro=debian-13.1", "UID": "cafa449a1710f015" }, "Version": "1.4.3", "Release": "1", "Arch": "amd64", "SrcName": "rpcsvc-proto", "SrcVersion": "1.4.3", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "permissive-fsf", "permissive-makefile-in", "permissive-autoconf-m4-no-warranty", "GPL-3+-autoconf-exception", "permissive-configure", "GPL-2+-autoconf-exception", "MIT", "permissive-autoconf-m4", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "InstalledFiles": [ "/usr/bin/rpcgen", "/usr/include/rpcsvc/bootparam_prot.h", "/usr/include/rpcsvc/bootparam_prot.x", "/usr/include/rpcsvc/key_prot.h", "/usr/include/rpcsvc/key_prot.x", "/usr/include/rpcsvc/klm_prot.h", "/usr/include/rpcsvc/klm_prot.x", "/usr/include/rpcsvc/mount.h", "/usr/include/rpcsvc/mount.x", "/usr/include/rpcsvc/nfs_prot.h", "/usr/include/rpcsvc/nfs_prot.x", "/usr/include/rpcsvc/nlm_prot.h", "/usr/include/rpcsvc/nlm_prot.x", "/usr/include/rpcsvc/rex.h", "/usr/include/rpcsvc/rex.x", "/usr/include/rpcsvc/rquota.h", "/usr/include/rpcsvc/rquota.x", "/usr/include/rpcsvc/rstat.h", "/usr/include/rpcsvc/rstat.x", "/usr/include/rpcsvc/rusers.h", "/usr/include/rpcsvc/rusers.x", "/usr/include/rpcsvc/sm_inter.h", "/usr/include/rpcsvc/sm_inter.x", "/usr/include/rpcsvc/spray.h", "/usr/include/rpcsvc/spray.x", "/usr/share/doc/rpcsvc-proto/changelog.Debian.gz", "/usr/share/doc/rpcsvc-proto/changelog.gz", "/usr/share/doc/rpcsvc-proto/copyright", "/usr/share/man/man1/rpcgen.1.gz" ] }, { "ID": "sed@4.9-2", "Name": "sed", "Identifier": { "PURL": "pkg:deb/debian/sed@4.9-2?arch=amd64\u0026distro=debian-13.1", "UID": "b33d5e34015f5d69" }, "Version": "4.9", "Release": "2", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.9", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "X11", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-only", "ISC", "BSD-4-Clause-UC", "BSL-1", "pcre" ], "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/changelog.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/locale/af/LC_MESSAGES/sed.mo", "/usr/share/locale/ast/LC_MESSAGES/sed.mo", "/usr/share/locale/bg/LC_MESSAGES/sed.mo", "/usr/share/locale/ca/LC_MESSAGES/sed.mo", "/usr/share/locale/cs/LC_MESSAGES/sed.mo", "/usr/share/locale/da/LC_MESSAGES/sed.mo", "/usr/share/locale/de/LC_MESSAGES/sed.mo", "/usr/share/locale/el/LC_MESSAGES/sed.mo", "/usr/share/locale/eo/LC_MESSAGES/sed.mo", "/usr/share/locale/es/LC_MESSAGES/sed.mo", "/usr/share/locale/et/LC_MESSAGES/sed.mo", "/usr/share/locale/eu/LC_MESSAGES/sed.mo", "/usr/share/locale/fi/LC_MESSAGES/sed.mo", "/usr/share/locale/fr/LC_MESSAGES/sed.mo", "/usr/share/locale/ga/LC_MESSAGES/sed.mo", "/usr/share/locale/gl/LC_MESSAGES/sed.mo", "/usr/share/locale/he/LC_MESSAGES/sed.mo", "/usr/share/locale/hr/LC_MESSAGES/sed.mo", "/usr/share/locale/hu/LC_MESSAGES/sed.mo", "/usr/share/locale/id/LC_MESSAGES/sed.mo", "/usr/share/locale/it/LC_MESSAGES/sed.mo", "/usr/share/locale/ja/LC_MESSAGES/sed.mo", "/usr/share/locale/ka/LC_MESSAGES/sed.mo", "/usr/share/locale/ko/LC_MESSAGES/sed.mo", "/usr/share/locale/nb/LC_MESSAGES/sed.mo", "/usr/share/locale/nl/LC_MESSAGES/sed.mo", "/usr/share/locale/pl/LC_MESSAGES/sed.mo", "/usr/share/locale/pt/LC_MESSAGES/sed.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", "/usr/share/locale/ro/LC_MESSAGES/sed.mo", "/usr/share/locale/ru/LC_MESSAGES/sed.mo", "/usr/share/locale/sk/LC_MESSAGES/sed.mo", "/usr/share/locale/sl/LC_MESSAGES/sed.mo", "/usr/share/locale/sr/LC_MESSAGES/sed.mo", "/usr/share/locale/sv/LC_MESSAGES/sed.mo", "/usr/share/locale/tr/LC_MESSAGES/sed.mo", "/usr/share/locale/uk/LC_MESSAGES/sed.mo", "/usr/share/locale/vi/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", "/usr/share/man/man1/sed.1.gz" ] }, { "ID": "sqv@1.3.0-3", "Name": "sqv", "Identifier": { "PURL": "pkg:deb/debian/sqv@1.3.0-3?arch=amd64\u0026distro=debian-13.1", "UID": "ab6bad6083333bb9" }, "Version": "1.3.0", "Release": "3", "Arch": "amd64", "SrcName": "rust-sequoia-sqv", "SrcVersion": "1.3.0", "SrcRelease": "3", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.0-only" ], "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", "DependsOn": [ "libc6@2.41-12", "libgcc-s1@14.2.0-19", "libgmp10@2:6.3.0+dfsg-3", "libhogweed6t64@3.10.1-1", "libnettle8t64@3.10.1-1" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/sqv", "/usr/share/bash-completion/completions/sqv.bash", "/usr/share/doc/sqv/NEWS.gz", "/usr/share/doc/sqv/changelog.Debian.gz", "/usr/share/doc/sqv/copyright", "/usr/share/fish/completions/sqv.fish", "/usr/share/man/man1/sqv.1.gz", "/usr/share/zsh/vendor-completions/_sqv" ] }, { "ID": "sysvinit-utils@3.14-4", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.1", "UID": "c7e8999242a896a1" }, "Version": "3.14", "Release": "4", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "3.14", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-only", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/init/init-d-script", "/usr/lib/init/vars.sh", "/usr/lib/lsb/init-functions", "/usr/lib/lsb/init-functions.d/00-verbose", "/usr/sbin/fstab-decode", "/usr/sbin/killall5", "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ] }, { "ID": "tar@1.35+dfsg-3.1", "Name": "tar", "Identifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.1", "UID": "50aee76d081ea925" }, "Version": "1.35+dfsg", "Release": "3.1", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.35+dfsg", "SrcRelease": "3.1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "LGPL-2.1-or-later", "LGPL-2.1-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.1.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/changelog.gz", "/usr/share/doc/tar/copyright", "/usr/share/locale/bg/LC_MESSAGES/tar.mo", "/usr/share/locale/ca/LC_MESSAGES/tar.mo", "/usr/share/locale/cs/LC_MESSAGES/tar.mo", "/usr/share/locale/da/LC_MESSAGES/tar.mo", "/usr/share/locale/de/LC_MESSAGES/tar.mo", "/usr/share/locale/el/LC_MESSAGES/tar.mo", "/usr/share/locale/eo/LC_MESSAGES/tar.mo", "/usr/share/locale/es/LC_MESSAGES/tar.mo", "/usr/share/locale/et/LC_MESSAGES/tar.mo", "/usr/share/locale/eu/LC_MESSAGES/tar.mo", "/usr/share/locale/fi/LC_MESSAGES/tar.mo", "/usr/share/locale/fr/LC_MESSAGES/tar.mo", "/usr/share/locale/ga/LC_MESSAGES/tar.mo", "/usr/share/locale/gl/LC_MESSAGES/tar.mo", "/usr/share/locale/hr/LC_MESSAGES/tar.mo", "/usr/share/locale/hu/LC_MESSAGES/tar.mo", "/usr/share/locale/id/LC_MESSAGES/tar.mo", "/usr/share/locale/it/LC_MESSAGES/tar.mo", "/usr/share/locale/ja/LC_MESSAGES/tar.mo", "/usr/share/locale/ka/LC_MESSAGES/tar.mo", "/usr/share/locale/ko/LC_MESSAGES/tar.mo", "/usr/share/locale/ky/LC_MESSAGES/tar.mo", "/usr/share/locale/ms/LC_MESSAGES/tar.mo", "/usr/share/locale/nb/LC_MESSAGES/tar.mo", "/usr/share/locale/nl/LC_MESSAGES/tar.mo", "/usr/share/locale/pl/LC_MESSAGES/tar.mo", "/usr/share/locale/pt/LC_MESSAGES/tar.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", "/usr/share/locale/ro/LC_MESSAGES/tar.mo", "/usr/share/locale/ru/LC_MESSAGES/tar.mo", "/usr/share/locale/sk/LC_MESSAGES/tar.mo", "/usr/share/locale/sl/LC_MESSAGES/tar.mo", "/usr/share/locale/sr/LC_MESSAGES/tar.mo", "/usr/share/locale/sv/LC_MESSAGES/tar.mo", "/usr/share/locale/tr/LC_MESSAGES/tar.mo", "/usr/share/locale/uk/LC_MESSAGES/tar.mo", "/usr/share/locale/vi/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ] }, { "ID": "tzdata@2025b-4+deb13u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2025b-4%2Bdeb13u1?arch=all\u0026distro=debian-13.1", "UID": "d92875c0b47c5838" }, "Version": "2025b", "Release": "4+deb13u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2025b", "SrcRelease": "4+deb13u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "DependsOn": [ "debconf@1.5.91" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/share/doc/tzdata/NEWS.Debian.gz", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Coyhaique", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab", "/usr/share/zoneinfo/zonenow.tab" ] }, { "ID": "util-linux@2.41-5", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "38be4846f19b7fa" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/dmesg", "/usr/bin/fallocate", "/usr/bin/findmnt", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/hardlink", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/lsblk", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/more", "/usr/bin/mountpoint", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/su", "/usr/bin/taskset", "/usr/bin/uclampset", "/usr/bin/unshare", "/usr/bin/wdctl", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/lib/systemd/system/fstrim.service", "/usr/lib/systemd/system/fstrim.timer", "/usr/sbin/agetty", "/usr/sbin/blkdiscard", "/usr/sbin/blkid", "/usr/sbin/blkzone", "/usr/sbin/blockdev", "/usr/sbin/chcpu", "/usr/sbin/chmem", "/usr/sbin/findfs", "/usr/sbin/fsck", "/usr/sbin/fsfreeze", "/usr/sbin/fstrim", "/usr/sbin/isosize", "/usr/sbin/ldattach", "/usr/sbin/mkfs", "/usr/sbin/mkswap", "/usr/sbin/pivot_root", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/sbin/runuser", "/usr/sbin/sulogin", "/usr/sbin/swaplabel", "/usr/sbin/switch_root", "/usr/sbin/wipefs", "/usr/sbin/zramctl", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hardlink", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/rename.ul", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/uclampset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/NEWS.Debian.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/changelog.Debian.gz", "/usr/share/doc/util-linux/changelog.gz", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/getopt-example.bash", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/hardlink.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/uclampset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/scols-filter.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz", "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" ] }, { "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "4c93a4dae945a3a5" }, "Version": "1.3.dfsg+really1.3.1", "Release": "1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.3.dfsg+really1.3.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", "DependsOn": [ "libc6@2.41-12" ], "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/changelog.gz", "/usr/share/doc/zlib1g/copyright" ] } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2011-3374", "PkgID": "apt@3.0.3", "PkgName": "apt", "PkgIdentifier": { "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.1", "UID": "26cbc052ac267c2" }, "InstalledVersion": "3.0.3", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "Severity": "LOW", "CweIDs": [ "CWE-347" ], "VendorSeverity": { "debian": 1, "nvd": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V2Score": 4.3, "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/cve-2011-3374", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", "https://seclists.org/fulldisclosure/2011/Sep/221", "https://security-tracker.debian.org/tracker/CVE-2011-3374", "https://snyk.io/vuln/SNYK-LINUX-APT-116518", "https://ubuntu.com/security/CVE-2011-3374" ], "PublishedDate": "2019-11-26T00:15:11.03Z", "LastModifiedDate": "2024-11-21T01:30:22.61Z" }, { "VulnerabilityID": "TEMP-0841856-B18BAF", "PkgID": "bash@5.2.37-2+b5", "PkgName": "bash", "PkgIdentifier": { "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb5?arch=amd64\u0026distro=debian-13.1", "UID": "235aa9088a703d3c" }, "InstalledVersion": "5.2.37-2+b5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[Privilege escalation possible to other user than root]", "Severity": "LOW", "VendorSeverity": { "debian": 1 } }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "binutils@2.44-3", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "11c84dd199e59f66" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "binutils-common@2.44-3", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-common@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "cc5e044230f9e675" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "binutils-x86-64-linux-gnu@2.44-3", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/debian/binutils-x86-64-linux-gnu@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4d44d47c4673e64b" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "c9de60be80a96a27" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2017-18018", "PkgID": "coreutils@9.7-3", "PkgName": "coreutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.1", "UID": "a90cbdbcbab1768e" }, "InstalledVersion": "9.7-3", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "coreutils: race condition vulnerability in chown and chgrp", "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "V2Score": 1.9, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "V3Score": 4.2 } }, "References": [ "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html", "https://access.redhat.com/security/cve/CVE-2017-18018", "https://nvd.nist.gov/vuln/detail/CVE-2017-18018", "https://www.cve.org/CVERecord?id=CVE-2017-18018" ], "PublishedDate": "2018-01-04T04:29:00.19Z", "LastModifiedDate": "2025-06-09T16:15:27.25Z" }, { "VulnerabilityID": "CVE-2025-5278", "PkgID": "coreutils@9.7-3", "PkgName": "coreutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.1", "UID": "a90cbdbcbab1768e" }, "InstalledVersion": "9.7-3", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", "Description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "Severity": "LOW", "CweIDs": [ "CWE-121" ], "VendorSeverity": { "amazon": 2, "debian": 1, "photon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/27/2", "http://www.openwall.com/lists/oss-security/2025/05/29/1", "http://www.openwall.com/lists/oss-security/2025/05/29/2", "https://access.redhat.com/security/cve/CVE-2025-5278", "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "https://security-tracker.debian.org/tracker/CVE-2025-5278", "https://www.cve.org/CVERecord?id=CVE-2025-5278" ], "PublishedDate": "2025-05-27T21:15:23.197Z", "LastModifiedDate": "2025-05-29T18:15:24.29Z" }, { "VulnerabilityID": "CVE-2018-5709", "PkgID": "krb5-locales@1.21.3-5", "PkgName": "krb5-locales", "PkgIdentifier": { "PURL": "pkg:deb/debian/krb5-locales@1.21.3-5?arch=all\u0026distro=debian-13.1", "UID": "e9e09fdd7f36416e" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "Severity": "LOW", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-5709", "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "https://www.cve.org/CVERecord?id=CVE-2018-5709" ], "PublishedDate": "2018-01-16T09:29:00.5Z", "LastModifiedDate": "2024-11-21T04:09:13.037Z" }, { "VulnerabilityID": "CVE-2024-26458", "PkgID": "krb5-locales@1.21.3-5", "PkgName": "krb5-locales", "PkgIdentifier": { "PURL": "pkg:deb/debian/krb5-locales@1.21.3-5?arch=all\u0026distro=debian-13.1", "UID": "e9e09fdd7f36416e" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26458", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://linux.oracle.com/cve/CVE-2024-26458.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "https://security.netapp.com/advisory/ntap-20240415-0010/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26458" ], "PublishedDate": "2024-02-29T01:44:18.78Z", "LastModifiedDate": "2025-05-23T15:39:31.357Z" }, { "VulnerabilityID": "CVE-2024-26461", "PkgID": "krb5-locales@1.21.3-5", "PkgName": "krb5-locales", "PkgIdentifier": { "PURL": "pkg:deb/debian/krb5-locales@1.21.3-5?arch=all\u0026distro=debian-13.1", "UID": "e9e09fdd7f36416e" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "debian": 1, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26461", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://linux.oracle.com/cve/CVE-2024-26461.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "https://security.netapp.com/advisory/ntap-20240415-0011/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26461" ], "PublishedDate": "2024-02-29T01:44:18.82Z", "LastModifiedDate": "2025-05-23T15:30:30.847Z" }, { "VulnerabilityID": "CVE-2011-3374", "PkgID": "libapt-pkg7.0@3.0.3", "PkgName": "libapt-pkg7.0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.1", "UID": "80dd2636db3e0564" }, "InstalledVersion": "3.0.3", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "Severity": "LOW", "CweIDs": [ "CWE-347" ], "VendorSeverity": { "debian": 1, "nvd": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V2Score": 4.3, "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/cve-2011-3374", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", "https://seclists.org/fulldisclosure/2011/Sep/221", "https://security-tracker.debian.org/tracker/CVE-2011-3374", "https://snyk.io/vuln/SNYK-LINUX-APT-116518", "https://ubuntu.com/security/CVE-2011-3374" ], "PublishedDate": "2019-11-26T00:15:11.03Z", "LastModifiedDate": "2024-11-21T01:30:22.61Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "libbinutils@2.44-3", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/libbinutils@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "9fe86cedd2b6ebf7" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "6c9693ac78293e63" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2010-4756", "PkgID": "libc-bin@2.41-12", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "Severity": "LOW", "CweIDs": [ "CWE-399" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "V2Score": 4 }, "redhat": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 5 } }, "References": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://access.redhat.com/security/cve/CVE-2010-4756", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "https://www.cve.org/CVERecord?id=CVE-2010-4756" ], "PublishedDate": "2011-03-02T20:00:01.037Z", "LastModifiedDate": "2025-04-11T00:51:21.963Z" }, { "VulnerabilityID": "CVE-2018-20796", "PkgID": "libc-bin@2.41-12", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/107160", "https://access.redhat.com/security/cve/CVE-2018-20796", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2018-20796" ], "PublishedDate": "2019-02-26T02:29:00.45Z", "LastModifiedDate": "2024-11-21T04:02:11.827Z" }, { "VulnerabilityID": "CVE-2019-1010022", "PkgID": "libc-bin@2.41-12", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack guard protection bypass", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 4 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010022", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022", "https://www.cve.org/CVERecord?id=CVE-2019-1010022" ], "PublishedDate": "2019-07-15T04:15:13.317Z", "LastModifiedDate": "2024-11-21T04:17:55.5Z" }, { "VulnerabilityID": "CVE-2019-1010023", "PkgID": "libc-bin@2.41-12", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.securityfocus.com/bid/109167", "https://access.redhat.com/security/cve/CVE-2019-1010023", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023", "https://www.cve.org/CVERecord?id=CVE-2019-1010023" ], "PublishedDate": "2019-07-15T04:15:13.397Z", "LastModifiedDate": "2024-11-21T04:17:55.643Z" }, { "VulnerabilityID": "CVE-2019-1010024", "PkgID": "libc-bin@2.41-12", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: ASLR bypass using cache of thread stack and heap", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/109162", "https://access.redhat.com/security/cve/CVE-2019-1010024", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024", "https://www.cve.org/CVERecord?id=CVE-2019-1010024" ], "PublishedDate": "2019-07-15T04:15:13.473Z", "LastModifiedDate": "2024-11-21T04:17:55.843Z" }, { "VulnerabilityID": "CVE-2019-1010025", "PkgID": "libc-bin@2.41-12", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: information disclosure of heap addresses of pthread_created thread", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "Severity": "LOW", "CweIDs": [ "CWE-330" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010025", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025", "https://www.cve.org/CVERecord?id=CVE-2019-1010025" ], "PublishedDate": "2019-07-15T04:15:13.537Z", "LastModifiedDate": "2024-11-21T04:17:55.96Z" }, { "VulnerabilityID": "CVE-2019-9192", "PkgID": "libc-bin@2.41-12", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a531ca45463d06a2" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 2.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-9192", "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2019-9192" ], "PublishedDate": "2019-02-26T18:29:00.34Z", "LastModifiedDate": "2024-11-21T04:51:10.53Z" }, { "VulnerabilityID": "CVE-2010-4756", "PkgID": "libc-dev-bin@2.41-12", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "Severity": "LOW", "CweIDs": [ "CWE-399" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "V2Score": 4 }, "redhat": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 5 } }, "References": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://access.redhat.com/security/cve/CVE-2010-4756", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "https://www.cve.org/CVERecord?id=CVE-2010-4756" ], "PublishedDate": "2011-03-02T20:00:01.037Z", "LastModifiedDate": "2025-04-11T00:51:21.963Z" }, { "VulnerabilityID": "CVE-2018-20796", "PkgID": "libc-dev-bin@2.41-12", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/107160", "https://access.redhat.com/security/cve/CVE-2018-20796", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2018-20796" ], "PublishedDate": "2019-02-26T02:29:00.45Z", "LastModifiedDate": "2024-11-21T04:02:11.827Z" }, { "VulnerabilityID": "CVE-2019-1010022", "PkgID": "libc-dev-bin@2.41-12", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack guard protection bypass", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 4 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010022", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022", "https://www.cve.org/CVERecord?id=CVE-2019-1010022" ], "PublishedDate": "2019-07-15T04:15:13.317Z", "LastModifiedDate": "2024-11-21T04:17:55.5Z" }, { "VulnerabilityID": "CVE-2019-1010023", "PkgID": "libc-dev-bin@2.41-12", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.securityfocus.com/bid/109167", "https://access.redhat.com/security/cve/CVE-2019-1010023", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023", "https://www.cve.org/CVERecord?id=CVE-2019-1010023" ], "PublishedDate": "2019-07-15T04:15:13.397Z", "LastModifiedDate": "2024-11-21T04:17:55.643Z" }, { "VulnerabilityID": "CVE-2019-1010024", "PkgID": "libc-dev-bin@2.41-12", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: ASLR bypass using cache of thread stack and heap", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/109162", "https://access.redhat.com/security/cve/CVE-2019-1010024", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024", "https://www.cve.org/CVERecord?id=CVE-2019-1010024" ], "PublishedDate": "2019-07-15T04:15:13.473Z", "LastModifiedDate": "2024-11-21T04:17:55.843Z" }, { "VulnerabilityID": "CVE-2019-1010025", "PkgID": "libc-dev-bin@2.41-12", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: information disclosure of heap addresses of pthread_created thread", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "Severity": "LOW", "CweIDs": [ "CWE-330" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010025", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025", "https://www.cve.org/CVERecord?id=CVE-2019-1010025" ], "PublishedDate": "2019-07-15T04:15:13.537Z", "LastModifiedDate": "2024-11-21T04:17:55.96Z" }, { "VulnerabilityID": "CVE-2019-9192", "PkgID": "libc-dev-bin@2.41-12", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-dev-bin@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "886e3d55e1bbbb48" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 2.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-9192", "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2019-9192" ], "PublishedDate": "2019-02-26T18:29:00.34Z", "LastModifiedDate": "2024-11-21T04:51:10.53Z" }, { "VulnerabilityID": "CVE-2010-4756", "PkgID": "libc6@2.41-12", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "Severity": "LOW", "CweIDs": [ "CWE-399" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "V2Score": 4 }, "redhat": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 5 } }, "References": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://access.redhat.com/security/cve/CVE-2010-4756", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "https://www.cve.org/CVERecord?id=CVE-2010-4756" ], "PublishedDate": "2011-03-02T20:00:01.037Z", "LastModifiedDate": "2025-04-11T00:51:21.963Z" }, { "VulnerabilityID": "CVE-2018-20796", "PkgID": "libc6@2.41-12", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/107160", "https://access.redhat.com/security/cve/CVE-2018-20796", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2018-20796" ], "PublishedDate": "2019-02-26T02:29:00.45Z", "LastModifiedDate": "2024-11-21T04:02:11.827Z" }, { "VulnerabilityID": "CVE-2019-1010022", "PkgID": "libc6@2.41-12", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack guard protection bypass", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 4 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010022", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022", "https://www.cve.org/CVERecord?id=CVE-2019-1010022" ], "PublishedDate": "2019-07-15T04:15:13.317Z", "LastModifiedDate": "2024-11-21T04:17:55.5Z" }, { "VulnerabilityID": "CVE-2019-1010023", "PkgID": "libc6@2.41-12", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.securityfocus.com/bid/109167", "https://access.redhat.com/security/cve/CVE-2019-1010023", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023", "https://www.cve.org/CVERecord?id=CVE-2019-1010023" ], "PublishedDate": "2019-07-15T04:15:13.397Z", "LastModifiedDate": "2024-11-21T04:17:55.643Z" }, { "VulnerabilityID": "CVE-2019-1010024", "PkgID": "libc6@2.41-12", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: ASLR bypass using cache of thread stack and heap", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/109162", "https://access.redhat.com/security/cve/CVE-2019-1010024", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024", "https://www.cve.org/CVERecord?id=CVE-2019-1010024" ], "PublishedDate": "2019-07-15T04:15:13.473Z", "LastModifiedDate": "2024-11-21T04:17:55.843Z" }, { "VulnerabilityID": "CVE-2019-1010025", "PkgID": "libc6@2.41-12", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: information disclosure of heap addresses of pthread_created thread", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "Severity": "LOW", "CweIDs": [ "CWE-330" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010025", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025", "https://www.cve.org/CVERecord?id=CVE-2019-1010025" ], "PublishedDate": "2019-07-15T04:15:13.537Z", "LastModifiedDate": "2024-11-21T04:17:55.96Z" }, { "VulnerabilityID": "CVE-2019-9192", "PkgID": "libc6@2.41-12", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "a6d2d0103571346b" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 2.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-9192", "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2019-9192" ], "PublishedDate": "2019-02-26T18:29:00.34Z", "LastModifiedDate": "2024-11-21T04:51:10.53Z" }, { "VulnerabilityID": "CVE-2010-4756", "PkgID": "libc6-dev@2.41-12", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "Severity": "LOW", "CweIDs": [ "CWE-399" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "V2Score": 4 }, "redhat": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 5 } }, "References": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://access.redhat.com/security/cve/CVE-2010-4756", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "https://www.cve.org/CVERecord?id=CVE-2010-4756" ], "PublishedDate": "2011-03-02T20:00:01.037Z", "LastModifiedDate": "2025-04-11T00:51:21.963Z" }, { "VulnerabilityID": "CVE-2018-20796", "PkgID": "libc6-dev@2.41-12", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/107160", "https://access.redhat.com/security/cve/CVE-2018-20796", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2018-20796" ], "PublishedDate": "2019-02-26T02:29:00.45Z", "LastModifiedDate": "2024-11-21T04:02:11.827Z" }, { "VulnerabilityID": "CVE-2019-1010022", "PkgID": "libc6-dev@2.41-12", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: stack guard protection bypass", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 4 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.5, "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010022", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022", "https://www.cve.org/CVERecord?id=CVE-2019-1010022" ], "PublishedDate": "2019-07-15T04:15:13.317Z", "LastModifiedDate": "2024-11-21T04:17:55.5Z" }, { "VulnerabilityID": "CVE-2019-1010023", "PkgID": "libc6-dev@2.41-12", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", "Description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.securityfocus.com/bid/109167", "https://access.redhat.com/security/cve/CVE-2019-1010023", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023", "https://www.cve.org/CVERecord?id=CVE-2019-1010023" ], "PublishedDate": "2019-07-15T04:15:13.397Z", "LastModifiedDate": "2024-11-21T04:17:55.643Z" }, { "VulnerabilityID": "CVE-2019-1010024", "PkgID": "libc6-dev@2.41-12", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: ASLR bypass using cache of thread stack and heap", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/109162", "https://access.redhat.com/security/cve/CVE-2019-1010024", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024", "https://www.cve.org/CVERecord?id=CVE-2019-1010024" ], "PublishedDate": "2019-07-15T04:15:13.473Z", "LastModifiedDate": "2024-11-21T04:17:55.843Z" }, { "VulnerabilityID": "CVE-2019-1010025", "PkgID": "libc6-dev@2.41-12", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: information disclosure of heap addresses of pthread_created thread", "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "Severity": "LOW", "CweIDs": [ "CWE-330" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010025", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025", "https://www.cve.org/CVERecord?id=CVE-2019-1010025" ], "PublishedDate": "2019-07-15T04:15:13.537Z", "LastModifiedDate": "2024-11-21T04:17:55.96Z" }, { "VulnerabilityID": "CVE-2019-9192", "PkgID": "libc6-dev@2.41-12", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6-dev@2.41-12?arch=amd64\u0026distro=debian-13.1", "UID": "fadfd8e7339c2c6f" }, "InstalledVersion": "2.41-12", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 2.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-9192", "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2019-9192" ], "PublishedDate": "2019-02-26T18:29:00.34Z", "LastModifiedDate": "2024-11-21T04:51:10.53Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "libctf-nobfd0@2.44-3", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf-nobfd0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "d2e3db092e747262" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "libctf0@2.44-3", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libctf0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "a3feebedc795ffb3" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "libgprofng0@2.44-3", "PkgName": "libgprofng0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgprofng0@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "4b2c938995fd001d" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2018-5709", "PkgID": "libgssapi-krb5-2@1.21.3-5", "PkgName": "libgssapi-krb5-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "e981ef95af866663" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "Severity": "LOW", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-5709", "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "https://www.cve.org/CVERecord?id=CVE-2018-5709" ], "PublishedDate": "2018-01-16T09:29:00.5Z", "LastModifiedDate": "2024-11-21T04:09:13.037Z" }, { "VulnerabilityID": "CVE-2024-26458", "PkgID": "libgssapi-krb5-2@1.21.3-5", "PkgName": "libgssapi-krb5-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "e981ef95af866663" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26458", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://linux.oracle.com/cve/CVE-2024-26458.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "https://security.netapp.com/advisory/ntap-20240415-0010/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26458" ], "PublishedDate": "2024-02-29T01:44:18.78Z", "LastModifiedDate": "2025-05-23T15:39:31.357Z" }, { "VulnerabilityID": "CVE-2024-26461", "PkgID": "libgssapi-krb5-2@1.21.3-5", "PkgName": "libgssapi-krb5-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "e981ef95af866663" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "debian": 1, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26461", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://linux.oracle.com/cve/CVE-2024-26461.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "https://security.netapp.com/advisory/ntap-20240415-0011/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26461" ], "PublishedDate": "2024-02-29T01:44:18.82Z", "LastModifiedDate": "2025-05-23T15:30:30.847Z" }, { "VulnerabilityID": "CVE-2020-36325", "PkgID": "libjansson4@2.14-2+b3", "PkgName": "libjansson4", "PkgIdentifier": { "PURL": "pkg:deb/debian/libjansson4@2.14-2%2Bb3?arch=amd64\u0026distro=debian-13.1", "UID": "f2f7542d83d235f" }, "InstalledVersion": "2.14-2+b3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36325", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "jansson: out-of-bounds read in json_loads() due to a parsing error", "Description": "An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-36325", "https://github.com/akheron/jansson/issues/548", "https://nvd.nist.gov/vuln/detail/CVE-2020-36325", "https://www.cve.org/CVERecord?id=CVE-2020-36325" ], "PublishedDate": "2021-04-26T18:15:07.493Z", "LastModifiedDate": "2024-11-21T05:29:17.143Z" }, { "VulnerabilityID": "CVE-2018-5709", "PkgID": "libk5crypto3@1.21.3-5", "PkgName": "libk5crypto3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "654244e38d239af9" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "Severity": "LOW", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-5709", "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "https://www.cve.org/CVERecord?id=CVE-2018-5709" ], "PublishedDate": "2018-01-16T09:29:00.5Z", "LastModifiedDate": "2024-11-21T04:09:13.037Z" }, { "VulnerabilityID": "CVE-2024-26458", "PkgID": "libk5crypto3@1.21.3-5", "PkgName": "libk5crypto3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "654244e38d239af9" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26458", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://linux.oracle.com/cve/CVE-2024-26458.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "https://security.netapp.com/advisory/ntap-20240415-0010/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26458" ], "PublishedDate": "2024-02-29T01:44:18.78Z", "LastModifiedDate": "2025-05-23T15:39:31.357Z" }, { "VulnerabilityID": "CVE-2024-26461", "PkgID": "libk5crypto3@1.21.3-5", "PkgName": "libk5crypto3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "654244e38d239af9" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "debian": 1, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26461", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://linux.oracle.com/cve/CVE-2024-26461.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "https://security.netapp.com/advisory/ntap-20240415-0011/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26461" ], "PublishedDate": "2024-02-29T01:44:18.82Z", "LastModifiedDate": "2025-05-23T15:30:30.847Z" }, { "VulnerabilityID": "CVE-2018-5709", "PkgID": "libkrb5-3@1.21.3-5", "PkgName": "libkrb5-3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "42eb2a7522db520b" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "Severity": "LOW", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-5709", "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "https://www.cve.org/CVERecord?id=CVE-2018-5709" ], "PublishedDate": "2018-01-16T09:29:00.5Z", "LastModifiedDate": "2024-11-21T04:09:13.037Z" }, { "VulnerabilityID": "CVE-2024-26458", "PkgID": "libkrb5-3@1.21.3-5", "PkgName": "libkrb5-3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "42eb2a7522db520b" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26458", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://linux.oracle.com/cve/CVE-2024-26458.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "https://security.netapp.com/advisory/ntap-20240415-0010/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26458" ], "PublishedDate": "2024-02-29T01:44:18.78Z", "LastModifiedDate": "2025-05-23T15:39:31.357Z" }, { "VulnerabilityID": "CVE-2024-26461", "PkgID": "libkrb5-3@1.21.3-5", "PkgName": "libkrb5-3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "42eb2a7522db520b" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "debian": 1, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26461", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://linux.oracle.com/cve/CVE-2024-26461.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "https://security.netapp.com/advisory/ntap-20240415-0011/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26461" ], "PublishedDate": "2024-02-29T01:44:18.82Z", "LastModifiedDate": "2025-05-23T15:30:30.847Z" }, { "VulnerabilityID": "CVE-2018-5709", "PkgID": "libkrb5support0@1.21.3-5", "PkgName": "libkrb5support0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "7b7b2ceb7abdb0a3" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c", "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "Severity": "LOW", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2018-5709", "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "https://www.cve.org/CVERecord?id=CVE-2018-5709" ], "PublishedDate": "2018-01-16T09:29:00.5Z", "LastModifiedDate": "2024-11-21T04:09:13.037Z" }, { "VulnerabilityID": "CVE-2024-26458", "PkgID": "libkrb5support0@1.21.3-5", "PkgName": "libkrb5support0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "7b7b2ceb7abdb0a3" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26458", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26458", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://linux.oracle.com/cve/CVE-2024-26458.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "https://security.netapp.com/advisory/ntap-20240415-0010/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26458" ], "PublishedDate": "2024-02-29T01:44:18.78Z", "LastModifiedDate": "2025-05-23T15:39:31.357Z" }, { "VulnerabilityID": "CVE-2024-26461", "PkgID": "libkrb5support0@1.21.3-5", "PkgName": "libkrb5support0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.1", "UID": "7b7b2ceb7abdb0a3" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26461", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c", "Description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "debian": 1, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9331", "https://access.redhat.com/security/cve/CVE-2024-26461", "https://bugzilla.redhat.com/2266731", "https://bugzilla.redhat.com/2266740", "https://bugzilla.redhat.com/2266742", "https://bugzilla.redhat.com/show_bug.cgi?id=2266731", "https://bugzilla.redhat.com/show_bug.cgi?id=2266740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461", "https://errata.almalinux.org/9/ALSA-2024-9331.html", "https://errata.rockylinux.org/RLSA-2024:3268", "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://linux.oracle.com/cve/CVE-2024-26461.html", "https://linux.oracle.com/errata/ELSA-2024-9331.html", "https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "https://security.netapp.com/advisory/ntap-20240415-0011/", "https://ubuntu.com/security/notices/USN-7314-1", "https://www.cve.org/CVERecord?id=CVE-2024-26461" ], "PublishedDate": "2024-02-29T01:44:18.82Z", "LastModifiedDate": "2025-05-23T15:30:30.847Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "df76396cbfd04981" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2015-3276", "PkgID": "libldap-common@2.6.10+dfsg-1", "PkgName": "libldap-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap-common@2.6.10%2Bdfsg-1?arch=all\u0026distro=debian-13.1", "UID": "1e651153267a4241" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3276", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: incorrect multi-keyword mode cipherstring parsing", "Description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 3, "debian": 1, "nvd": 3, "oracle-oval": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V2Score": 4.3 } }, "References": [ "http://rhn.redhat.com/errata/RHSA-2015-2131.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "http://www.securitytracker.com/id/1034221", "https://access.redhat.com/security/cve/CVE-2015-3276", "https://bugzilla.redhat.com/show_bug.cgi?id=1238322", "https://linux.oracle.com/cve/CVE-2015-3276.html", "https://linux.oracle.com/errata/ELSA-2015-2131.html", "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "https://www.cve.org/CVERecord?id=CVE-2015-3276" ], "PublishedDate": "2015-12-07T20:59:03.023Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2017-14159", "PkgID": "libldap-common@2.6.10+dfsg-1", "PkgName": "libldap-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap-common@2.6.10%2Bdfsg-1?arch=all\u0026distro=debian-13.1", "UID": "1e651153267a4241" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14159", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: Privilege escalation via PID file manipulation", "Description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "Severity": "LOW", "CweIDs": [ "CWE-665" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 1.9, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "http://www.openldap.org/its/index.cgi?findid=8703", "https://access.redhat.com/security/cve/CVE-2017-14159", "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "https://www.cve.org/CVERecord?id=CVE-2017-14159", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2017-09-05T18:29:00.133Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2017-17740", "PkgID": "libldap-common@2.6.10+dfsg-1", "PkgName": "libldap-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap-common@2.6.10%2Bdfsg-1?arch=all\u0026distro=debian-13.1", "UID": "1e651153267a4241" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17740", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service", "Description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", "http://www.openldap.org/its/index.cgi/Incoming?id=8759", "https://access.redhat.com/security/cve/CVE-2017-17740", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365", "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "https://www.cve.org/CVERecord?id=CVE-2017-17740", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2017-12-18T06:29:00.397Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2020-15719", "PkgID": "libldap-common@2.6.10+dfsg-1", "PkgName": "libldap-common", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap-common@2.6.10%2Bdfsg-1?arch=all\u0026distro=debian-13.1", "UID": "1e651153267a4241" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15719", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: Certificate validation incorrectly matches name against CN-ID", "Description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "Severity": "LOW", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "bitnami": 2, "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 4.2 }, "nvd": { "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "V2Score": 4, "V3Score": 4.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 4.2 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", "https://access.redhat.com/errata/RHBA-2019:3674", "https://access.redhat.com/security/cve/CVE-2020-15719", "https://bugs.openldap.org/show_bug.cgi?id=9266", "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365", "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "https://www.cve.org/CVERecord?id=CVE-2020-15719", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2020-07-14T14:15:17.667Z", "LastModifiedDate": "2024-11-21T05:06:05.903Z" }, { "VulnerabilityID": "CVE-2015-3276", "PkgID": "libldap2@2.6.10+dfsg-1", "PkgName": "libldap2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.1", "UID": "57ebb4268feab87d" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3276", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: incorrect multi-keyword mode cipherstring parsing", "Description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 3, "debian": 1, "nvd": 3, "oracle-oval": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V2Score": 4.3 } }, "References": [ "http://rhn.redhat.com/errata/RHSA-2015-2131.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "http://www.securitytracker.com/id/1034221", "https://access.redhat.com/security/cve/CVE-2015-3276", "https://bugzilla.redhat.com/show_bug.cgi?id=1238322", "https://linux.oracle.com/cve/CVE-2015-3276.html", "https://linux.oracle.com/errata/ELSA-2015-2131.html", "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "https://www.cve.org/CVERecord?id=CVE-2015-3276" ], "PublishedDate": "2015-12-07T20:59:03.023Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2017-14159", "PkgID": "libldap2@2.6.10+dfsg-1", "PkgName": "libldap2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.1", "UID": "57ebb4268feab87d" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14159", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: Privilege escalation via PID file manipulation", "Description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "Severity": "LOW", "CweIDs": [ "CWE-665" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 1.9, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "http://www.openldap.org/its/index.cgi?findid=8703", "https://access.redhat.com/security/cve/CVE-2017-14159", "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "https://www.cve.org/CVERecord?id=CVE-2017-14159", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2017-09-05T18:29:00.133Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2017-17740", "PkgID": "libldap2@2.6.10+dfsg-1", "PkgName": "libldap2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.1", "UID": "57ebb4268feab87d" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17740", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service", "Description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", "http://www.openldap.org/its/index.cgi/Incoming?id=8759", "https://access.redhat.com/security/cve/CVE-2017-17740", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365", "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "https://www.cve.org/CVERecord?id=CVE-2017-17740", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2017-12-18T06:29:00.397Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2020-15719", "PkgID": "libldap2@2.6.10+dfsg-1", "PkgName": "libldap2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.1", "UID": "57ebb4268feab87d" }, "InstalledVersion": "2.6.10+dfsg-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15719", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "openldap: Certificate validation incorrectly matches name against CN-ID", "Description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "Severity": "LOW", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "bitnami": 2, "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 4.2 }, "nvd": { "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "V2Score": 4, "V3Score": 4.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 4.2 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", "https://access.redhat.com/errata/RHBA-2019:3674", "https://access.redhat.com/security/cve/CVE-2020-15719", "https://bugs.openldap.org/show_bug.cgi?id=9266", "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365", "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "https://www.cve.org/CVERecord?id=CVE-2020-15719", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "PublishedDate": "2020-07-14T14:15:17.667Z", "LastModifiedDate": "2024-11-21T05:06:05.903Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "6d2d7374cd54451e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2025-6141", "PkgID": "libncursesw6@6.5+20250216-2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.1", "UID": "9ab389651a2b5886" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnu-ncurses: ncurses Stack Buffer Overflow", "Description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-121" ], "VendorSeverity": { "photon": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-6141", "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-6141", "https://vuldb.com/?ctiid.312610", "https://vuldb.com/?id.312610", "https://vuldb.com/?submit.593000", "https://www.cve.org/CVERecord?id=CVE-2025-6141", "https://www.gnu.org/" ], "PublishedDate": "2025-06-16T22:16:41.527Z", "LastModifiedDate": "2025-06-17T20:50:23.507Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-20673", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: Integer overflow in demangle_template() function", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Severity": "LOW", "CweIDs": [ "CWE-190", "CWE-787" ], "VendorSeverity": { "alma": 1, "debian": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "http://www.securityfocus.com/bid/106454", "https://access.redhat.com/security/cve/CVE-2018-20673", "https://linux.oracle.com/cve/CVE-2018-20673.html", "https://linux.oracle.com/errata/ELSA-2021-4386.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-20673", "https://sourceware.org/bugzilla/show_bug.cgi?id=24039", "https://www.cve.org/CVERecord?id=CVE-2018-20673" ], "PublishedDate": "2019-01-04T18:29:00.21Z", "LastModifiedDate": "2024-11-21T04:01:57.977Z" }, { "VulnerabilityID": "CVE-2018-20712", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20712", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "libiberty: heap-based buffer over-read in d_expression_1", "Description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/106563", "https://access.redhat.com/security/cve/CVE-2018-20712", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "https://support.f5.com/csp/article/K38336243", "https://www.cve.org/CVERecord?id=CVE-2018-20712" ], "PublishedDate": "2019-01-15T00:29:00.257Z", "LastModifiedDate": "2024-11-21T04:02:00.663Z" }, { "VulnerabilityID": "CVE-2018-9996", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103733", "https://access.redhat.com/security/cve/CVE-2018-9996", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", "https://nvd.nist.gov/vuln/detail/CVE-2018-9996", "https://www.cve.org/CVERecord?id=CVE-2018-9996" ], "PublishedDate": "2018-04-10T22:29:00.353Z", "LastModifiedDate": "2024-11-21T04:16:00.48Z" }, { "VulnerabilityID": "CVE-2021-32256", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32256", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: stack-overflow issue in demangle_type in rust-demangle.c.", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-32256", "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070", "https://nvd.nist.gov/vuln/detail/CVE-2021-32256", "https://security.netapp.com/advisory/ntap-20230824-0013/", "https://www.cve.org/CVERecord?id=CVE-2021-32256" ], "PublishedDate": "2023-07-18T14:15:11.61Z", "LastModifiedDate": "2024-11-21T06:06:55.1Z" }, { "VulnerabilityID": "CVE-2025-11081", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11081", "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-11081", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406", "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b", "https://vuldb.com/?ctiid.326122", "https://vuldb.com/?id.326122", "https://vuldb.com/?submit.661275", "https://www.cve.org/CVERecord?id=CVE-2025-11081", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T22:15:32.43Z", "LastModifiedDate": "2025-10-03T16:51:07.39Z" }, { "VulnerabilityID": "CVE-2025-11082", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11082", "https://nvd.nist.gov/vuln/detail/CVE-2025-11082", "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "https://vuldb.com/?ctiid.326123", "https://vuldb.com/?id.326123", "https://vuldb.com/?submit.661276", "https://www.cve.org/CVERecord?id=CVE-2025-11082", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:31.39Z", "LastModifiedDate": "2025-10-03T16:52:34.527Z" }, { "VulnerabilityID": "CVE-2025-11083", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11083", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11083", "https://nvd.nist.gov/vuln/detail/CVE-2025-11083", "https://sourceware.org/bugzilla/attachment.cgi?id=16353", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457", "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490", "https://vuldb.com/?ctiid.326124", "https://vuldb.com/?id.326124", "https://vuldb.com/?submit.661277", "https://www.cve.org/CVERecord?id=CVE-2025-11083", "https://www.gnu.org/" ], "PublishedDate": "2025-09-27T23:15:32.33Z", "LastModifiedDate": "2025-10-03T16:52:47.01Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2025-10-14T15:24:49.567Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-1147", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1147", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils nm nm.c internal_strlen buffer overflow", "Description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-120" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1147", "https://nvd.nist.gov/vuln/detail/CVE-2025-1147", "https://sourceware.org/bugzilla/attachment.cgi?id=15881", "https://sourceware.org/bugzilla/show_bug.cgi?id=32556", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7be4186c22f89a87fff048c28910f5d26a0f61ce", "https://vuldb.com/?ctiid.295051", "https://vuldb.com/?id.295051", "https://vuldb.com/?submit.485254", "https://www.cve.org/CVERecord?id=CVE-2025-1147", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.643Z", "LastModifiedDate": "2025-03-04T15:51:17.86Z" }, { "VulnerabilityID": "CVE-2025-1148", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1148", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1148", "https://nvd.nist.gov/vuln/detail/CVE-2025-1148", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d4115c2c8d447e297ae353892de89192c1996211", "https://sourceware.org/pipermail/binutils/2025-March/139979.html", "https://vuldb.com/?ctiid.295052", "https://vuldb.com/?id.295052", "https://vuldb.com/?submit.485747", "https://www.cve.org/CVERecord?id=CVE-2025-1148", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T14:15:29.927Z", "LastModifiedDate": "2025-03-04T17:12:35.4Z" }, { "VulnerabilityID": "CVE-2025-1149", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1149", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmalloc.c xstrdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1149", "https://nvd.nist.gov/vuln/detail/CVE-2025-1149", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295053", "https://vuldb.com/?id.295053", "https://www.cve.org/CVERecord?id=CVE-2025-1149", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T15:15:13.093Z", "LastModifiedDate": "2025-03-04T14:53:43.637Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-11495", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11495", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils Linker heap-based overflow", "Description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11495", "https://nvd.nist.gov/vuln/detail/CVE-2025-11495", "https://sourceware.org/bugzilla/attachment.cgi?id=16393", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502", "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0", "https://vuldb.com/?ctiid.327620", "https://vuldb.com/?id.327620", "https://vuldb.com/?submit.668290", "https://www.cve.org/CVERecord?id=CVE-2025-11495", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.99Z", "LastModifiedDate": "2025-10-14T15:28:00.96Z" }, { "VulnerabilityID": "CVE-2025-1150", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1150", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_malloc memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1150", "https://nvd.nist.gov/vuln/detail/CVE-2025-1150", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295054", "https://vuldb.com/?id.295054", "https://www.cve.org/CVERecord?id=CVE-2025-1150", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.517Z", "LastModifiedDate": "2025-03-11T19:01:04.727Z" }, { "VulnerabilityID": "CVE-2025-1151", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1151", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xmemdup.c xmemdup memory leak", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1151", "https://nvd.nist.gov/vuln/detail/CVE-2025-1151", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295055", "https://vuldb.com/?id.295055", "https://www.cve.org/CVERecord?id=CVE-2025-1151", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T17:15:18.713Z", "LastModifiedDate": "2025-02-10T17:15:18.713Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T16:52:20.953Z" }, { "VulnerabilityID": "CVE-2025-1153", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1153", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils format.c bfd_set_format memory corruption", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1153", "https://nvd.nist.gov/vuln/detail/CVE-2025-1153", "https://sourceware.org/bugzilla/show_bug.cgi?id=32603", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295057", "https://vuldb.com/?id.295057", "https://vuldb.com/?submit.489991", "https://www.cve.org/CVERecord?id=CVE-2025-1153", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T19:15:39.9Z", "LastModifiedDate": "2025-03-03T17:28:09.167Z" }, { "VulnerabilityID": "CVE-2025-1176", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1176", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow", "Description": "A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1176", "https://nvd.nist.gov/vuln/detail/CVE-2025-1176", "https://security.netapp.com/advisory/ntap-20250411-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15913", "https://sourceware.org/bugzilla/show_bug.cgi?id=32636", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814", "https://ubuntu.com/security/notices/USN-7423-1", "https://ubuntu.com/security/notices/USN-7423-2", "https://vuldb.com/?ctiid.295079", "https://vuldb.com/?id.295079", "https://vuldb.com/?submit.495329", "https://www.cve.org/CVERecord?id=CVE-2025-1176", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T06:15:22.433Z", "LastModifiedDate": "2025-04-11T22:15:29.513Z" }, { "VulnerabilityID": "CVE-2025-1178", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1178", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "Description": "A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1178", "https://nvd.nist.gov/vuln/detail/CVE-2025-1178", "https://security.netapp.com/advisory/ntap-20250411-0008/", "https://sourceware.org/bugzilla/attachment.cgi?id=15914", "https://sourceware.org/bugzilla/show_bug.cgi?id=32638", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295081", "https://vuldb.com/?id.295081", "https://vuldb.com/?submit.495369", "https://www.cve.org/CVERecord?id=CVE-2025-1178", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T07:15:29.997Z", "LastModifiedDate": "2025-05-21T20:35:24.22Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2025-1181", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1181", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption", "Description": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1181", "https://nvd.nist.gov/vuln/detail/CVE-2025-1181", "https://security.netapp.com/advisory/ntap-20250425-0007/", "https://sourceware.org/bugzilla/attachment.cgi?id=15918", "https://sourceware.org/bugzilla/show_bug.cgi?id=32643", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295084", "https://vuldb.com/?id.295084", "https://vuldb.com/?submit.495402", "https://www.cve.org/CVERecord?id=CVE-2025-1181", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.797Z", "LastModifiedDate": "2025-05-21T20:35:11.073Z" }, { "VulnerabilityID": "CVE-2025-1182", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1182", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption", "Description": "A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1182", "https://nvd.nist.gov/vuln/detail/CVE-2025-1182", "https://sourceware.org/bugzilla/attachment.cgi?id=15919", "https://sourceware.org/bugzilla/show_bug.cgi?id=32644", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad", "https://ubuntu.com/security/notices/USN-7423-1", "https://vuldb.com/?ctiid.295086", "https://vuldb.com/?id.295086", "https://vuldb.com/?submit.495407", "https://www.cve.org/CVERecord?id=CVE-2025-1182", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T09:15:09.53Z", "LastModifiedDate": "2025-05-21T20:35:04.15Z" }, { "VulnerabilityID": "CVE-2025-11839", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11839", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "Description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "Severity": "LOW", "CweIDs": [ "CWE-252", "CWE-253" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11839", "https://nvd.nist.gov/vuln/detail/CVE-2025-11839", "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "https://vuldb.com/?ctiid.328774", "https://vuldb.com/?id.328774", "https://vuldb.com/?submit.661279", "https://www.cve.org/CVERecord?id=CVE-2025-11839", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T14:15:34.86Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-11840", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11840", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils out-of-bounds read", "Description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "debian": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11840", "https://nvd.nist.gov/vuln/detail/CVE-2025-11840", "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "https://vuldb.com/?ctiid.328775", "https://vuldb.com/?id.328775", "https://vuldb.com/?submit.661281", "https://www.cve.org/CVERecord?id=CVE-2025-11840", "https://www.gnu.org/" ], "PublishedDate": "2025-10-16T16:15:37.003Z", "LastModifiedDate": "2025-10-16T16:15:37.003Z" }, { "VulnerabilityID": "CVE-2025-3198", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3198", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump bucomm.c display_info memory leak", "Description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-3198", "https://nvd.nist.gov/vuln/detail/CVE-2025-3198", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "https://vuldb.com/?ctiid.303151", "https://vuldb.com/?id.303151", "https://vuldb.com/?submit.545773", "https://www.cve.org/CVERecord?id=CVE-2025-3198", "https://www.gnu.org/" ], "PublishedDate": "2025-04-04T02:15:18.803Z", "LastModifiedDate": "2025-05-15T19:46:30.95Z" }, { "VulnerabilityID": "CVE-2025-5244", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5244", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "Description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5244", "https://nvd.nist.gov/vuln/detail/CVE-2025-5244", "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "https://vuldb.com/?ctiid.310346", "https://vuldb.com/?id.310346", "https://vuldb.com/?submit.584634", "https://www.cve.org/CVERecord?id=CVE-2025-5244", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T13:15:21.76Z", "LastModifiedDate": "2025-10-03T14:46:39.57Z" }, { "VulnerabilityID": "CVE-2025-5245", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5245", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption", "Description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-5245", "https://nvd.nist.gov/vuln/detail/CVE-2025-5245", "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "https://vuldb.com/?ctiid.310347", "https://vuldb.com/?id.310347", "https://vuldb.com/?submit.584635", "https://www.cve.org/CVERecord?id=CVE-2025-5245", "https://www.gnu.org/" ], "PublishedDate": "2025-05-27T15:15:36.057Z", "LastModifiedDate": "2025-10-03T14:45:57.887Z" }, { "VulnerabilityID": "CVE-2025-7545", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7545", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Heap Buffer Overflow", "Description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-122" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7545", "https://nvd.nist.gov/vuln/detail/CVE-2025-7545", "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "https://ubuntu.com/security/notices/USN-7718-1", "https://vuldb.com/?ctiid.316243", "https://vuldb.com/?id.316243", "https://vuldb.com/?submit.614355", "https://www.cve.org/CVERecord?id=CVE-2025-7545", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:23.873Z", "LastModifiedDate": "2025-07-30T15:59:48.84Z" }, { "VulnerabilityID": "CVE-2025-7546", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7546", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils: Out-of-bounds Write Vulnerability", "Description": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-7546", "https://nvd.nist.gov/vuln/detail/CVE-2025-7546", "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "https://vuldb.com/?ctiid.316244", "https://vuldb.com/?id.316244", "https://vuldb.com/?submit.614375", "https://www.cve.org/CVERecord?id=CVE-2025-7546", "https://www.gnu.org/" ], "PublishedDate": "2025-07-13T22:15:24.07Z", "LastModifiedDate": "2025-07-30T15:59:59.203Z" }, { "VulnerabilityID": "CVE-2025-8225", "PkgID": "libsframe1@2.44-3", "PkgName": "libsframe1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsframe1@2.44-3?arch=amd64\u0026distro=debian-13.1", "UID": "dcd7d79477693e03" }, "InstalledVersion": "2.44-3", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "binutils: Binutils DWARF Section Handler Memory Leak", "Description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8225", "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-8225", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4", "https://vuldb.com/?ctiid.317813", "https://vuldb.com/?id.317813", "https://vuldb.com/?submit.621883", "https://www.cve.org/CVERecord?id=CVE-2025-8225", "https://www.gnu.org/" ], "PublishedDate": "2025-07-27T08:15:25.76Z", "LastModifiedDate": "2025-08-01T17:08:13.977Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "bdd963006efde917" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2025-7709", "PkgID": "libsqlite3-0@3.46.1-7", "PkgName": "libsqlite3-0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7?arch=amd64\u0026distro=debian-13.1", "UID": "d3b12dcb7bd33f74" }, "InstalledVersion": "3.46.1-7", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An integer overflow exists in the FTS5 https://sqlite.org/fts5.html e ...", "Description": "An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g", "https://ubuntu.com/security/notices/USN-7751-1", "https://www.cve.org/CVERecord?id=CVE-2025-7709" ], "PublishedDate": "2025-09-08T15:15:38.18Z", "LastModifiedDate": "2025-09-08T16:25:38.81Z" }, { "VulnerabilityID": "CVE-2021-45346", "PkgID": "libsqlite3-0@3.46.1-7", "PkgName": "libsqlite3-0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7?arch=amd64\u0026distro=debian-13.1", "UID": "d3b12dcb7bd33f74" }, "InstalledVersion": "3.46.1-7", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45346", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "sqlite: crafted SQL query allows a malicious user to obtain sensitive information", "Description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "bitnami": 2, "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V2Score": 4, "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-45346", "https://github.com/guyinatuxedo/sqlite3_record_leaking", "https://nvd.nist.gov/vuln/detail/CVE-2021-45346", "https://security.netapp.com/advisory/ntap-20220303-0001/", "https://sqlite.org/forum/forumpost/056d557c2f8c452ed5", "https://sqlite.org/forum/forumpost/53de8864ba114bf6", "https://www.cve.org/CVERecord?id=CVE-2021-45346", "https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves" ], "PublishedDate": "2022-02-14T19:15:07.793Z", "LastModifiedDate": "2024-11-21T06:32:07.577Z" }, { "VulnerabilityID": "CVE-2013-4392", "PkgID": "libsystemd0@257.8-1~deb13u2", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "b19608333503a8c4" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "Severity": "LOW", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 } }, "References": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://access.redhat.com/security/cve/CVE-2013-4392", "https://bugzilla.redhat.com/show_bug.cgi?id=859060", "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "https://www.cve.org/CVERecord?id=CVE-2013-4392" ], "PublishedDate": "2013-10-28T22:55:03.773Z", "LastModifiedDate": "2025-06-09T16:15:23.763Z" }, { "VulnerabilityID": "CVE-2023-31437", "PkgID": "libsystemd0@257.8-1~deb13u2", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "b19608333503a8c4" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", "Description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.657Z", "LastModifiedDate": "2025-01-03T20:15:26.457Z" }, { "VulnerabilityID": "CVE-2023-31438", "PkgID": "libsystemd0@257.8-1~deb13u2", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "b19608333503a8c4" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", "Description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.707Z", "LastModifiedDate": "2024-11-21T08:01:51.953Z" }, { "VulnerabilityID": "CVE-2023-31439", "PkgID": "libsystemd0@257.8-1~deb13u2", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "b19608333503a8c4" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify the con ...", "Description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.753Z", "LastModifiedDate": "2024-11-21T08:01:52.097Z" }, { "VulnerabilityID": "CVE-2025-6141", "PkgID": "libtinfo6@6.5+20250216-2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.1", "UID": "39109c87ce11f4ff" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnu-ncurses: ncurses Stack Buffer Overflow", "Description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-121" ], "VendorSeverity": { "photon": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-6141", "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-6141", "https://vuldb.com/?ctiid.312610", "https://vuldb.com/?id.312610", "https://vuldb.com/?submit.593000", "https://www.cve.org/CVERecord?id=CVE-2025-6141", "https://www.gnu.org/" ], "PublishedDate": "2025-06-16T22:16:41.527Z", "LastModifiedDate": "2025-06-17T20:50:23.507Z" }, { "VulnerabilityID": "CVE-2013-4392", "PkgID": "libudev1@257.8-1~deb13u2", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "1a4e2b5bbb145a62" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "Severity": "LOW", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "V2Score": 3.3 } }, "References": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://access.redhat.com/security/cve/CVE-2013-4392", "https://bugzilla.redhat.com/show_bug.cgi?id=859060", "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "https://www.cve.org/CVERecord?id=CVE-2013-4392" ], "PublishedDate": "2013-10-28T22:55:03.773Z", "LastModifiedDate": "2025-06-09T16:15:23.763Z" }, { "VulnerabilityID": "CVE-2023-31437", "PkgID": "libudev1@257.8-1~deb13u2", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "1a4e2b5bbb145a62" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", "Description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.657Z", "LastModifiedDate": "2025-01-03T20:15:26.457Z" }, { "VulnerabilityID": "CVE-2023-31438", "PkgID": "libudev1@257.8-1~deb13u2", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "1a4e2b5bbb145a62" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", "Description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.707Z", "LastModifiedDate": "2024-11-21T08:01:51.953Z" }, { "VulnerabilityID": "CVE-2023-31439", "PkgID": "libudev1@257.8-1~deb13u2", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.8-1~deb13u2?arch=amd64\u0026distro=debian-13.1", "UID": "1a4e2b5bbb145a62" }, "InstalledVersion": "257.8-1~deb13u2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in systemd 253. An attacker can modify the con ...", "Description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "Severity": "LOW", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "amazon": 1, "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "PublishedDate": "2023-06-13T17:15:14.753Z", "LastModifiedDate": "2024-11-21T08:01:52.097Z" }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "e68ae51900aac46d" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2013-7445", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7445", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects", "Description": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.", "Severity": "HIGH", "CweIDs": [ "CWE-399" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V2Score": 7.8 }, "redhat": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V2Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2013-7445", "https://bugzilla.kernel.org/show_bug.cgi?id=60533", "https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)", "https://nvd.nist.gov/vuln/detail/CVE-2013-7445", "https://www.cve.org/CVERecord?id=CVE-2013-7445" ], "PublishedDate": "2015-10-16T01:59:00.12Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2019-19449", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19449", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c", "Description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19449", "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449", "https://nvd.nist.gov/vuln/detail/CVE-2019-19449", "https://security.netapp.com/advisory/ntap-20200103-0001/", "https://ubuntu.com/security/notices/USN-5120-1", "https://ubuntu.com/security/notices/USN-5136-1", "https://ubuntu.com/security/notices/USN-5137-1", "https://ubuntu.com/security/notices/USN-5137-2", "https://ubuntu.com/security/notices/USN-5343-1", "https://www.cve.org/CVERecord?id=CVE-2019-19449" ], "PublishedDate": "2019-12-08T02:15:09.97Z", "LastModifiedDate": "2024-11-21T04:34:45.337Z" }, { "VulnerabilityID": "CVE-2019-19814", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19814", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c", "Description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 9.3, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19814", "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814", "https://nvd.nist.gov/vuln/detail/CVE-2019-19814", "https://security.netapp.com/advisory/ntap-20200103-0001/", "https://www.cve.org/CVERecord?id=CVE-2019-19814" ], "PublishedDate": "2019-12-17T06:15:12.843Z", "LastModifiedDate": "2024-11-21T04:35:26.68Z" }, { "VulnerabilityID": "CVE-2021-3847", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3847", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: low-privileged user privileges escalation", "Description": "An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.", "Severity": "HIGH", "CweIDs": [ "CWE-281" ], "VendorSeverity": { "cbl-mariner": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.2, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3847", "https://bugzilla.redhat.com/show_bug.cgi?id=2009704", "https://nvd.nist.gov/vuln/detail/CVE-2021-3847", "https://www.cve.org/CVERecord?id=CVE-2021-3847", "https://www.openwall.com/lists/oss-security/2021/10/14/3" ], "PublishedDate": "2022-04-01T23:15:10.597Z", "LastModifiedDate": "2024-11-21T06:22:38.597Z" }, { "VulnerabilityID": "CVE-2021-3864", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3864", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: descendant's dumpable setting with certain SUID binaries", "Description": "A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.", "Severity": "HIGH", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3864", "https://bugzilla.redhat.com/show_bug.cgi?id=2015046", "https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/", "https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com", "https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/", "https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/", "https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/", "https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com", "https://nvd.nist.gov/vuln/detail/CVE-2021-3864", "https://security-tracker.debian.org/tracker/CVE-2021-3864", "https://www.cve.org/CVERecord?id=CVE-2021-3864", "https://www.openwall.com/lists/oss-security/2021/10/20/2" ], "PublishedDate": "2022-08-26T16:15:09.68Z", "LastModifiedDate": "2024-11-21T06:22:41.197Z" }, { "VulnerabilityID": "CVE-2024-21803", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21803", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c", "Description": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "cbl-mariner": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-21803", "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081", "https://nvd.nist.gov/vuln/detail/CVE-2024-21803", "https://www.cve.org/CVERecord?id=CVE-2024-21803" ], "PublishedDate": "2024-01-30T08:15:41.373Z", "LastModifiedDate": "2025-08-15T20:31:42.717Z" }, { "VulnerabilityID": "CVE-2024-57995", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57995", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()\n\nIn ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different\nradio, it gets deleted from that radio through a call to\nath12k_mac_unassign_link_vif(). This action frees the arvif pointer.\nSubsequently, there is a check involving arvif, which will result in a\nread-after-free scenario.\n\nFix this by moving this check after arvif is again assigned via call to\nath12k_mac_assign_link_vif().\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57995", "https://git.kernel.org/linus/5a10971c7645a95f5d5dc23c26fbac4bf61801d0 (6.14-rc1)", "https://git.kernel.org/stable/c/5a10971c7645a95f5d5dc23c26fbac4bf61801d0", "https://git.kernel.org/stable/c/f3a95a312419e4f1e992525917da9dbcd247038f", "https://lore.kernel.org/linux-cve-announce/2025022640-CVE-2024-57995-892d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57995", "https://www.cve.org/CVERecord?id=CVE-2024-57995" ], "PublishedDate": "2025-02-27T02:15:13.517Z", "LastModifiedDate": "2025-10-01T20:18:09.427Z" }, { "VulnerabilityID": "CVE-2025-21709", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: kernel: be more careful about dup_mmap() failures and uprobe registering", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel: be more careful about dup_mmap() failures and uprobe registering\n\nIf a memory allocation fails during dup_mmap(), the maple tree can be left\nin an unsafe state for other iterators besides the exit path. All the\nlocks are dropped before the exit_mmap() call (in mm/mmap.c), but the\nincomplete mm_struct can be reached through (at least) the rmap finding\nthe vmas which have a pointer back to the mm_struct.\n\nUp to this point, there have been no issues with being able to find an\nmm_struct that was only partially initialised. Syzbot was able to make\nthe incomplete mm_struct fail with recent forking changes, so it has been\nproven unsafe to use the mm_struct that hasn't been initialised, as\nreferenced in the link below.\n\nAlthough 8ac662f5da19f (\"fork: avoid inappropriate uprobe access to\ninvalid mm\") fixed the uprobe access, it does not completely remove the\nrace.\n\nThis patch sets the MMF_OOM_SKIP to avoid the iteration of the vmas on the\noom side (even though this is extremely unlikely to be selected as an oom\nvictim in the race window), and sets MMF_UNSTABLE to avoid other potential\nusers from using a partially initialised mm_struct.\n\nWhen registering vmas for uprobe, skip the vmas in an mm that is marked\nunstable. Modifying a vma in an unstable mm may cause issues if the mm\nisn't fully initialised.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21709", "https://git.kernel.org/linus/64c37e134b120fb462fb4a80694bfb8e7be77b14 (6.14-rc1)", "https://git.kernel.org/stable/c/64c37e134b120fb462fb4a80694bfb8e7be77b14", "https://git.kernel.org/stable/c/da139948aeda677ac09cc0e7d837f8a314de7d55", "https://lore.kernel.org/linux-cve-announce/2025022643-CVE-2025-21709-e967@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21709", "https://www.cve.org/CVERecord?id=CVE-2025-21709" ], "PublishedDate": "2025-02-27T02:15:14.56Z", "LastModifiedDate": "2025-02-27T02:15:14.56Z" }, { "VulnerabilityID": "CVE-2025-22104", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22104", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ibmvnic: Use kernel helpers for hex dumps", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n ibmvnic 30000003 env3: Login Buffer:\n ibmvnic 30000003 env3: 01000000af000000\n \u003c...\u003e\n ibmvnic 30000003 env3: 2e6d62692e736261\n ibmvnic 30000003 env3: 65050003006d6f63\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n \u003c...\u003e\n Allocated by task 17681:\n \u003c...\u003e\n ibmvnic_login+0x2f0/0xffc [ibmvnic]\n ibmvnic_open+0x148/0x308 [ibmvnic]\n __dev_open+0x1ac/0x304\n \u003c...\u003e\n The buggy address is located 168 bytes inside of\n allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n \u003c...\u003e\n =================================================================\n ibmvnic 30000003 env3: 000000000033766e", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:9302", "https://access.redhat.com/security/cve/CVE-2025-22104", "https://bugzilla.redhat.com/2355415", "https://bugzilla.redhat.com/2356618", "https://bugzilla.redhat.com/2360265", "https://bugzilla.redhat.com/2363268", "https://bugzilla.redhat.com/2363305", "https://errata.almalinux.org/9/ALSA-2025-9302.html", "https://git.kernel.org/linus/d93a6caab5d7d9b5ce034d75b1e1e993338e3852 (6.15-rc1)", "https://git.kernel.org/stable/c/ae6b1d6c1acee3a2000394d83ec9f1028321e207", "https://git.kernel.org/stable/c/d93a6caab5d7d9b5ce034d75b1e1e993338e3852", "https://linux.oracle.com/cve/CVE-2025-22104.html", "https://linux.oracle.com/errata/ELSA-2025-9896.html", "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22104-0a82@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22104", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22104" ], "PublishedDate": "2025-04-16T15:16:04.733Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22121", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22121", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()\n\nThere's issue as follows:\nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790\nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172\n\nCPU: 3 PID: 15172 Comm: syz-executor.0\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0xbe/0xfd lib/dump_stack.c:123\n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137\n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896\n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323\n evict+0x39f/0x880 fs/inode.c:622\n iput_final fs/inode.c:1746 [inline]\n iput fs/inode.c:1772 [inline]\n iput+0x525/0x6c0 fs/inode.c:1758\n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]\n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300\n mount_bdev+0x355/0x410 fs/super.c:1446\n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611\n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576\n do_new_mount fs/namespace.c:2983 [inline]\n path_mount+0x119a/0x1ad0 fs/namespace.c:3316\n do_mount+0xfc/0x110 fs/namespace.c:3329\n __do_sys_mount fs/namespace.c:3540 [inline]\n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nMemory state around the buggy address:\n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\u003effff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ^\n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nAbove issue happens as ext4_xattr_delete_inode() isn't check xattr\nis valid if xattr is in inode.\nTo solve above issue call xattr_check_inode() check if xattr if valid\nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),\nso that there is no divergent verification.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11861", "https://access.redhat.com/security/cve/CVE-2025-22121", "https://bugzilla.redhat.com/2348599", "https://bugzilla.redhat.com/2356613", "https://bugzilla.redhat.com/2360186", "https://bugzilla.redhat.com/2360199", "https://bugzilla.redhat.com/2360212", "https://bugzilla.redhat.com/2360219", "https://bugzilla.redhat.com/2363672", "https://bugzilla.redhat.com/2367572", "https://bugzilla.redhat.com/2375305", "https://bugzilla.redhat.com/2376035", "https://bugzilla.redhat.com/show_bug.cgi?id=2360186", "https://bugzilla.redhat.com/show_bug.cgi?id=2360199", "https://bugzilla.redhat.com/show_bug.cgi?id=2363672", "https://bugzilla.redhat.com/show_bug.cgi?id=2375528", "https://bugzilla.redhat.com/show_bug.cgi?id=2376035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22121", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38110", "https://errata.almalinux.org/9/ALSA-2025-11861.html", "https://errata.rockylinux.org/RLSA-2025:11855", "https://git.kernel.org/linus/5701875f9609b000d91351eaa6bfd97fe2f157f4 (6.15-rc1)", "https://git.kernel.org/stable/c/0c8fbb6ffb3c8f5164572ca88e4ccb6cd6a41ca8", "https://git.kernel.org/stable/c/5701875f9609b000d91351eaa6bfd97fe2f157f4", "https://linux.oracle.com/cve/CVE-2025-22121.html", "https://linux.oracle.com/errata/ELSA-2025-11861.html", "https://lore.kernel.org/linux-cve-announce/2025041628-CVE-2025-22121-52fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22121", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22121" ], "PublishedDate": "2025-04-16T15:16:06.277Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-37825", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37825", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: nvmet: fix out-of-bounds access in nvmet_enable_port", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix out-of-bounds access in nvmet_enable_port\n\nWhen trying to enable a port that has no transport configured yet,\nnvmet_enable_port() uses NVMF_TRTYPE_MAX (255) to query the transports\narray, causing an out-of-bounds access:\n\n[ 106.058694] BUG: KASAN: global-out-of-bounds in nvmet_enable_port+0x42/0x1da\n[ 106.058719] Read of size 8 at addr ffffffff89dafa58 by task ln/632\n[...]\n[ 106.076026] nvmet: transport type 255 not supported\n\nSince commit 200adac75888, NVMF_TRTYPE_MAX is the default state as configured by\nnvmet_ports_make().\nAvoid this by checking for NVMF_TRTYPE_MAX before proceeding.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37825", "https://git.kernel.org/linus/3d7aa0c7b4e96cd460826d932e44710cdeb3378b (6.15-rc4)", "https://git.kernel.org/stable/c/3d7aa0c7b4e96cd460826d932e44710cdeb3378b", "https://git.kernel.org/stable/c/83c00860a37b3fcba8026cb344101f1b8af547cf", "https://lore.kernel.org/linux-cve-announce/2025050822-CVE-2025-37825-547b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37825", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37825" ], "PublishedDate": "2025-05-08T07:15:53.747Z", "LastModifiedDate": "2025-05-08T14:39:09.683Z" }, { "VulnerabilityID": "CVE-2025-37906", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37906", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd\n\nublk_cancel_cmd() calls io_uring_cmd_done() to complete uring_cmd, but\nwe may have scheduled task work via io_uring_cmd_complete_in_task() for\ndispatching request, then kernel crash can be triggered.\n\nFix it by not trying to canceling the command if ublk block request is\nstarted.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37906", "https://git.kernel.org/linus/f40139fde5278d81af3227444fd6e76a76b9506d (6.15-rc4)", "https://git.kernel.org/stable/c/f40139fde5278d81af3227444fd6e76a76b9506d", "https://git.kernel.org/stable/c/fb2eb9ddf556f93fef45201e1f9d2b8674bcc975", "https://lore.kernel.org/linux-cve-announce/2025052057-CVE-2025-37906-0bd6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37906", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://www.cve.org/CVERecord?id=CVE-2025-37906" ], "PublishedDate": "2025-05-20T16:15:27.07Z", "LastModifiedDate": "2025-05-21T20:25:16.407Z" }, { "VulnerabilityID": "CVE-2025-38029", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38029", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: kasan: avoid sleepable page allocation from atomic context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: avoid sleepable page allocation from atomic context\n\napply_to_pte_range() enters the lazy MMU mode and then invokes\nkasan_populate_vmalloc_pte() callback on each page table walk iteration. \nHowever, the callback can go into sleep when trying to allocate a single\npage, e.g. if an architecutre disables preemption on lazy MMU mode enter.\n\nOn s390 if make arch_enter_lazy_mmu_mode() -\u003e preempt_enable() and\narch_leave_lazy_mmu_mode() -\u003e preempt_disable(), such crash occurs:\n\n[ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321\n[ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\n[ 0.663358] preempt_count: 1, expected: 0\n[ 0.663366] RCU nest depth: 0, expected: 0\n[ 0.663375] no locks held by kthreadd/2.\n[ 0.663383] Preemption disabled at:\n[ 0.663386] [\u003c0002f3284cbb4eda\u003e] apply_to_pte_range+0xfa/0x4a0\n[ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT\n[ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux)\n[ 0.663409] Call Trace:\n[ 0.663410] [\u003c0002f3284c385f58\u003e] dump_stack_lvl+0xe8/0x140\n[ 0.663413] [\u003c0002f3284c507b9e\u003e] __might_resched+0x66e/0x700\n[ 0.663415] [\u003c0002f3284cc4f6c0\u003e] __alloc_frozen_pages_noprof+0x370/0x4b0\n[ 0.663419] [\u003c0002f3284ccc73c0\u003e] alloc_pages_mpol+0x1a0/0x4a0\n[ 0.663421] [\u003c0002f3284ccc8518\u003e] alloc_frozen_pages_noprof+0x88/0xc0\n[ 0.663424] [\u003c0002f3284ccc8572\u003e] alloc_pages_noprof+0x22/0x120\n[ 0.663427] [\u003c0002f3284cc341ac\u003e] get_free_pages_noprof+0x2c/0xc0\n[ 0.663429] [\u003c0002f3284cceba70\u003e] kasan_populate_vmalloc_pte+0x50/0x120\n[ 0.663433] [\u003c0002f3284cbb4ef8\u003e] apply_to_pte_range+0x118/0x4a0\n[ 0.663435] [\u003c0002f3284cbc7c14\u003e] apply_to_pmd_range+0x194/0x3e0\n[ 0.663437] [\u003c0002f3284cbc99be\u003e] __apply_to_page_range+0x2fe/0x7a0\n[ 0.663440] [\u003c0002f3284cbc9e88\u003e] apply_to_page_range+0x28/0x40\n[ 0.663442] [\u003c0002f3284ccebf12\u003e] kasan_populate_vmalloc+0x82/0xa0\n[ 0.663445] [\u003c0002f3284cc1578c\u003e] alloc_vmap_area+0x34c/0xc10\n[ 0.663448] [\u003c0002f3284cc1c2a6\u003e] __get_vm_area_node+0x186/0x2a0\n[ 0.663451] [\u003c0002f3284cc1e696\u003e] __vmalloc_node_range_noprof+0x116/0x310\n[ 0.663454] [\u003c0002f3284cc1d950\u003e] __vmalloc_node_noprof+0xd0/0x110\n[ 0.663457] [\u003c0002f3284c454b88\u003e] alloc_thread_stack_node+0xf8/0x330\n[ 0.663460] [\u003c0002f3284c458d56\u003e] dup_task_struct+0x66/0x4d0\n[ 0.663463] [\u003c0002f3284c45be90\u003e] copy_process+0x280/0x4b90\n[ 0.663465] [\u003c0002f3284c460940\u003e] kernel_clone+0xd0/0x4b0\n[ 0.663467] [\u003c0002f3284c46115e\u003e] kernel_thread+0xbe/0xe0\n[ 0.663469] [\u003c0002f3284c4e440e\u003e] kthreadd+0x50e/0x7f0\n[ 0.663472] [\u003c0002f3284c38c04a\u003e] __ret_from_fork+0x8a/0xf0\n[ 0.663475] [\u003c0002f3284ed57ff2\u003e] ret_from_fork+0xa/0x38\n\nInstead of allocating single pages per-PTE, bulk-allocate the shadow\nmemory prior to applying kasan_populate_vmalloc_pte() callback on a page\nrange.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38029", "https://git.kernel.org/linus/b6ea95a34cbd014ab6ade4248107b86b0aaf2d6c (6.15)", "https://git.kernel.org/stable/c/6748dd09196248b985cca39eaf651d5317271977", "https://git.kernel.org/stable/c/b6ea95a34cbd014ab6ade4248107b86b0aaf2d6c", "https://lore.kernel.org/linux-cve-announce/2025061824-CVE-2025-38029-47a6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38029", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38029" ], "PublishedDate": "2025-06-18T10:15:34.97Z", "LastModifiedDate": "2025-06-18T13:46:52.973Z" }, { "VulnerabilityID": "CVE-2025-38036", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38036", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/xe/vf: Perform early GT MMIO initialization to read GMDID", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Perform early GT MMIO initialization to read GMDID\n\nVFs need to communicate with the GuC to obtain the GMDID value\nand existing GuC functions used for that assume that the GT has\nit's MMIO members already setup. However, due to recent refactoring\nthe gt-\u003emmio is initialized later, and any attempt by the VF to use\nxe_mmio_read|write() from GuC functions will lead to NPD crash due\nto unset MMIO register address:\n\n[] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode\n[] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507\n[] BUG: unable to handle page fault for address: 0000000000190240\n\nSince we are already tweaking the id and type of the primary GT to\nmimic it's a Media GT before initializing the GuC communication,\nwe can also call xe_gt_mmio_init() to perform early setup of the\ngt-\u003emmio which will make those GuC functions work again.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38036", "https://git.kernel.org/linus/13265fe7426ec9ba5aa86baab913417ca361e8a4 (6.15-rc1)", "https://git.kernel.org/stable/c/13265fe7426ec9ba5aa86baab913417ca361e8a4", "https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2", "https://lore.kernel.org/linux-cve-announce/2025061826-CVE-2025-38036-0063@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38036", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38036" ], "PublishedDate": "2025-06-18T10:15:35.897Z", "LastModifiedDate": "2025-06-18T13:46:52.973Z" }, { "VulnerabilityID": "CVE-2025-38041", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38041", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h616: Reparent GPU clock during frequency changes\n\nThe H616 manual does not state that the GPU PLL supports\ndynamic frequency configuration, so we must take extra care when changing\nthe frequency. Currently any attempt to do device DVFS on the GPU lead\nto panfrost various ooops, and GPU hangs.\n\nThe manual describes the algorithm for changing the PLL\nfrequency, which the CPU PLL notifier code already support, so we reuse\nthat to reparent the GPU clock to GPU1 clock during frequency\nchanges.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38041", "https://git.kernel.org/linus/eb963d7948ce6571939c6875424b557b25f16610 (6.15-rc1)", "https://git.kernel.org/stable/c/1439673b78185eaaa5fae444b3a9d58c434ee78e", "https://git.kernel.org/stable/c/eb963d7948ce6571939c6875424b557b25f16610", "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2025-38041-7d47@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38041", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38041" ], "PublishedDate": "2025-06-18T10:15:36.533Z", "LastModifiedDate": "2025-06-18T13:46:52.973Z" }, { "VulnerabilityID": "CVE-2025-38042", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38042", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn\n\nThe user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can\nrun on multiple platforms having different DMA architectures.\nOn some platforms there can be one FDQ for all flows in the RX channel\nwhile for others there is a separate FDQ for each flow in the RX channel.\n\nSo far we have been relying on the skip_fdq argument of\nk3_udma_glue_reset_rx_chn().\n\nInstead of relying on the user to provide this information, infer it\nbased on DMA architecture during k3_udma_glue_request_rx_chn() and save it\nin an internal flag 'single_fdq'. Use that flag at\nk3_udma_glue_reset_rx_chn() to deicide if the FDQ needs\nto be cleared for every flow or just for flow 0.\n\nFixes the below issue on ti_am65_cpsw_nuss driver on AM62-SK.\n\n\u003e ip link set eth1 down\n\u003e ip link set eth0 down\n\u003e ethtool -L eth0 rx 8\n\u003e ip link set eth0 up\n\u003e modprobe -r ti_am65_cpsw_nuss\n\n[ 103.045726] ------------[ cut here ]------------\n[ 103.050505] k3_knav_desc_pool size 512000 != avail 64000\n[ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas\np drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r\nfkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool]\n[ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011\n[ 103.119968] Hardware name: Texas Instruments AM625 SK (DT)\n[ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.154709] sp : ffff8000826ebbc0\n[ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000\n[ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0\n[ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88\n[ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000\n[ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde\n[ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000\n[ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20\n[ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100\n[ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000\n[ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000\n[ 103.229274] Call trace:\n[ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P)\n[ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss]\n[ 103.244942] devm_action_release+0x14/0x20\n[ 103.249040] release_nodes+0x3c/0x68\n[ 103.252610] devres_release_all+0x8c/0xdc\n[ 103.256614] device_unbind_cleanup+0x18/0x60\n[ 103.260876] device_release_driver_internal+0xf8/0x178\n[ 103.266004] driver_detach+0x50/0x9c\n[ 103.269571] bus_remove_driver+0x6c/0xbc\n[ 103.273485] driver_unregister+0x30/0x60\n[ 103.277401] platform_driver_unregister+0x14/0x20\n[ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss]\n[ 103.288620] __arm64_sys_delete_module+0x17c/0x25c\n[ 103.293404] invoke_syscall+0x44/0x100\n[ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0\n[ 103.301845] do_el0_svc+0x1c/0x28\n[ 103.305155] el0_svc+0x28/0x98\n---truncated---", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38042", "https://git.kernel.org/linus/0da30874729baeb01889b0eca16cfda122687503 (6.15-rc1)", "https://git.kernel.org/stable/c/0da30874729baeb01889b0eca16cfda122687503", "https://git.kernel.org/stable/c/d0dd9d133ef8fdc894e0be9aa27dc49ef5f813cb", "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2025-38042-6f41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38042", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38042" ], "PublishedDate": "2025-06-18T10:15:36.657Z", "LastModifiedDate": "2025-06-18T13:46:52.973Z" }, { "VulnerabilityID": "CVE-2025-38064", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38064", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: virtio: break and reset virtio devices on device_shutdown()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region '(null)', reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38064", "https://git.kernel.org/linus/8bd2fa086a04886798b505f28db4002525895203 (6.15-rc1)", "https://git.kernel.org/stable/c/8bd2fa086a04886798b505f28db4002525895203", "https://git.kernel.org/stable/c/aee42f3d57bfa37b2716df4584edeecf63b9df4c", "https://lore.kernel.org/linux-cve-announce/2025061836-CVE-2025-38064-8108@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38064", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38064" ], "PublishedDate": "2025-06-18T10:15:39.34Z", "LastModifiedDate": "2025-06-18T13:46:52.973Z" }, { "VulnerabilityID": "CVE-2025-38105", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38105", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ALSA: usb-audio: Kill timer properly at removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we're at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38105", "https://git.kernel.org/linus/0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1 (6.16-rc1)", "https://git.kernel.org/stable/c/0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1", "https://git.kernel.org/stable/c/62066758d2ae169278e5d6aea5995b1b6f6ddeb5", "https://git.kernel.org/stable/c/647410a7da46067953a53c0d03f8680eff570959", "https://git.kernel.org/stable/c/c611b9e55174e439dcd85a72969b43a95f3827a4", "https://lore.kernel.org/linux-cve-announce/2025070322-CVE-2025-38105-dfcf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38105", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38105" ], "PublishedDate": "2025-07-03T09:15:23.997Z", "LastModifiedDate": "2025-10-12T12:15:54.88Z" }, { "VulnerabilityID": "CVE-2025-38137", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38137", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\n\nIt's possible to trigger use-after-free here by:\n\n (a) forcing rescan_work_func() to take a long time and\n (b) utilizing a pwrctrl driver that may be unloaded for some reason\n\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n\n[bhelgaas: tidy commit log]", "Severity": "HIGH", "VendorSeverity": { "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38137", "https://bugzilla.redhat.com/show_bug.cgi?id=2334820", "https://bugzilla.redhat.com/show_bug.cgi?id=2373383", "https://bugzilla.redhat.com/show_bug.cgi?id=2375303", "https://bugzilla.redhat.com/show_bug.cgi?id=2375304", "https://bugzilla.redhat.com/show_bug.cgi?id=2376064", "https://bugzilla.redhat.com/show_bug.cgi?id=2376078", "https://bugzilla.redhat.com/show_bug.cgi?id=2379219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38137", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38159", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38292", "https://errata.rockylinux.org/RLSA-2025:13598", "https://git.kernel.org/linus/8b926f237743f020518162c62b93cb7107a2b5eb (6.16-rc1)", "https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb", "https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5", "https://linux.oracle.com/cve/CVE-2025-38137.html", "https://linux.oracle.com/errata/ELSA-2025-13598.html", "https://lore.kernel.org/linux-cve-announce/2025070332-CVE-2025-38137-d4bf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38137", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38137" ], "PublishedDate": "2025-07-03T09:15:28.24Z", "LastModifiedDate": "2025-07-03T15:13:53.147Z" }, { "VulnerabilityID": "CVE-2025-38140", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38140", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: dm: limit swapping tables for devices with zone write plugs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: limit swapping tables for devices with zone write plugs\n\ndm_revalidate_zones() only allowed new or previously unzoned devices to\ncall blk_revalidate_disk_zones(). If the device was already zoned,\ndisk-\u003enr_zones would always equal md-\u003enr_zones, so dm_revalidate_zones()\nreturned without doing any work. This would make the zoned settings for\nthe device not match the new table. If the device had zone write plug\nresources, it could run into errors like bdev_zone_is_seq() reading\ninvalid memory because disk-\u003econv_zones_bitmap was the wrong size.\n\nIf the device doesn't have any zone write plug resources, calling\nblk_revalidate_disk_zones() will always correctly update device. If\nblk_revalidate_disk_zones() fails, it can still overwrite or clear the\ncurrent disk-\u003enr_zones value. In this case, DM must restore the previous\nvalue of disk-\u003enr_zones, so that the zoned settings will continue to\nmatch the previous value that it fell back to.\n\nIf the device already has zone write plug resources,\nblk_revalidate_disk_zones() will not correctly update them, if it is\ncalled for arbitrary zoned device changes. Since there is not much need\nfor this ability, the easiest solution is to disallow any table reloads\nthat change the zoned settings, for devices that already have zone plug\nresources. Specifically, if a device already has zone plug resources\nallocated, it can only switch to another zoned table that also emulates\nzone append. Also, it cannot change the device size or the zone size. A\ndevice can switch to an error target.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38140", "https://git.kernel.org/linus/121218bef4c1df165181f5cd8fc3a2246bac817e (6.16-rc1)", "https://git.kernel.org/stable/c/121218bef4c1df165181f5cd8fc3a2246bac817e", "https://git.kernel.org/stable/c/ac8acb0bfd98a1c65f3ca9a3e217a766124eebd8", "https://lore.kernel.org/linux-cve-announce/2025070333-CVE-2025-38140-0ba9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38140", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38140" ], "PublishedDate": "2025-07-03T09:15:28.617Z", "LastModifiedDate": "2025-07-03T15:13:53.147Z" }, { "VulnerabilityID": "CVE-2025-38248", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38248", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: bridge: mcast: Fix use-after-free during router port configuration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38248", "https://git.kernel.org/linus/7544f3f5b0b58c396f374d060898b5939da31709 (6.16-rc4)", "https://git.kernel.org/stable/c/7544f3f5b0b58c396f374d060898b5939da31709", "https://git.kernel.org/stable/c/f05a4f9e959e0fc098046044c650acf897ea52d2", "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38248-003c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38248", "https://www.cve.org/CVERecord?id=CVE-2025-38248" ], "PublishedDate": "2025-07-09T11:15:26.963Z", "LastModifiedDate": "2025-07-10T13:17:30.017Z" }, { "VulnerabilityID": "CVE-2025-38311", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38311", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: iavf: get rid of the crit lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: get rid of the crit lock\n\nGet rid of the crit lock.\nThat frees us from the error prone logic of try_locks.\n\nThanks to netdev_lock() by Jakub it is now easy, and in most cases we were\nprotected by it already - replace crit lock by netdev lock when it was not\nthe case.\n\nLockdep reports that we should cancel the work under crit_lock [splat1],\nand that was the scheme we have mostly followed since [1] by Slawomir.\nBut when that is done we still got into deadlocks [splat2]. So instead\nwe should look at the bigger problem, namely \"weird locking/scheduling\"\nof the iavf. The first step to fix that is to remove the crit lock.\nI will followup with a -next series that simplifies scheduling/tasks.\n\nCancel the work without netdev lock (weird unlock+lock scheme),\nto fix the [splat2] (which would be totally ugly if we would kept\nthe crit lock).\n\nExtend protected part of iavf_watchdog_task() to include scheduling\nmore work.\n\nNote that the removed comment in iavf_reset_task() was misplaced,\nit belonged to inside of the removed if condition, so it's gone now.\n\n[splat1] - w/o this patch - The deadlock during VF removal:\n WARNING: possible circular locking dependency detected\n sh/3825 is trying to acquire lock:\n ((work_completion)(\u0026(\u0026adapter-\u003ewatchdog_task)-\u003ework)){+.+.}-{0:0}, at: start_flush_work+0x1a1/0x470\n but task is already holding lock:\n (\u0026adapter-\u003ecrit_lock){+.+.}-{4:4}, at: iavf_remove+0xd1/0x690 [iavf]\n which lock already depends on the new lock.\n\n[splat2] - when cancelling work under crit lock, w/o this series,\n\t see [2] for the band aid attempt\n WARNING: possible circular locking dependency detected\n sh/3550 is trying to acquire lock:\n ((wq_completion)iavf){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x26/0x90\n but task is already holding lock:\n (\u0026dev-\u003elock){+.+.}-{4:4}, at: iavf_remove+0xa6/0x6e0 [iavf]\n which lock already depends on the new lock.\n\n[1] fc2e6b3b132a (\"iavf: Rework mutexes for better synchronisation\")\n[2] https://github.com/pkitszel/linux/commit/52dddbfc2bb60294083f5711a158a", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38311", "https://git.kernel.org/linus/120f28a6f314fef7f282c99f196923fe44081cad (6.16-rc1)", "https://git.kernel.org/stable/c/120f28a6f314fef7f282c99f196923fe44081cad", "https://git.kernel.org/stable/c/620ab4d6215de0b25227f9fff1a8c7fb66837cb8", "https://lore.kernel.org/linux-cve-announce/2025071015-CVE-2025-38311-2a53@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38311", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38311" ], "PublishedDate": "2025-07-10T08:15:30.01Z", "LastModifiedDate": "2025-07-10T13:17:30.017Z" }, { "VulnerabilityID": "CVE-2025-38322", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38322", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: perf/x86/intel: Fix crash in icl_update_topdown_event()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Fix crash in icl_update_topdown_event()\n\nThe perf_fuzzer found a hard-lockup crash on a RaptorLake machine:\n\n Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000\n CPU: 23 UID: 0 PID: 0 Comm: swapper/23\n Tainted: [W]=WARN\n Hardware name: Dell Inc. Precision 9660/0VJ762\n RIP: 0010:native_read_pmc+0x7/0x40\n Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ...\n RSP: 000:fffb03100273de8 EFLAGS: 00010046\n ....\n Call Trace:\n \u003cTASK\u003e\n icl_update_topdown_event+0x165/0x190\n ? ktime_get+0x38/0xd0\n intel_pmu_read_event+0xf9/0x210\n __perf_event_read+0xf9/0x210\n\nCPUs 16-23 are E-core CPUs that don't support the perf metrics feature.\nThe icl_update_topdown_event() should not be invoked on these CPUs.\n\nIt's a regression of commit:\n\n f9bdf1f95339 (\"perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read\")\n\nThe bug introduced by that commit is that the is_topdown_event() function\nis mistakenly used to replace the is_topdown_count() call to check if the\ntopdown functions for the perf metrics feature should be invoked.\n\nFix it.", "Severity": "HIGH", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38322", "https://git.kernel.org/linus/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed (6.16-rc3)", "https://git.kernel.org/stable/c/702ea6028032d6c1fe96c2d4762a3575e3654819", "https://git.kernel.org/stable/c/79e2dd573116d3338507c311460da9669095c94d", "https://git.kernel.org/stable/c/a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f", "https://git.kernel.org/stable/c/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed", "https://git.kernel.org/stable/c/e97c45c770f5e56c784a46c2a96ab968d26b97d9", "https://lore.kernel.org/linux-cve-announce/2025071031-CVE-2025-38322-810a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38322", "https://www.cve.org/CVERecord?id=CVE-2025-38322" ], "PublishedDate": "2025-07-10T09:15:26.24Z", "LastModifiedDate": "2025-09-25T10:15:31.257Z" }, { "VulnerabilityID": "CVE-2025-39677", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39677", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net/sched: Fix backlog accounting in qdisc_dequeue_internal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix backlog accounting in qdisc_dequeue_internal\n\nThis issue applies for the following qdiscs: hhf, fq, fq_codel, and\nfq_pie, and occurs in their change handlers when adjusting to the new\nlimit. The problem is the following in the values passed to the\nsubsequent qdisc_tree_reduce_backlog call given a tbf parent:\n\n When the tbf parent runs out of tokens, skbs of these qdiscs will\n be placed in gso_skb. Their peek handlers are qdisc_peek_dequeued,\n which accounts for both qlen and backlog. However, in the case of\n qdisc_dequeue_internal, ONLY qlen is accounted for when pulling\n from gso_skb. This means that these qdiscs are missing a\n qdisc_qstats_backlog_dec when dropping packets to satisfy the\n new limit in their change handlers.\n\n One can observe this issue with the following (with tc patched to\n support a limit of 0):\n\n export TARGET=fq\n tc qdisc del dev lo root\n tc qdisc add dev lo root handle 1: tbf rate 8bit burst 100b latency 1ms\n tc qdisc replace dev lo handle 3: parent 1:1 $TARGET limit 1000\n echo ''; echo 'add child'; tc -s -d qdisc show dev lo\n ping -I lo -f -c2 -s32 -W0.001 127.0.0.1 2\u003e\u00261 \u003e/dev/null\n echo ''; echo 'after ping'; tc -s -d qdisc show dev lo\n tc qdisc change dev lo handle 3: parent 1:1 $TARGET limit 0\n echo ''; echo 'after limit drop'; tc -s -d qdisc show dev lo\n tc qdisc replace dev lo handle 2: parent 1:1 sfq\n echo ''; echo 'post graft'; tc -s -d qdisc show dev lo\n\n The second to last show command shows 0 packets but a positive\n number (74) of backlog bytes. The problem becomes clearer in the\n last show command, where qdisc_purge_queue triggers\n qdisc_tree_reduce_backlog with the positive backlog and causes an\n underflow in the tbf parent's backlog (4096 Mb instead of 0).\n\nTo fix this issue, the codepath for all clients of qdisc_dequeue_internal\nhas been simplified: codel, pie, hhf, fq, fq_pie, and fq_codel.\nqdisc_dequeue_internal handles the backlog adjustments for all cases that\ndo not directly use the dequeue handler.\n\nThe old fq_codel_change limit adjustment loop accumulated the arguments to\nthe subsequent qdisc_tree_reduce_backlog call through the cstats field.\nHowever, this is confusing and error prone as fq_codel_dequeue could also\npotentially mutate this field (which qdisc_dequeue_internal calls in the\nnon gso_skb case), so we have unified the code here with other qdiscs.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39677", "https://git.kernel.org/linus/52bf272636bda69587952b35ae97690b8dc89941 (6.17-rc3)", "https://git.kernel.org/stable/c/52bf272636bda69587952b35ae97690b8dc89941", "https://git.kernel.org/stable/c/a225f44d84b8900d679c5f5a9ea46fe9c0cc7802", "https://lore.kernel.org/linux-cve-announce/2025090544-CVE-2025-39677-5733@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39677", "https://www.cve.org/CVERecord?id=CVE-2025-39677" ], "PublishedDate": "2025-09-05T18:15:44.043Z", "LastModifiedDate": "2025-09-08T16:25:38.81Z" }, { "VulnerabilityID": "CVE-2025-39775", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39775", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mm/mremap: fix WARN with uffd that has remap events disabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mremap: fix WARN with uffd that has remap events disabled\n\nRegistering userfaultd on a VMA that spans at least one PMD and then\nmremap()'ing that VMA can trigger a WARN when recovering from a failed\npage table move due to a page table allocation error.\n\nThe code ends up doing the right thing (recurse, avoiding moving actual\npage tables), but triggering that WARN is unpleasant:\n\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_normal_pmd mm/mremap.c:357 [inline]\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_pgt_entry mm/mremap.c:595 [inline]\nWARNING: CPU: 2 PID: 6133 at mm/mremap.c:357 move_page_tables+0x3832/0x44a0 mm/mremap.c:852\nModules linked in:\nCPU: 2 UID: 0 PID: 6133 Comm: syz.0.19 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:move_normal_pmd mm/mremap.c:357 [inline]\nRIP: 0010:move_pgt_entry mm/mremap.c:595 [inline]\nRIP: 0010:move_page_tables+0x3832/0x44a0 mm/mremap.c:852\nCode: ...\nRSP: 0018:ffffc900037a76d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000032930007 RCX: ffffffff820c6645\nRDX: ffff88802e56a440 RSI: ffffffff820c7201 RDI: 0000000000000007\nRBP: ffff888037728fc0 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000032930007 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffc900037a79a8 R14: 0000000000000001 R15: dffffc0000000000\nFS: 000055556316a500(0000) GS:ffff8880d68bc000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b30863fff CR3: 0000000050171000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n copy_vma_and_data+0x468/0x790 mm/mremap.c:1215\n move_vma+0x548/0x1780 mm/mremap.c:1282\n mremap_to+0x1b7/0x450 mm/mremap.c:1406\n do_mremap+0xfad/0x1f80 mm/mremap.c:1921\n __do_sys_mremap+0x119/0x170 mm/mremap.c:1977\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f00d0b8ebe9\nCode: ...\nRSP: 002b:00007ffe5ea5ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000019\nRAX: ffffffffffffffda RBX: 00007f00d0db5fa0 RCX: 00007f00d0b8ebe9\nRDX: 0000000000400000 RSI: 0000000000c00000 RDI: 0000200000000000\nRBP: 00007ffe5ea5eef0 R08: 0000200000c00000 R09: 0000000000000000\nR10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002\nR13: 00007f00d0db5fa0 R14: 00007f00d0db5fa0 R15: 0000000000000005\n \u003c/TASK\u003e\n\nThe underlying issue is that we recurse during the original page table\nmove, but not during the recovery move.\n\nFix it by checking for both VMAs and performing the check before the\npmd_none() sanity check.\n\nAdd a new helper where we perform+document that check for the PMD and PUD\nlevel.\n\nThanks to Harry for bisecting.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39775", "https://git.kernel.org/linus/772e5b4a5e8360743645b9a466842d16092c4f94 (6.17-rc3)", "https://git.kernel.org/stable/c/772e5b4a5e8360743645b9a466842d16092c4f94", "https://git.kernel.org/stable/c/d70ca21f7bff162a5afae1ddd6f4107adf05ae23", "https://lore.kernel.org/linux-cve-announce/2025091147-CVE-2025-39775-4e21@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39775", "https://www.cve.org/CVERecord?id=CVE-2025-39775" ], "PublishedDate": "2025-09-11T17:15:43.32Z", "LastModifiedDate": "2025-09-15T15:22:38.297Z" }, { "VulnerabilityID": "CVE-2025-39905", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39905", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net: phylink: add lock for serializing concurrent pl-\u003ephydev writes with resolver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phylink: add lock for serializing concurrent pl-\u003ephydev writes with resolver\n\nCurrently phylink_resolve() protects itself against concurrent\nphylink_bringup_phy() or phylink_disconnect_phy() calls which modify\npl-\u003ephydev by relying on pl-\u003estate_mutex.\n\nThe problem is that in phylink_resolve(), pl-\u003estate_mutex is in a lock\ninversion state with pl-\u003ephydev-\u003elock. So pl-\u003ephydev-\u003elock needs to be\nacquired prior to pl-\u003estate_mutex. But that requires dereferencing\npl-\u003ephydev in the first place, and without pl-\u003estate_mutex, that is\nracy.\n\nHence the reason for the extra lock. Currently it is redundant, but it\nwill serve a functional purpose once mutex_lock(\u0026phy-\u003elock) will be\nmoved outside of the mutex_lock(\u0026pl-\u003estate_mutex) section.\n\nAnother alternative considered would have been to let phylink_resolve()\nacquire the rtnl_mutex, which is also held when phylink_bringup_phy()\nand phylink_disconnect_phy() are called. But since phylink_disconnect_phy()\nruns under rtnl_lock(), it would deadlock with phylink_resolve() when\ncalling flush_work(\u0026pl-\u003eresolve). Additionally, it would have been\nundesirable because it would have unnecessarily blocked many other call\npaths as well in the entire kernel, so the smaller-scoped lock was\npreferred.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39905", "https://git.kernel.org/linus/0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3 (6.17-rc6)", "https://git.kernel.org/stable/c/0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3", "https://git.kernel.org/stable/c/56fe63b05ec84ae6674269d78397cec43a7a295a", "https://lore.kernel.org/linux-cve-announce/2025100108-CVE-2025-39905-157f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39905", "https://www.cve.org/CVERecord?id=CVE-2025-39905" ], "PublishedDate": "2025-10-01T08:15:33.37Z", "LastModifiedDate": "2025-10-02T19:12:17.16Z" }, { "VulnerabilityID": "CVE-2025-39910", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39910", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()\n\nkasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and\nalways allocate memory using the hardcoded GFP_KERNEL flag. This makes\nthem inconsistent with vmalloc(), which was recently extended to support\nGFP_NOFS and GFP_NOIO allocations.\n\nPage table allocations performed during shadow population also ignore the\nexternal gfp_mask. To preserve the intended semantics of GFP_NOFS and\nGFP_NOIO, wrap the apply_to_page_range() calls into the appropriate\nmemalloc scope.\n\nxfs calls vmalloc with GFP_NOFS, so this bug could lead to deadlock.\n\nThere was a report here\nhttps://lkml.kernel.org/r/686ea951.050a0220.385921.0016.GAE@google.com\n\nThis patch:\n - Extends kasan_populate_vmalloc() and helpers to take gfp_mask;\n - Passes gfp_mask down to alloc_pages_bulk() and __get_free_page();\n - Enforces GFP_NOFS/NOIO semantics with memalloc_*_save()/restore()\n around apply_to_page_range();\n - Updates vmalloc.c and percpu allocator call sites accordingly.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39910", "https://git.kernel.org/linus/79357cd06d41d0f5a11b17d7c86176e395d10ef2 (6.17-rc6)", "https://git.kernel.org/stable/c/33b95d90427cb4babf32059e323a6d0c027610fe", "https://git.kernel.org/stable/c/79357cd06d41d0f5a11b17d7c86176e395d10ef2", "https://lore.kernel.org/linux-cve-announce/2025100110-CVE-2025-39910-568a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39910", "https://www.cve.org/CVERecord?id=CVE-2025-39910" ], "PublishedDate": "2025-10-01T08:15:33.993Z", "LastModifiedDate": "2025-10-02T19:12:17.16Z" }, { "VulnerabilityID": "CVE-2025-39925", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39925", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: can: j1939: implement NETDEV_UNREGISTER notification handler", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: implement NETDEV_UNREGISTER notification handler\n\nsyzbot is reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\nproblem, for j1939 protocol did not have NETDEV_UNREGISTER notification\nhandler for undoing changes made by j1939_sk_bind().\n\nCommit 25fe97cb7620 (\"can: j1939: move j1939_priv_put() into sk_destruct\ncallback\") expects that a call to j1939_priv_put() can be unconditionally\ndelayed until j1939_sk_sock_destruct() is called. But we need to call\nj1939_priv_put() against an extra ref held by j1939_sk_bind() call\n(as a part of undoing changes made by j1939_sk_bind()) as soon as\nNETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct()\nis called via j1939_sk_release()). Otherwise, the extra ref on \"struct\nj1939_priv\" held by j1939_sk_bind() call prevents \"struct net_device\" from\ndropping the usage count to 1; making it impossible for\nunregister_netdevice() to continue.\n\n[mkl: remove space in front of label]", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39925", "https://git.kernel.org/linus/7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a (6.17-rc6)", "https://git.kernel.org/stable/c/7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a", "https://git.kernel.org/stable/c/da9e8f429139928570407e8f90559b5d46c20262", "https://lore.kernel.org/linux-cve-announce/2025100124-CVE-2025-39925-bcec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39925", "https://www.cve.org/CVERecord?id=CVE-2025-39925" ], "PublishedDate": "2025-10-01T08:15:35.857Z", "LastModifiedDate": "2025-10-02T19:12:17.16Z" }, { "VulnerabilityID": "CVE-2025-39931", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39931", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: crypto: af_alg - Set merge to zero early in af_alg_sendmsg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can't be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.", "Severity": "HIGH", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39931", "https://git.kernel.org/linus/9574b2330dbd2b5459b74d3b5e9619d39299fc6f (6.17-rc7)", "https://git.kernel.org/stable/c/045ee26aa3920a47ec46d7fcb302420bf01fd753", "https://git.kernel.org/stable/c/2374c11189ef704a3e4863646369f1b8e6a27d71", "https://git.kernel.org/stable/c/24c1106504c625fabd3b7229611af617b4c27ac7", "https://git.kernel.org/stable/c/6241b9e2809b12da9130894cf5beddf088dc1b8a", "https://git.kernel.org/stable/c/9574b2330dbd2b5459b74d3b5e9619d39299fc6f", "https://lore.kernel.org/linux-cve-announce/2025100416-CVE-2025-39931-8ff7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39931", "https://www.cve.org/CVERecord?id=CVE-2025-39931" ], "PublishedDate": "2025-10-04T08:15:45.827Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39932", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39932", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: smb: client: let smbd_destroy() call disable_work_sync(\u0026#38;info-\u003epost_send_credits_work)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: let smbd_destroy() call disable_work_sync(\u0026info-\u003epost_send_credits_work)\n\nIn smbd_destroy() we may destroy the memory so we better\nwait until post_send_credits_work is no longer pending\nand will never be started again.\n\nI actually just hit the case using rxe:\n\nWARNING: CPU: 0 PID: 138 at drivers/infiniband/sw/rxe/rxe_verbs.c:1032 rxe_post_recv+0x1ee/0x480 [rdma_rxe]\n...\n[ 5305.686979] [ T138] smbd_post_recv+0x445/0xc10 [cifs]\n[ 5305.687135] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687149] [ T138] ? __kasan_check_write+0x14/0x30\n[ 5305.687185] [ T138] ? __pfx_smbd_post_recv+0x10/0x10 [cifs]\n[ 5305.687329] [ T138] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 5305.687356] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687368] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687378] [ T138] ? _raw_spin_unlock_irqrestore+0x11/0x60\n[ 5305.687389] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687399] [ T138] ? get_receive_buffer+0x168/0x210 [cifs]\n[ 5305.687555] [ T138] smbd_post_send_credits+0x382/0x4b0 [cifs]\n[ 5305.687701] [ T138] ? __pfx_smbd_post_send_credits+0x10/0x10 [cifs]\n[ 5305.687855] [ T138] ? __pfx___schedule+0x10/0x10\n[ 5305.687865] [ T138] ? __pfx__raw_spin_lock_irq+0x10/0x10\n[ 5305.687875] [ T138] ? queue_delayed_work_on+0x8e/0xa0\n[ 5305.687889] [ T138] process_one_work+0x629/0xf80\n[ 5305.687908] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687917] [ T138] ? __kasan_check_write+0x14/0x30\n[ 5305.687933] [ T138] worker_thread+0x87f/0x1570\n...\n\nIt means rxe_post_recv was called after rdma_destroy_qp().\nThis happened because put_receive_buffer() was triggered\nby ib_drain_qp() and called:\nqueue_work(info-\u003eworkqueue, \u0026info-\u003epost_send_credits_work);", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39932", "https://git.kernel.org/linus/d9dcbbcf9145b68aa85c40947311a6907277e097 (6.17-rc7)", "https://git.kernel.org/stable/c/3fabb1236f2e3ad78d531be0a4ad9f4a4ccdda87", "https://git.kernel.org/stable/c/6ae90a2baf923e85eb037b636aa641250bf4220f", "https://git.kernel.org/stable/c/d9dcbbcf9145b68aa85c40947311a6907277e097", "https://lore.kernel.org/linux-cve-announce/2025100416-CVE-2025-39932-bdaf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39932", "https://www.cve.org/CVERecord?id=CVE-2025-39932" ], "PublishedDate": "2025-10-04T08:15:45.953Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39933", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39933", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: let recv_done verify data_offset, data_length and remaining_data_length\n\nThis is inspired by the related server fixes.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39933", "https://git.kernel.org/linus/f57e53ea252363234f86674db475839e5b87102e (6.17-rc7)", "https://git.kernel.org/stable/c/581fb78e0388b78911b0c920e4073737090c8b5f", "https://git.kernel.org/stable/c/f57e53ea252363234f86674db475839e5b87102e", "https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39933-e224@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39933", "https://www.cve.org/CVERecord?id=CVE-2025-39933" ], "PublishedDate": "2025-10-04T08:15:46.09Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39947", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39947", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net/mlx5e: Harden uplink netdev access against device unbind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39947", "https://git.kernel.org/linus/6b4be64fd9fec16418f365c2d8e47a7566e9eba5 (6.17-rc7)", "https://git.kernel.org/stable/c/2cb17c88edd3a1c7aa6bc880dcdb35a6866fcb2e", "https://git.kernel.org/stable/c/6b4be64fd9fec16418f365c2d8e47a7566e9eba5", "https://git.kernel.org/stable/c/8df354eb2dd63d111ed5ae2e956e0dbb22bcf93b", "https://git.kernel.org/stable/c/d1f3db4e7a3be29fc17f01850f162363f919370d", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2025-39947-6872@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39947", "https://www.cve.org/CVERecord?id=CVE-2025-39947" ], "PublishedDate": "2025-10-04T08:15:47.867Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39948", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39948", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ice: fix Rx page leak on multi-buffer frames", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don't get added\nas fragments in ice_add_xdp_frag. Since the buffer isn't counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don't\ncall ice_put_rx_buf().\n\nBecause we don't call ice_put_rx_buf(), we don't attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don't\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn't check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39948", "https://git.kernel.org/linus/84bf1ac85af84d354c7a2fdbdc0d4efc8aaec34b (6.17-rc7)", "https://git.kernel.org/stable/c/80555adb5c892f0e21d243ae96ed997ee520aea9", "https://git.kernel.org/stable/c/84bf1ac85af84d354c7a2fdbdc0d4efc8aaec34b", "https://git.kernel.org/stable/c/fcb5718ebfe7fd64144e3399280440cce361a3ae", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2025-39948-7074@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39948", "https://www.cve.org/CVERecord?id=CVE-2025-39948" ], "PublishedDate": "2025-10-04T08:15:47.99Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39949", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39949", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: qed: Don't collect too many protection override GRC elements", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don't collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc'ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware's return value to the maximum\nnumber of legal elements the firmware should return.", "Severity": "HIGH", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39949", "https://git.kernel.org/linus/56c0a2a9ddc2f5b5078c5fb0f81ab76bbc3d4c37 (6.17-rc7)", "https://git.kernel.org/stable/c/25672c620421fa2105703a94a29a03487245e6d6", "https://git.kernel.org/stable/c/56c0a2a9ddc2f5b5078c5fb0f81ab76bbc3d4c37", "https://git.kernel.org/stable/c/660b2a8f5a306a28c7efc1b4990ecc4912a68f87", "https://git.kernel.org/stable/c/70affe82e38fd3dc76b9c68b5a1989f11e7fa0f3", "https://git.kernel.org/stable/c/8141910869596b7a3a5d9b46107da2191d523f82", "https://git.kernel.org/stable/c/e0e24571a7b2f8c8f06e25d3417253ebbdbc8d5c", "https://git.kernel.org/stable/c/ea53e6a47e148b490b1c652fc65d2de5a086df76", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2025-39949-d909@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39949", "https://www.cve.org/CVERecord?id=CVE-2025-39949" ], "PublishedDate": "2025-10-04T08:15:48.12Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39955", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39955", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet's call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e", "Severity": "HIGH", "VendorSeverity": { "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39955", "https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99", "https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609", "https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01", "https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6", "https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0", "https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb", "https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753", "https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9", "https://lore.kernel.org/linux-cve-announce/2025100942-CVE-2025-39955-f36b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39955", "https://www.cve.org/CVERecord?id=CVE-2025-39955" ], "PublishedDate": "2025-10-09T10:15:36.22Z", "LastModifiedDate": "2025-10-09T15:50:04.013Z" }, { "VulnerabilityID": "CVE-2025-39956", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39956", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: igc: don't fail igc_probe() on LED setup error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: don't fail igc_probe() on LED setup error\n\nWhen igc_led_setup() fails, igc_probe() fails and triggers kernel panic\nin free_netdev() since unregister_netdev() is not called. [1]\nThis behavior can be tested using fault-injection framework, especially\nthe failslab feature. [2]\n\nSince LED support is not mandatory, treat LED setup failures as\nnon-fatal and continue probe with a warning message, consequently\navoiding the kernel panic.\n\n[1]\n kernel BUG at net/core/dev.c:12047!\n Oops: invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 0 UID: 0 PID: 937 Comm: repro-igc-led-e Not tainted 6.17.0-rc4-enjuk-tnguy-00865-gc4940196ab02 #64 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:free_netdev+0x278/0x2b0\n [...]\n Call Trace:\n \u003cTASK\u003e\n igc_probe+0x370/0x910\n local_pci_probe+0x3a/0x80\n pci_device_probe+0xd1/0x200\n [...]\n\n[2]\n #!/bin/bash -ex\n\n FAILSLAB_PATH=/sys/kernel/debug/failslab/\n DEVICE=0000:00:05.0\n START_ADDR=$(grep \" igc_led_setup\" /proc/kallsyms \\\n | awk '{printf(\"0x%s\", $1)}')\n END_ADDR=$(printf \"0x%x\" $((START_ADDR + 0x100)))\n\n echo $START_ADDR \u003e $FAILSLAB_PATH/require-start\n echo $END_ADDR \u003e $FAILSLAB_PATH/require-end\n echo 1 \u003e $FAILSLAB_PATH/times\n echo 100 \u003e $FAILSLAB_PATH/probability\n echo N \u003e $FAILSLAB_PATH/ignore-gfp-wait\n\n echo $DEVICE \u003e /sys/bus/pci/drivers/igc/bind", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39956", "https://git.kernel.org/stable/c/528eb4e19ec0df30d0c9ae4074ce945667dde919", "https://git.kernel.org/stable/c/bec504867acc7315de9cd96ef9161fa52a25abe8", "https://git.kernel.org/stable/c/f05e82d8553232cef150a6dbb70ed67d162abb2b", "https://lore.kernel.org/linux-cve-announce/2025100942-CVE-2025-39956-52bf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39956", "https://www.cve.org/CVERecord?id=CVE-2025-39956" ], "PublishedDate": "2025-10-09T10:15:36.813Z", "LastModifiedDate": "2025-10-09T15:50:04.013Z" }, { "VulnerabilityID": "CVE-2025-39966", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39966", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: iommufd: Fix race during abort for file descriptors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix race during abort for file descriptors\n\nfput() doesn't actually call file_operations release() synchronously, it\nputs the file on a work queue and it will be released eventually.\n\nThis is normally fine, except for iommufd the file and the iommufd_object\nare tied to gether. The file has the object as it's private_data and holds\na users refcount, while the object is expected to remain alive as long as\nthe file is.\n\nWhen the allocation of a new object aborts before installing the file it\nwill fput() the file and then go on to immediately kfree() the obj. This\ncauses a UAF once the workqueue completes the fput() and tries to\ndecrement the users refcount.\n\nFix this by putting the core code in charge of the file lifetime, and call\n__fput_sync() during abort to ensure that release() is called before\nkfree. __fput_sync() is a bit too tricky to open code in all the object\nimplementations. Instead the objects tell the core code where the file\npointer is and the core will take care of the life cycle.\n\nIf the object is successfully allocated then the file will hold a users\nrefcount and the iommufd_object cannot be destroyed.\n\nIt is worth noting that close(); ioctl(IOMMU_DESTROY); doesn't have an\nissue because close() is already using a synchronous version of fput().\n\nThe UAF looks like this:\n\n BUG: KASAN: slab-use-after-free in iommufd_eventq_fops_release+0x45/0xc0 drivers/iommu/iommufd/eventq.c:376\n Write of size 4 at addr ffff888059c97804 by task syz.0.46/6164\n\n CPU: 0 UID: 0 PID: 6164 Comm: syz.0.46 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcd/0x630 mm/kasan/report.c:482\n kasan_report+0xe0/0x110 mm/kasan/report.c:595\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:400 [inline]\n __refcount_dec include/linux/refcount.h:455 [inline]\n refcount_dec include/linux/refcount.h:476 [inline]\n iommufd_eventq_fops_release+0x45/0xc0 drivers/iommu/iommufd/eventq.c:376\n __fput+0x402/0xb70 fs/file_table.c:468\n task_work_run+0x14d/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n do_syscall_64+0x41c/0x4c0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39966", "https://git.kernel.org/linus/4e034bf045b12852a24d5d33f2451850818ba0c1 (6.17)", "https://git.kernel.org/stable/c/17195a7d754a5c6a31888702ca93f6f08f3383ad", "https://git.kernel.org/stable/c/4e034bf045b12852a24d5d33f2451850818ba0c1", "https://git.kernel.org/stable/c/e4825368285e33d6360c6c6a6a10d2d83da06e55", "https://lore.kernel.org/linux-cve-announce/2025101553-CVE-2025-39966-736b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39966", "https://www.cve.org/CVERecord?id=CVE-2025-39966" ], "PublishedDate": "2025-10-15T08:15:34.043Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39968", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39968", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: i40e: add max boundary check for VF filters", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39968", "https://git.kernel.org/linus/cb79fa7118c150c3c76a327894bb2eb878c02619 (6.17)", "https://git.kernel.org/stable/c/02aae5fcdd34c3a55a243d80a1b328a35852a35c", "https://git.kernel.org/stable/c/77a35be582dff4c80442ebcdce24d45eed8a6ce4", "https://git.kernel.org/stable/c/8b13df5aa877b9e4541e301a58a84c42d84d2d9a", "https://git.kernel.org/stable/c/9176e18681cb0d34c5acc87bda224f5652af2ab8", "https://git.kernel.org/stable/c/cb79fa7118c150c3c76a327894bb2eb878c02619", "https://git.kernel.org/stable/c/d33e5d6631ac4fddda235a7815babc9d3f124299", "https://git.kernel.org/stable/c/e490d8c5a54e0dd1ab22417d72c3a7319cf0f030", "https://git.kernel.org/stable/c/edecce7abd7152b48e279b4fa0a883d1839bb577", "https://lore.kernel.org/linux-cve-announce/2025101555-CVE-2025-39968-ca60@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39968", "https://www.cve.org/CVERecord?id=CVE-2025-39968" ], "PublishedDate": "2025-10-15T08:15:34.35Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39969", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39969", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: i40e: fix validation of VF state in get resources", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39969", "https://git.kernel.org/linus/877b7e6ffc23766448236e8732254534c518ba42 (6.17)", "https://git.kernel.org/stable/c/185745d56ec958bf8aa773828213237dfcc32f5a", "https://git.kernel.org/stable/c/6128bbc7adc25c87c2f64b5eb66a280b78ef7ab7", "https://git.kernel.org/stable/c/6c3981fd59ef11a75005ac9978f034da5a168b6a", "https://git.kernel.org/stable/c/877b7e6ffc23766448236e8732254534c518ba42", "https://git.kernel.org/stable/c/8e35c80f8570426fe0f0cc92b151ebd835975f22", "https://git.kernel.org/stable/c/a991dc56d3e9a2c3db87d0c3f03c24f6595400f1", "https://git.kernel.org/stable/c/e748f1ee493f88e38b77363a60499f979d42c58a", "https://git.kernel.org/stable/c/f47876788a23de296c42ef9d505b5c1630f0b4b8", "https://lore.kernel.org/linux-cve-announce/2025101555-CVE-2025-39969-fbee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39969", "https://www.cve.org/CVERecord?id=CVE-2025-39969" ], "PublishedDate": "2025-10-15T08:15:34.483Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39970", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39970", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: i40e: fix input validation logic for action_meta", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check 'greater or equal' to prevent OOB dereference.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39970", "https://git.kernel.org/linus/9739d5830497812b0bdeaee356ddefbe60830b88 (6.17)", "https://git.kernel.org/stable/c/28465770ca3b694286ff9ed6dfd558413f57d98f", "https://git.kernel.org/stable/c/3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b", "https://git.kernel.org/stable/c/3883e9702b6a4945e93b16c070f338a9f5b496f9", "https://git.kernel.org/stable/c/461e0917eedcd159d87f3ea846754a1e07d7e78a", "https://git.kernel.org/stable/c/560e1683410585fbd5df847f43433c4296f0d222", "https://git.kernel.org/stable/c/9739d5830497812b0bdeaee356ddefbe60830b88", "https://git.kernel.org/stable/c/a88c1b2746eccf00e2094b187945f0f1e990b400", "https://git.kernel.org/stable/c/f8c8e11825b24661596fa8db2f0981ba17ed0817", "https://lore.kernel.org/linux-cve-announce/2025101556-CVE-2025-39970-2ec8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39970", "https://www.cve.org/CVERecord?id=CVE-2025-39970" ], "PublishedDate": "2025-10-15T08:15:34.62Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39971", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39971", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: i40e: fix idx validation in config queues msg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39971", "https://git.kernel.org/linus/f1ad24c5abe1eaef69158bac1405a74b3c365115 (6.17)", "https://git.kernel.org/stable/c/1fa0aadade34481c567cdf4a897c0d4e4d548bd1", "https://git.kernel.org/stable/c/2cc26dac0518d2fa9b67ec813ee60e183480f98a", "https://git.kernel.org/stable/c/5c1f96123113e0bdc6d8dc2b0830184c93da9f65", "https://git.kernel.org/stable/c/8b9c7719b0987b1c6c5fc910599f3618a558dbde", "https://git.kernel.org/stable/c/a6ff2af78343eceb0f77ab1a2fe802183bc21648", "https://git.kernel.org/stable/c/bfcc1dff429d4b99ba03e40ddacc68ea4be2b32b", "https://git.kernel.org/stable/c/f1ad24c5abe1eaef69158bac1405a74b3c365115", "https://git.kernel.org/stable/c/f5f91d164af22e7147130ef8bebbdb28d8ecc6e2", "https://lore.kernel.org/linux-cve-announce/2025101556-CVE-2025-39971-97e2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39971", "https://www.cve.org/CVERecord?id=CVE-2025-39971" ], "PublishedDate": "2025-10-15T08:15:34.757Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39972", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39972", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: i40e: fix idx validation in i40e_validate_queue_map", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39972", "https://git.kernel.org/linus/aa68d3c3ac8d1dcec40d52ae27e39f6d32207009 (6.17)", "https://git.kernel.org/stable/c/34dfac0c904829967d500c51f216916ce1452957", "https://git.kernel.org/stable/c/4d5e804a9e19b639b18fd13664dbad3c03c79e61", "https://git.kernel.org/stable/c/50a1e2f50f6c22b93b94eb8d168a1be3c05bf5cd", "https://git.kernel.org/stable/c/6f15a7b34fae75e745bdc2ec05e06ddfd0dd2f3c", "https://git.kernel.org/stable/c/aa68d3c3ac8d1dcec40d52ae27e39f6d32207009", "https://git.kernel.org/stable/c/b6cb93a7ff208f324c7ec581d72995f80e115e0e", "https://git.kernel.org/stable/c/cc4191e8ef40d2249c1b9a8617d22ec8a976b574", "https://git.kernel.org/stable/c/d4e3eaaa3cb3af77836d806c89cd6ebf533a7320", "https://lore.kernel.org/linux-cve-announce/2025101556-CVE-2025-39972-06e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39972", "https://www.cve.org/CVERecord?id=CVE-2025-39972" ], "PublishedDate": "2025-10-15T08:15:34.88Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39973", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39973", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: i40e: add validation for ring_len param", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39973", "https://git.kernel.org/linus/55d225670def06b01af2e7a5e0446fbe946289e8 (6.17)", "https://git.kernel.org/stable/c/0543d40d6513cdf1c7882811086e59a6455dfe97", "https://git.kernel.org/stable/c/05fe81fb9db20464fa532a3835dc8300d68a2f84", "https://git.kernel.org/stable/c/45a7527cd7da4cdcf3b06b5c0cb1cae30b5a5985", "https://git.kernel.org/stable/c/55d225670def06b01af2e7a5e0446fbe946289e8", "https://git.kernel.org/stable/c/7d749e38dd2b7e8a80da2ca30c93e09de95bfcf9", "https://git.kernel.org/stable/c/afec12adab55d10708179a64d95d650741e60fe0", "https://git.kernel.org/stable/c/c0c83f4cd074b75cecef107bfc349be7d516c9c4", "https://git.kernel.org/stable/c/d3b0d3f8d11fa957171fbb186e53998361a88d4e", "https://lore.kernel.org/linux-cve-announce/2025101557-CVE-2025-39973-b1a3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39973", "https://www.cve.org/CVERecord?id=CVE-2025-39973" ], "PublishedDate": "2025-10-15T08:15:35.007Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39975", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39975", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: smb: client: fix wrong index reference in smb2_compound_op()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix wrong index reference in smb2_compound_op()\n\nIn smb2_compound_op(), the loop that processes each command's response\nuses wrong indices when accessing response bufferes.\n\nThis incorrect indexing leads to improper handling of command results.\nAlso, if incorrectly computed index is greather than or equal to\nMAX_COMPOUND, it can cause out-of-bounds accesses.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39975", "https://git.kernel.org/linus/fbe2dc6a9c7318f7263f5e4d50f6272b931c5756 (6.17)", "https://git.kernel.org/stable/c/093615fc76063ea08d454ba86677ce64c736e806", "https://git.kernel.org/stable/c/ba7bcfd52c66dd1c2dfa5142aca7e4a70b62dfa5", "https://git.kernel.org/stable/c/bfb1e2aad1fecef8320fd71332acde0d53a8d699", "https://git.kernel.org/stable/c/fbe2dc6a9c7318f7263f5e4d50f6272b931c5756", "https://lore.kernel.org/linux-cve-announce/2025101557-CVE-2025-39975-d1a3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39975", "https://www.cve.org/CVERecord?id=CVE-2025-39975" ], "PublishedDate": "2025-10-15T08:15:35.273Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39977", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39977", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: futex: Prevent use-after-free during requeue-PI", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Prevent use-after-free during requeue-PI\n\nsyzbot managed to trigger the following race:\n\n T1 T2\n\n futex_wait_requeue_pi()\n futex_do_wait()\n schedule()\n futex_requeue()\n futex_proxy_trylock_atomic()\n futex_requeue_pi_prepare()\n requeue_pi_wake_futex()\n futex_requeue_pi_complete()\n /* preempt */\n\n * timeout/ signal wakes T1 *\n\n futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED\n futex_hash_put()\n // back to userland, on stack futex_q is garbage\n\n /* back */\n wake_up_state(q-\u003etask, TASK_NORMAL);\n\nIn this scenario futex_wait_requeue_pi() is able to leave without using\nfutex_q::lock_ptr for synchronization.\n\nThis can be prevented by reading futex_q::task before updating the\nfutex_q::requeue_state. A reference on the task_struct is not needed\nbecause requeue_pi_wake_futex() is invoked with a spinlock_t held which\nimplies a RCU read section.\n\nEven if T1 terminates immediately after, the task_struct will remain valid\nduring T2's wake_up_state(). A READ_ONCE on futex_q::task before\nfutex_requeue_pi_complete() is enough because it ensures that the variable\nis read before the state is updated.\n\nRead futex_q::task before updating the requeue state, use it for the\nfollowing wakeup.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39977", "https://git.kernel.org/linus/b549113738e8c751b613118032a724b772aa83f2 (6.17)", "https://git.kernel.org/stable/c/348736955ed6ca6e99ca24b93b1d3fbfe352c181", "https://git.kernel.org/stable/c/a170b9c0dde83312b8b58ccc91509c7c15711641", "https://git.kernel.org/stable/c/b549113738e8c751b613118032a724b772aa83f2", "https://git.kernel.org/stable/c/cb5d19a61274b51b49601214a87af573b43d60fa", "https://git.kernel.org/stable/c/d824b2dbdcfe3c390278dd9652ea526168ef6850", "https://lore.kernel.org/linux-cve-announce/2025101558-CVE-2025-39977-b3a2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39977", "https://www.cve.org/CVERecord?id=CVE-2025-39977" ], "PublishedDate": "2025-10-15T08:15:35.517Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39980", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39980", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: nexthop: Forbid FDB status change while nexthop is in a group", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnexthop: Forbid FDB status change while nexthop is in a group\n\nThe kernel forbids the creation of non-FDB nexthop groups with FDB\nnexthops:\n\n # ip nexthop add id 1 via 192.0.2.1 fdb\n # ip nexthop add id 2 group 1\n Error: Non FDB nexthop group cannot have fdb nexthops.\n\nAnd vice versa:\n\n # ip nexthop add id 3 via 192.0.2.2 dev dummy1\n # ip nexthop add id 4 group 3 fdb\n Error: FDB nexthop group can only have fdb nexthops.\n\nHowever, as long as no routes are pointing to a non-FDB nexthop group,\nthe kernel allows changing the type of a nexthop from FDB to non-FDB and\nvice versa:\n\n # ip nexthop add id 5 via 192.0.2.2 dev dummy1\n # ip nexthop add id 6 group 5\n # ip nexthop replace id 5 via 192.0.2.2 fdb\n # echo $?\n 0\n\nThis configuration is invalid and can result in a NPD [1] since FDB\nnexthops are not associated with a nexthop device:\n\n # ip route add 198.51.100.1/32 nhid 6\n # ping 198.51.100.1\n\nFix by preventing nexthop FDB status change while the nexthop is in a\ngroup:\n\n # ip nexthop add id 7 via 192.0.2.2 dev dummy1\n # ip nexthop add id 8 group 7\n # ip nexthop replace id 7 via 192.0.2.2 fdb\n Error: Cannot change nexthop FDB status while in a group.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 00000000000003c0\n[...]\nOops: Oops: 0000 [#1] SMP\nCPU: 6 UID: 0 PID: 367 Comm: ping Not tainted 6.17.0-rc6-virtme-gb65678cacc03 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:fib_lookup_good_nhc+0x1e/0x80\n[...]\nCall Trace:\n \u003cTASK\u003e\n fib_table_lookup+0x541/0x650\n ip_route_output_key_hash_rcu+0x2ea/0x970\n ip_route_output_key_hash+0x55/0x80\n __ip4_datagram_connect+0x250/0x330\n udp_connect+0x2b/0x60\n __sys_connect+0x9c/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0xa4/0x2a0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39980", "https://git.kernel.org/linus/390b3a300d7872cef9588f003b204398be69ce08 (6.17)", "https://git.kernel.org/stable/c/0e7bfe7a268ccbd7859730c529161cafbf44637c", "https://git.kernel.org/stable/c/24046d31f6f92220852d393d510b6062843e3fbd", "https://git.kernel.org/stable/c/390b3a300d7872cef9588f003b204398be69ce08", "https://git.kernel.org/stable/c/8dd4aa0122885f710930de135af2adc4ccc3238f", "https://git.kernel.org/stable/c/e1e87ac0daacd51f522ecd1645cd76b5809303ed", "https://git.kernel.org/stable/c/ec428fff792b7bd15b248dafca2e654b666b1304", "https://git.kernel.org/stable/c/f0e49fd13afe9dea7a09a1c9537fd00cea22badb", "https://lore.kernel.org/linux-cve-announce/2025101559-CVE-2025-39980-1b78@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39980", "https://www.cve.org/CVERecord?id=CVE-2025-39980" ], "PublishedDate": "2025-10-15T08:15:35.887Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39981", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39981", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Bluetooth: MGMT: Fix possible UAFs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn't been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39981", "https://git.kernel.org/linus/302a1f674c00dd5581ab8e493ef44767c5101aab (6.17)", "https://git.kernel.org/stable/c/302a1f674c00dd5581ab8e493ef44767c5101aab", "https://git.kernel.org/stable/c/87a1f16f07c6c43771754075e08f45b41d237421", "https://lore.kernel.org/linux-cve-announce/2025101559-CVE-2025-39981-fe1d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39981", "https://www.cve.org/CVERecord?id=CVE-2025-39981" ], "PublishedDate": "2025-10-15T08:15:36.017Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39982", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39982", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39982", "https://git.kernel.org/linus/9e622804d57e2d08f0271200606bd1270f75126f (6.17)", "https://git.kernel.org/stable/c/484c7d571a3d1b3fd298fa691b660438c4548a53", "https://git.kernel.org/stable/c/6243bda271a628c48875e3e473206e7f584892ce", "https://git.kernel.org/stable/c/9e622804d57e2d08f0271200606bd1270f75126f", "https://git.kernel.org/stable/c/a78fd4fc5694ecb3b97deb2ad9eaebd67b4d2b08", "https://git.kernel.org/stable/c/bcce99f613163a43de24674b717e7a6c135fc879", "https://lore.kernel.org/linux-cve-announce/2025101559-CVE-2025-39982-a36e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39982", "https://www.cve.org/CVERecord?id=CVE-2025-39982" ], "PublishedDate": "2025-10-15T08:15:36.153Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39984", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39984", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net: tun: Update napi-\u003eskb after XDP process", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Update napi-\u003eskb after XDP process\n\nThe syzbot report a UAF issue:\n\n BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n BUG: KASAN: slab-use-after-free in napi_frags_skb net/core/gro.c:723 [inline]\n BUG: KASAN: slab-use-after-free in napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n Read of size 8 at addr ffff88802ef22c18 by task syz.0.17/6079\n CPU: 0 UID: 0 PID: 6079 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n napi_frags_skb net/core/gro.c:723 [inline]\n napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n tun_get_user+0x28cb/0x3e20 drivers/net/tun.c:1920\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\n Allocated by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:330 [inline]\n __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:558\n kasan_mempool_unpoison_object include/linux/kasan.h:388 [inline]\n napi_skb_cache_get+0x37b/0x6d0 net/core/skbuff.c:295\n __alloc_skb+0x11e/0x2d0 net/core/skbuff.c:657\n napi_alloc_skb+0x84/0x7d0 net/core/skbuff.c:811\n napi_get_frags+0x69/0x140 net/core/gro.c:673\n tun_napi_alloc_frags drivers/net/tun.c:1404 [inline]\n tun_get_user+0x77c/0x3e20 drivers/net/tun.c:1784\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:243 [inline]\n __kasan_slab_free+0x5b/0x80 mm/kasan/common.c:275\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2422 [inline]\n slab_free mm/slub.c:4695 [inline]\n kmem_cache_free+0x18f/0x400 mm/slub.c:4797\n skb_pp_cow_data+0xdd8/0x13e0 net/core/skbuff.c:969\n netif_skb_check_for_xdp net/core/dev.c:5390 [inline]\n netif_receive_generic_xdp net/core/dev.c:5431 [inline]\n do_xdp_generic+0x699/0x11a0 net/core/dev.c:5499\n tun_get_user+0x2523/0x3e20 drivers/net/tun.c:1872\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAfter commit e6d5dbdd20aa (\"xdp: add multi-buff support for xdp running in\ngeneric mode\"), the original skb may be freed in skb_pp_cow_data() when\nXDP program was attached, which was allocated in tun_napi_alloc_frags().\nHowever, the napi-\u003eskb still point to the original skb, update it after\nXDP process.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39984", "https://git.kernel.org/linus/1091860a16a86ccdd77c09f2b21a5f634f5ab9ec (6.17)", "https://git.kernel.org/stable/c/1091860a16a86ccdd77c09f2b21a5f634f5ab9ec", "https://git.kernel.org/stable/c/1697577e1669b0321d02cd848384a5d33e284296", "https://git.kernel.org/stable/c/953200d56fc23eebf80a5ad9eed6e2e8a3065093", "https://lore.kernel.org/linux-cve-announce/2025101500-CVE-2025-39984-2d3f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39984", "https://www.cve.org/CVERecord?id=CVE-2025-39984" ], "PublishedDate": "2025-10-15T08:15:36.4Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39991", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39991", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39991", "https://git.kernel.org/linus/3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782 (6.18-rc1)", "https://git.kernel.org/stable/c/1f52119809b76d43759fc47da1cf708690b740a1", "https://git.kernel.org/stable/c/3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782", "https://git.kernel.org/stable/c/500fcc31e488d798937a23dbb1f62db46820c5b2", "https://git.kernel.org/stable/c/888830b2cbc035838bebefe94502976da94332a5", "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39991-6679@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39991", "https://www.cve.org/CVERecord?id=CVE-2025-39991" ], "PublishedDate": "2025-10-15T08:15:37.197Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39992", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39992", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mm: swap: check for stable address space before operating on the VMA", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: check for stable address space before operating on the VMA\n\nIt is possible to hit a zero entry while traversing the vmas in unuse_mm()\ncalled from swapoff path and accessing it causes the OOPS:\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000446--\u003e Loading the memory from offset 0x40 on the\nXA_ZERO_ENTRY as address.\nMem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n\nThe issue is manifested from the below race between the fork() on a\nprocess and swapoff:\nfork(dup_mmap())\t\t\tswapoff(unuse_mm)\n--------------- -----------------\n1) Identical mtree is built using\n __mt_dup().\n\n2) copy_pte_range()--\u003e\n\tcopy_nonpresent_pte():\n The dst mm is added into the\n mmlist to be visible to the\n swapoff operation.\n\n3) Fatal signal is sent to the parent\nprocess(which is the current during the\nfork) thus skip the duplication of the\nvmas and mark the vma range with\nXA_ZERO_ENTRY as a marker for this process\nthat helps during exit_mmap().\n\n\t\t\t\t 4) swapoff is tried on the\n\t\t\t\t\t'mm' added to the 'mmlist' as\n\t\t\t\t\tpart of the 2.\n\n\t\t\t\t 5) unuse_mm(), that iterates\n\t\t\t\t\tthrough the vma's of this 'mm'\n\t\t\t\t\twill hit the non-NULL zero entry\n\t\t\t\t\tand operating on this zero entry\n\t\t\t\t\tas a vma is resulting into the\n\t\t\t\t\toops.\n\nThe proper fix would be around not exposing this partially-valid tree to\nothers when droping the mmap lock, which is being solved with [1]. A\nsimpler solution would be checking for MMF_UNSTABLE, as it is set if\nmm_struct is not fully initialized in dup_mmap().\n\nThanks to Liam/Lorenzo/David for all the suggestions in fixing this\nissue.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39992", "https://git.kernel.org/linus/1367da7eb875d01102d2ed18654b24d261ff5393 (6.18-rc1)", "https://git.kernel.org/stable/c/1367da7eb875d01102d2ed18654b24d261ff5393", "https://git.kernel.org/stable/c/4e5f060d7347466f77aaff1c0d5a6c4f1fb217ac", "https://git.kernel.org/stable/c/9cddad3b26dac830407d2d3c0de5205ff6d6dda0", "https://git.kernel.org/stable/c/e4e99d69b8b8295c501b2eef89e13306b738b667", "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39992-f580@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39992", "https://www.cve.org/CVERecord?id=CVE-2025-39992" ], "PublishedDate": "2025-10-15T08:15:37.317Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39993", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39993", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: media: rc: fix races with imon_disconnect()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39993", "https://git.kernel.org/linus/fa0f61cc1d828178aa921475a9b786e7fbb65ccb (6.18-rc1)", "https://git.kernel.org/stable/c/2e7fd93b9cc565b839bc55a6662475718963e156", "https://git.kernel.org/stable/c/71096a6161a25e84acddb89a9d77f138502d26ab", "https://git.kernel.org/stable/c/71da40648741d15b302700b68973fe8b382aef3c", "https://git.kernel.org/stable/c/d9f6ce99624a41c3bcb29a8d7d79b800665229dd", "https://git.kernel.org/stable/c/fa0f61cc1d828178aa921475a9b786e7fbb65ccb", "https://git.kernel.org/stable/c/fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5", "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39993", "https://www.cve.org/CVERecord?id=CVE-2025-39993" ], "PublishedDate": "2025-10-15T08:15:37.443Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39994", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39994", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: media: tuner: xc5000: Fix use-after-free in xc5000_release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39994", "https://git.kernel.org/linus/40b7a19f321e65789612ebaca966472055dab48c (6.18-rc1)", "https://git.kernel.org/stable/c/40b7a19f321e65789612ebaca966472055dab48c", "https://git.kernel.org/stable/c/4266f012806fc18e46da4a04d130df59a4946f93", "https://git.kernel.org/stable/c/71ed8b81a4906cb785966910f39cf7f5ad60a69e", "https://git.kernel.org/stable/c/9a00de20ed8ba90888479749b87bc1532cded4ce", "https://git.kernel.org/stable/c/df0303b4839520b84d9367c2fad65b13650a4d42", "https://git.kernel.org/stable/c/effb1c19583bca7022fa641a70766de45c6d41ac", "https://lore.kernel.org/linux-cve-announce/2025101528-CVE-2025-39994-f3e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39994", "https://www.cve.org/CVERecord?id=CVE-2025-39994" ], "PublishedDate": "2025-10-15T08:15:37.567Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39998", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39998", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: scsi: target: target_core_configfs: Add length check to avoid buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39998", "https://git.kernel.org/linus/27e06650a5eafe832a90fd2604f0c5e920857fae (6.18-rc1)", "https://git.kernel.org/stable/c/27e06650a5eafe832a90fd2604f0c5e920857fae", "https://git.kernel.org/stable/c/4b292286949588bd2818e66ff102db278de8dd26", "https://git.kernel.org/stable/c/53c6351597e6a17ec6619f6f060d54128cb9a187", "https://git.kernel.org/stable/c/a150275831b765b0f1de8b8ff52ec5c6933ac15d", "https://git.kernel.org/stable/c/e73fe0eefac3e15bf88fb5b4afae4c76215ee4d4", "https://git.kernel.org/stable/c/f03aa5e39da7d045615b3951d2a6ca1d7132f881", "https://lore.kernel.org/linux-cve-announce/2025101529-CVE-2025-39998-57d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39998", "https://www.cve.org/CVERecord?id=CVE-2025-39998" ], "PublishedDate": "2025-10-15T08:15:38.077Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-40014", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40014", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nobjtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()\n\nIf speed_hz \u003c AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the\nentire amd_spi_freq array without breaking out early, causing 'i' to go\nbeyond the array bounds.\n\nFix that by stopping the loop when it gets to the last entry, so the low\nspeed_hz value gets clamped up to AMD_SPI_MIN_HZ.\n\nFixes the following warning with an UBSAN kernel:\n\n drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()", "Severity": "HIGH", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40014", "https://git.kernel.org/linus/76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc (6.15-rc1)", "https://git.kernel.org/stable/c/76e51db43fe4aaaebcc5ddda67b0807f7c9bdecc", "https://git.kernel.org/stable/c/7f2c746e09a3746bf937bc708129dc8af61d8f19", "https://lore.kernel.org/linux-cve-announce/2025041822-CVE-2025-40014-384f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40014", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-40014" ], "PublishedDate": "2025-04-18T07:15:44.67Z", "LastModifiedDate": "2025-10-01T17:15:47.17Z" }, { "VulnerabilityID": "CVE-2019-15213", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15213", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c", "Description": "An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.3 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", "http://www.openwall.com/lists/oss-security/2019/08/20/2", "https://access.redhat.com/security/cve/CVE-2019-15213", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7", "https://linux.oracle.com/cve/CVE-2019-15213.html", "https://linux.oracle.com/errata/ELSA-2019-4872.html", "https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/", "https://nvd.nist.gov/vuln/detail/CVE-2019-15213", "https://security.netapp.com/advisory/ntap-20190905-0002/", "https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced", "https://www.cve.org/CVERecord?id=CVE-2019-15213" ], "PublishedDate": "2019-08-19T22:15:11.253Z", "LastModifiedDate": "2024-11-21T04:28:12.273Z" }, { "VulnerabilityID": "CVE-2019-16089", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16089", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Improper return check in nbd_genl_status function in drivers/block/nbd.c", "Description": "An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-16089", "https://linux.oracle.com/cve/CVE-2019-16089.html", "https://linux.oracle.com/errata/ELSA-2020-5913.html", "https://lore.kernel.org/lkml/20190911164013.27364-1-navid.emamdoost@gmail.com/", "https://lore.kernel.org/patchwork/patch/1106884/", "https://lore.kernel.org/patchwork/patch/1126650/", "https://nvd.nist.gov/vuln/detail/CVE-2019-16089", "https://security.netapp.com/advisory/ntap-20191004-0001/", "https://support.f5.com/csp/article/K03814795?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/notices/USN-4414-1", "https://ubuntu.com/security/notices/USN-4425-1", "https://ubuntu.com/security/notices/USN-4439-1", "https://ubuntu.com/security/notices/USN-4440-1", "https://usn.ubuntu.com/4414-1/", "https://usn.ubuntu.com/4425-1/", "https://usn.ubuntu.com/4439-1/", "https://usn.ubuntu.com/4440-1/", "https://www.cve.org/CVERecord?id=CVE-2019-16089" ], "PublishedDate": "2019-09-06T23:15:12.277Z", "LastModifiedDate": "2024-11-21T04:30:00.6Z" }, { "VulnerabilityID": "CVE-2019-20794", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20794", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: task processes not being properly ended could lead to resource exhaustion", "Description": "An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-772" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2020/08/24/1", "https://access.redhat.com/security/cve/CVE-2019-20794", "https://github.com/sargun/fuse-example", "https://nvd.nist.gov/vuln/detail/CVE-2019-20794", "https://security.netapp.com/advisory/ntap-20200608-0001/", "https://sourceforge.net/p/fuse/mailman/message/36598753/", "https://www.cve.org/CVERecord?id=CVE-2019-20794" ], "PublishedDate": "2020-05-09T18:15:11.157Z", "LastModifiedDate": "2024-11-21T04:39:22.78Z" }, { "VulnerabilityID": "CVE-2020-14304", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14304", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ethtool when reading eeprom of device could lead to memory leak", "Description": "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.", "Severity": "MEDIUM", "CweIDs": [ "CWE-460", "CWE-755" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-14304", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304", "https://linux.oracle.com/cve/CVE-2020-14304.html", "https://linux.oracle.com/errata/ELSA-2021-9410.html", "https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/", "https://nvd.nist.gov/vuln/detail/CVE-2020-14304", "https://www.cve.org/CVERecord?id=CVE-2020-14304" ], "PublishedDate": "2020-09-15T20:15:13.103Z", "LastModifiedDate": "2024-11-21T05:02:57.97Z" }, { "VulnerabilityID": "CVE-2020-36694", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36694", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: netfilter: use-after-free in the packet processing context", "Description": "An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-36694", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc00bcaa589914096edef7fb87ca5cee4a166b5c", "https://nvd.nist.gov/vuln/detail/CVE-2020-36694", "https://security.netapp.com/advisory/ntap-20230622-0005/", "https://syzkaller.appspot.com/bug?id=0c4fd9c6aa04ec116d01e915d3b186f71a212cb2", "https://www.cve.org/CVERecord?id=CVE-2020-36694" ], "PublishedDate": "2023-05-21T23:15:08.96Z", "LastModifiedDate": "2025-01-31T18:15:29.737Z" }, { "VulnerabilityID": "CVE-2021-47658", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-47658", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/amd/pm: fix a potential gpu_metrics_table memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in renoir_init_smc_tables(),\nbut not freed in int smu_v12_0_fini_smc_tables(). Free it!", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-47658", "https://git.kernel.org/linus/583637d66a70fc7090e12fb0ebbacc33d39e2214 (5.17-rc1)", "https://git.kernel.org/stable/c/583637d66a70fc7090e12fb0ebbacc33d39e2214", "https://lore.kernel.org/linux-cve-announce/2025022624-CVE-2021-47658-3eb0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2021-47658", "https://www.cve.org/CVERecord?id=CVE-2021-47658" ], "PublishedDate": "2025-02-26T06:37:07.557Z", "LastModifiedDate": "2025-09-23T18:48:03.193Z" }, { "VulnerabilityID": "CVE-2023-31082", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31082", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: sleeping function called from an invalid context in gsmld_write", "Description": "An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.", "Severity": "MEDIUM", "CweIDs": [ "CWE-763" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-31082", "https://bugzilla.suse.com/show_bug.cgi?id=1210781", "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/", "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2023-31082", "https://security.netapp.com/advisory/ntap-20230929-0003/", "https://www.cve.org/CVERecord?id=CVE-2023-31082" ], "PublishedDate": "2023-04-24T06:15:07.783Z", "LastModifiedDate": "2024-11-21T08:01:22.69Z" }, { "VulnerabilityID": "CVE-2023-3397", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3397", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: slab-use-after-free Write in txEnd due to race condition", "Description": "A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416", "CWE-362" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-3397", "https://bugzilla.redhat.com/show_bug.cgi?id=2217271", "https://nvd.nist.gov/vuln/detail/CVE-2023-3397", "https://www.cve.org/CVERecord?id=CVE-2023-3397", "https://www.spinics.net/lists/kernel/msg4788636.html" ], "PublishedDate": "2023-11-01T20:15:08.737Z", "LastModifiedDate": "2024-11-21T08:17:11.077Z" }, { "VulnerabilityID": "CVE-2023-37454", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-37454", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: udf: use-after-free write in udf_close_lvid", "Description": "An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-37454", "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5", "https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/", "https://nvd.nist.gov/vuln/detail/CVE-2023-37454", "https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55", "https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57", "https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d", "https://www.cve.org/CVERecord?id=CVE-2023-37454" ], "PublishedDate": "2023-07-06T17:15:14.24Z", "LastModifiedDate": "2024-11-21T08:11:44.337Z" }, { "VulnerabilityID": "CVE-2023-4010", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4010", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()", "Description": "A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-4010", "https://bugzilla.redhat.com/show_bug.cgi?id=2227726", "https://github.com/wanrenmi/a-usb-kernel-bug", "https://github.com/wanrenmi/a-usb-kernel-bug/issues/1", "https://nvd.nist.gov/vuln/detail/CVE-2023-4010", "https://www.cve.org/CVERecord?id=CVE-2023-4010" ], "PublishedDate": "2023-07-31T17:15:10.277Z", "LastModifiedDate": "2024-11-21T08:34:13.383Z" }, { "VulnerabilityID": "CVE-2023-6238", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: nvme: memory corruption via unprivileged user passthrough", "Description": "A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-6238", "https://bugzilla.redhat.com/show_bug.cgi?id=2250834", "https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u", "https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-6238", "https://www.cve.org/CVERecord?id=CVE-2023-6238" ], "PublishedDate": "2023-11-21T21:15:09.273Z", "LastModifiedDate": "2024-11-21T08:43:26.177Z" }, { "VulnerabilityID": "CVE-2023-6240", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6240", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation", "Description": "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:1881", "https://access.redhat.com/errata/RHSA-2024:1882", "https://access.redhat.com/errata/RHSA-2024:2758", "https://access.redhat.com/errata/RHSA-2024:3414", "https://access.redhat.com/errata/RHSA-2024:3421", "https://access.redhat.com/errata/RHSA-2024:3618", "https://access.redhat.com/errata/RHSA-2024:3627", "https://access.redhat.com/security/cve/CVE-2023-6240", "https://bugzilla.redhat.com/2250843", "https://bugzilla.redhat.com/2270836", "https://bugzilla.redhat.com/show_bug.cgi?id=2250843", "https://bugzilla.redhat.com/show_bug.cgi?id=2270836", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25743", "https://errata.almalinux.org/9/ALSA-2024-2758.html", "https://errata.rockylinux.org/RLSA-2024:2758", "https://linux.oracle.com/cve/CVE-2023-6240.html", "https://linux.oracle.com/errata/ELSA-2024-3618.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-6240", "https://people.redhat.com/~hkario/marvin/", "https://security.netapp.com/advisory/ntap-20240628-0002/", "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/", "https://www.cve.org/CVERecord?id=CVE-2023-6240" ], "PublishedDate": "2024-02-04T14:15:47.787Z", "LastModifiedDate": "2024-11-21T08:43:26.437Z" }, { "VulnerabilityID": "CVE-2024-2193", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2193", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "hw: Spectre-SRC that is Speculative Race Conditions (SRCs) for synchronization primitives similar like Spectre V1 with possibility to bypass software features (e.g., IPIs, high-precision timers, etc)", "Description": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "photon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/12/14", "http://xenbits.xen.org/xsa/advisory-453.html", "https://access.redhat.com/security/cve/CVE-2024-2193", "https://download.vusec.net/papers/ghostrace_sec24.pdf", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23", "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace", "https://kb.cert.org/vuls/id/488902", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "https://nvd.nist.gov/vuln/detail/CVE-2024-2193", "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html", "https://www.cve.org/CVERecord?id=CVE-2024-2193", "https://www.kb.cert.org/vuls/id/488902", "https://www.openwall.com/lists/oss-security/2024/03/12/14", "https://www.vusec.net/projects/ghostrace/", "https://xenbits.xen.org/xsa/advisory-453.html" ], "PublishedDate": "2024-03-15T18:15:08.53Z", "LastModifiedDate": "2025-04-30T23:16:01.667Z" }, { "VulnerabilityID": "CVE-2024-24864", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24864", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "A race condition was found in the Linux kernel's media/dvb-core in dvb ...", "Description": "A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-476" ], "VendorSeverity": { "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=8178" ], "PublishedDate": "2024-02-05T08:15:45.433Z", "LastModifiedDate": "2024-11-21T08:59:52.41Z" }, { "VulnerabilityID": "CVE-2024-25740", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-25740", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: memory leak in ubi driver", "Description": "A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj-\u003ename is not released.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-25740", "https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T/", "https://nvd.nist.gov/vuln/detail/CVE-2024-25740", "https://www.cve.org/CVERecord?id=CVE-2024-25740" ], "PublishedDate": "2024-02-12T03:15:32.823Z", "LastModifiedDate": "2025-05-07T21:16:03.333Z" }, { "VulnerabilityID": "CVE-2024-52560", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52560", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()\n\nExtended the `mi_enum_attr()` function interface with an additional\nparameter, `struct ntfs_inode *ni`, to allow marking the inode\nas bad as soon as an error is detected.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-52560", "https://git.kernel.org/linus/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e (6.14-rc1)", "https://git.kernel.org/stable/c/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e", "https://git.kernel.org/stable/c/d9c699f2c4dc174940ffe8600b20c267897da155", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-52560-8446@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-52560", "https://www.cve.org/CVERecord?id=CVE-2024-52560" ], "PublishedDate": "2025-02-27T03:15:10.573Z", "LastModifiedDate": "2025-02-27T03:15:10.573Z" }, { "VulnerabilityID": "CVE-2024-56709", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56709", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: io_uring: check if iowq is killed before queuing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if iowq is killed before queuing\n\ntask work can be executed after the task has gone through io_uring\ntermination, whether it's the final task_work run or the fallback path.\nIn this case, task work will find -\u003eio_wq being already killed and\nnull'ed, which is a problem if it then tries to forward the request to\nio_queue_iowq(). Make io_queue_iowq() fail requests in this case.\n\nNote that it also checks PF_KTHREAD, because the user can first close\na DEFER_TASKRUN ring and shortly after kill the task, in which case\n-\u003eiowq check would race.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56709", "https://git.kernel.org/linus/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 (6.13-rc4)", "https://git.kernel.org/stable/c/2ca94c8de36091067b9ce7527ae8db3812d38781", "https://git.kernel.org/stable/c/4f95a2186b7f2af09331e1e8069bcaf34fe019cf", "https://git.kernel.org/stable/c/534d59ab38010aada88390db65985e65d0de7d9e", "https://git.kernel.org/stable/c/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156", "https://linux.oracle.com/cve/CVE-2024-56709.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122918-CVE-2024-56709-655c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56709", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56709" ], "PublishedDate": "2024-12-29T09:15:05.82Z", "LastModifiedDate": "2025-10-15T17:42:44.09Z" }, { "VulnerabilityID": "CVE-2024-58015", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58015", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath12k: Fix for out-of bound access error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix for out-of bound access error\n\nSelfgen stats are placed in a buffer using print_array_to_buf_index() function.\nArray length parameter passed to the function is too big, resulting in possible\nout-of bound memory error.\nDecreasing buffer size by one fixes faulty upper bound of passed array.\n\nDiscovered in coverity scan, CID 1600742 and CID 1600758", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58015", "https://git.kernel.org/linus/eb8c0534713865d190856f10bfc97cf0b88475b1 (6.14-rc1)", "https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4", "https://git.kernel.org/stable/c/eb8c0534713865d190856f10bfc97cf0b88475b1", "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58015-f72e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58015", "https://www.cve.org/CVERecord?id=CVE-2024-58015" ], "PublishedDate": "2025-02-27T03:15:12.493Z", "LastModifiedDate": "2025-02-27T03:15:12.493Z" }, { "VulnerabilityID": "CVE-2024-58022", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58022", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mailbox: th1520: Fix a NULL vs IS_ERR() bug", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: th1520: Fix a NULL vs IS_ERR() bug\n\nThe devm_ioremap() function doesn't return error pointers, it returns\nNULL. Update the error checking to match.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58022", "https://git.kernel.org/stable/c/d0f98e14c010bcf27898b635a54c1994ac4110a8", "https://git.kernel.org/stable/c/ecbde88e544ff016fa08bbf2156dc431bb123e9b", "https://lore.kernel.org/linux-cve-announce/2025022748-CVE-2024-58022-60ab@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58022", "https://www.cve.org/CVERecord?id=CVE-2024-58022" ], "PublishedDate": "2025-02-27T20:16:02.073Z", "LastModifiedDate": "2025-10-01T20:18:10.02Z" }, { "VulnerabilityID": "CVE-2024-58074", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58074", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/i915: Grab intel_display from the encoder to avoid potential oopsies", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Grab intel_display from the encoder to avoid potential oopsies\n\nGrab the intel_display from 'encoder' rather than 'state'\nin the encoder hooks to avoid the massive footgun that is\nintel_sanitize_encoder(), which passes NULL as the 'state'\nargument to encoder .disable() and .post_disable().\n\nTODO: figure out how to actually fix intel_sanitize_encoder()...", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58074", "https://git.kernel.org/stable/c/1885401569f24eb35c631bcc4e6543360dbe9292", "https://git.kernel.org/stable/c/dc3806d9eb66d0105f8d55d462d4ef681d9eac59", "https://lore.kernel.org/linux-cve-announce/2025030627-CVE-2024-58074-28c1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58074", "https://www.cve.org/CVERecord?id=CVE-2024-58074" ], "PublishedDate": "2025-03-06T16:15:53.943Z", "LastModifiedDate": "2025-03-06T16:15:53.943Z" }, { "VulnerabilityID": "CVE-2024-58093", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58093", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: PCI/ASPM: Fix link state exit during switch upstream function removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-\u003edownstream would point to free'd memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58093", "https://git.kernel.org/linus/cbf937dcadfd571a434f8074d057b32cd14fbea5 (6.15-rc1)", "https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5", "https://linux.oracle.com/cve/CVE-2024-58093.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041652-CVE-2024-58093-2638@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58093", "https://ubuntu.com/security/notices/USN-7585-1", "https://ubuntu.com/security/notices/USN-7585-2", "https://ubuntu.com/security/notices/USN-7585-3", "https://ubuntu.com/security/notices/USN-7585-4", "https://ubuntu.com/security/notices/USN-7585-5", "https://ubuntu.com/security/notices/USN-7585-6", "https://ubuntu.com/security/notices/USN-7585-7", "https://ubuntu.com/security/notices/USN-7591-1", "https://ubuntu.com/security/notices/USN-7591-2", "https://ubuntu.com/security/notices/USN-7591-3", "https://ubuntu.com/security/notices/USN-7591-4", "https://ubuntu.com/security/notices/USN-7591-5", "https://ubuntu.com/security/notices/USN-7591-6", "https://ubuntu.com/security/notices/USN-7592-1", "https://ubuntu.com/security/notices/USN-7593-1", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7597-1", "https://ubuntu.com/security/notices/USN-7597-2", "https://ubuntu.com/security/notices/USN-7598-1", "https://ubuntu.com/security/notices/USN-7602-1", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7640-1", "https://ubuntu.com/security/notices/USN-7655-1", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-58093" ], "PublishedDate": "2025-04-16T15:15:53.22Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2024-58094", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58094", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: jfs: add check read-only before truncation in jfs_truncate_nolock()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n jfs_write_failed() {\n jfs_truncate() {\n jfs_truncate_nolock() {\n txEnd() {\n ...\n log = JFS_SBI(tblk-\u003esb)-\u003elog;\n // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58094", "https://git.kernel.org/linus/b5799dd77054c1ec49b0088b006c9908e256843b (6.15-rc1)", "https://git.kernel.org/stable/c/b5799dd77054c1ec49b0088b006c9908e256843b", "https://git.kernel.org/stable/c/f605bc3e162f5c6faa9bd3602ce496053d06a4bb", "https://lore.kernel.org/linux-cve-announce/2025041652-CVE-2024-58094-b87b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58094", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58094" ], "PublishedDate": "2025-04-16T15:15:53.33Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2024-58095", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58095", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: jfs: add check read-only before txBeginAnon() call", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58095", "https://git.kernel.org/linus/0176e69743ecc02961f2ae1ea42439cd2bf9ed58 (6.15-rc1)", "https://git.kernel.org/stable/c/0176e69743ecc02961f2ae1ea42439cd2bf9ed58", "https://git.kernel.org/stable/c/15469c408af2d7a52fb186a92f2f091b0f13b1fb", "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58095-9a41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58095", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58095" ], "PublishedDate": "2025-04-16T15:15:53.467Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2024-58096", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58096", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-\u003elock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-\u003elock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-\u003elock for them to avoid such warnings.\n\nInorder to fetch the srng-\u003elock, should change srng's definition from\n'void' to 'struct hal_srng'. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58096", "https://git.kernel.org/linus/63b7af49496d0e32f7a748b6af3361ec138b1bd3 (6.15-rc1)", "https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3", "https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a", "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58096-2320@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58096", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58096" ], "PublishedDate": "2025-04-16T15:15:53.587Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2024-58097", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58097", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath11k: fix RCU stall while reaping monitor destination ring", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58097", "https://git.kernel.org/linus/16c6c35c03ea73054a1f6d3302a4ce4a331b427d (6.15-rc1)", "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d", "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378", "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58097-3fcb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58097", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58097" ], "PublishedDate": "2025-04-16T15:15:53.683Z", "LastModifiedDate": "2025-10-01T17:15:38.047Z" }, { "VulnerabilityID": "CVE-2025-21752", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21752", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents\n\nDon't use btrfs_set_item_key_safe() to modify the keys in the RAID\nstripe-tree, as this can lead to corruption of the tree, which is caught\nby the checks in btrfs_set_item_key_safe():\n\n BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12\n BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030\n [ snip ]\n item 105 key (354549760 230 20480) itemoff 14587 itemsize 16\n stride 0 devid 5 physical 67502080\n item 106 key (354631680 230 4096) itemoff 14571 itemsize 16\n stride 0 devid 1 physical 88559616\n item 107 key (354631680 230 32768) itemoff 14555 itemsize 16\n stride 0 devid 1 physical 88555520\n item 108 key (354717696 230 28672) itemoff 14539 itemsize 16\n stride 0 devid 2 physical 67604480\n [ snip ]\n BTRFS critical (device nvme1n1): slot 106 key (354631680 230 32768) new key (354635776 230 4096)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2602!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 1055 Comm: fsstress Not tainted 6.13.0-rc1+ #1464\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0xf7/0x270\n Code: \u003csnip\u003e\n RSP: 0018:ffffc90001337ab0 EFLAGS: 00010287\n RAX: 0000000000000000 RBX: ffff8881115fd000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff\n RBP: ffff888110ed6f50 R08: 00000000ffffefff R09: ffffffff8244c500\n R10: 00000000ffffefff R11: 00000000ffffffff R12: ffff888100586000\n R13: 00000000000000c9 R14: ffffc90001337b1f R15: ffff888110f23b58\n FS: 00007f7d75c72740(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa811652c60 CR3: 0000000111398001 CR4: 0000000000370eb0\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x14/0x1a\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x65/0x80\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? exc_invalid_op+0x50/0x70\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? asm_exc_invalid_op+0x1a/0x20\n ? btrfs_set_item_key_safe+0xf7/0x270\n btrfs_partially_delete_raid_extent+0xc4/0xe0\n btrfs_delete_raid_extent+0x227/0x240\n __btrfs_free_extent.isra.0+0x57f/0x9c0\n ? exc_coproc_segment_overrun+0x40/0x40\n __btrfs_run_delayed_refs+0x2fa/0xe80\n btrfs_run_delayed_refs+0x81/0xe0\n btrfs_commit_transaction+0x2dd/0xbe0\n ? preempt_count_add+0x52/0xb0\n btrfs_sync_file+0x375/0x4c0\n do_fsync+0x39/0x70\n __x64_sys_fsync+0x13/0x20\n do_syscall_64+0x54/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f7d7550ef90\n Code: \u003csnip\u003e\n RSP: 002b:00007ffd70237248 EFLAGS: 00000202 ORIG_RAX: 000000000000004a\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7d7550ef90\n RDX: 000000000000013a RSI: 000000000040eb28 RDI: 0000000000000004\n RBP: 000000000000001b R08: 0000000000000078 R09: 00007ffd7023725c\n R10: 00007f7d75400390 R11: 0000000000000202 R12: 028f5c28f5c28f5c\n R13: 8f5c28f5c28f5c29 R14: 000000000040b520 R15: 00007f7d75c726c8\n \u003c/TASK\u003e\n\nWhile the root cause of the tree order corruption isn't clear, using\nbtrfs_duplicate_item() to copy the item and then adjusting both the key\nand the per-device physical addresses is a safe way to counter this\nproblem.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21752", "https://git.kernel.org/linus/dc14ba10781bd2629835696b7cc1febf914768e9 (6.14-rc1)", "https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742", "https://git.kernel.org/stable/c/dc14ba10781bd2629835696b7cc1febf914768e9", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2025-21752-5815@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21752", "https://www.cve.org/CVERecord?id=CVE-2025-21752" ], "PublishedDate": "2025-02-27T03:15:15.853Z", "LastModifiedDate": "2025-02-27T03:15:15.853Z" }, { "VulnerabilityID": "CVE-2025-21807", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21807", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: block: fix queue freeze vs limits lock order in sysfs store methods", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix queue freeze vs limits lock order in sysfs store methods\n\nqueue_attr_store() always freezes a device queue before calling the\nattribute store operation. For attributes that control queue limits, the\nstore operation will also lock the queue limits with a call to\nqueue_limits_start_update(). However, some drivers (e.g. SCSI sd) may\nneed to issue commands to a device to obtain limit values from the\nhardware with the queue limits locked. This creates a potential ABBA\ndeadlock situation if a user attempts to modify a limit (thus freezing\nthe device queue) while the device driver starts a revalidation of the\ndevice queue limits.\n\nAvoid such deadlock by not freezing the queue before calling the\n-\u003estore_limit() method in struct queue_sysfs_entry and instead use the\nqueue_limits_commit_update_frozen helper to freeze the queue after taking\nthe limits lock.\n\nThis also removes taking the sysfs lock for the store_limit method as\nit doesn't protect anything here, but creates even more nesting.\nHopefully it will go away from the actual sysfs methods entirely soon.\n\n(commit log adapted from a similar patch from Damien Le Moal)", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21807", "https://git.kernel.org/linus/c99f66e4084a62a2cc401c4704a84328aeddc9ec (6.14-rc1)", "https://git.kernel.org/stable/c/8985da5481562e96b95e94ed8e5cc9b6565eb82b", "https://git.kernel.org/stable/c/c99f66e4084a62a2cc401c4704a84328aeddc9ec", "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21807-a4bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21807", "https://www.cve.org/CVERecord?id=CVE-2025-21807" ], "PublishedDate": "2025-02-27T20:16:03.317Z", "LastModifiedDate": "2025-02-27T20:16:03.317Z" }, { "VulnerabilityID": "CVE-2025-21833", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21833", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can't find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21833", "https://git.kernel.org/linus/60f030f7418d3f1d94f2fb207fe3080e1844630b (6.14-rc1)", "https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b", "https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d", "https://lore.kernel.org/linux-cve-announce/2025030635-CVE-2025-21833-dd2d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21833", "https://www.cve.org/CVERecord?id=CVE-2025-21833" ], "PublishedDate": "2025-03-06T17:15:23.293Z", "LastModifiedDate": "2025-10-01T20:18:27.467Z" }, { "VulnerabilityID": "CVE-2025-21949", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21949", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: LoongArch: Set hugetlb mmap base address aligned with pmd size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Set hugetlb mmap base address aligned with pmd size\n\nWith ltp test case \"testcases/bin/hugefork02\", there is a dmesg error\nreport message such as:\n\n kernel BUG at mm/hugetlb.c:5550!\n Oops - BUG[#1]:\n CPU: 0 UID: 0 PID: 1517 Comm: hugefork02 Not tainted 6.14.0-rc2+ #241\n Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n pc 90000000004eaf1c ra 9000000000485538 tp 900000010edbc000 sp 900000010edbf940\n a0 900000010edbfb00 a1 9000000108d20280 a2 00007fffe9474000 a3 00007ffff3474000\n a4 0000000000000000 a5 0000000000000003 a6 00000000003cadd3 a7 0000000000000000\n t0 0000000001ffffff t1 0000000001474000 t2 900000010ecd7900 t3 00007fffe9474000\n t4 00007fffe9474000 t5 0000000000000040 t6 900000010edbfb00 t7 0000000000000001\n t8 0000000000000005 u0 90000000004849d0 s9 900000010edbfa00 s0 9000000108d20280\n s1 00007fffe9474000 s2 0000000002000000 s3 9000000108d20280 s4 9000000002b38b10\n s5 900000010edbfb00 s6 00007ffff3474000 s7 0000000000000406 s8 900000010edbfa08\n ra: 9000000000485538 unmap_vmas+0x130/0x218\n ERA: 90000000004eaf1c __unmap_hugepage_range+0x6f4/0x7d0\n PRMD: 00000004 (PPLV0 +PIE -PWE)\n EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\n PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n Process hugefork02 (pid: 1517, threadinfo=00000000a670eaf4, task=000000007a95fc64)\n Call Trace:\n [\u003c90000000004eaf1c\u003e] __unmap_hugepage_range+0x6f4/0x7d0\n [\u003c9000000000485534\u003e] unmap_vmas+0x12c/0x218\n [\u003c9000000000494068\u003e] exit_mmap+0xe0/0x308\n [\u003c900000000025fdc4\u003e] mmput+0x74/0x180\n [\u003c900000000026a284\u003e] do_exit+0x294/0x898\n [\u003c900000000026aa30\u003e] do_group_exit+0x30/0x98\n [\u003c900000000027bed4\u003e] get_signal+0x83c/0x868\n [\u003c90000000002457b4\u003e] arch_do_signal_or_restart+0x54/0xfa0\n [\u003c90000000015795e8\u003e] irqentry_exit_to_user_mode+0xb8/0x138\n [\u003c90000000002572d0\u003e] tlb_do_page_fault_1+0x114/0x1b4\n\nThe problem is that base address allocated from hugetlbfs is not aligned\nwith pmd size. Here add a checking for hugetlbfs and align base address\nwith pmd size. After this patch the test case \"testcases/bin/hugefork02\"\npasses to run.\n\nThis is similar to the commit 7f24cbc9c4d42db8a3c8484d1 (\"mm/mmap: teach\ngeneric_get_unmapped_area{_topdown} to handle hugetlb mappings\").", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21949", "https://git.kernel.org/linus/3109d5ff484b7bc7b955f166974c6776d91f247b (6.14-rc6)", "https://git.kernel.org/stable/c/242b34f48a377afe4b285b472bd0f17744fca8e8", "https://git.kernel.org/stable/c/3109d5ff484b7bc7b955f166974c6776d91f247b", "https://lore.kernel.org/linux-cve-announce/2025040136-CVE-2025-21949-e05a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21949", "https://www.cve.org/CVERecord?id=CVE-2025-21949" ], "PublishedDate": "2025-04-01T16:15:26.067Z", "LastModifiedDate": "2025-10-01T18:15:39.327Z" }, { "VulnerabilityID": "CVE-2025-22031", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22031", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion\n\nWhen BIOS neglects to assign bus numbers to PCI bridges, the kernel\nattempts to correct that during PCI device enumeration. If it runs out\nof bus numbers, no pci_bus is allocated and the \"subordinate\" pointer in\nthe bridge's pci_dev remains NULL.\n\nThe PCIe bandwidth controller erroneously does not check for a NULL\nsubordinate pointer and dereferences it on probe.\n\nBandwidth control of unusable devices below the bridge is of questionable\nutility, so simply error out instead. This mirrors what PCIe hotplug does\nsince commit 62e4492c3063 (\"PCI: Prevent NULL dereference during pciehp\nprobe\").\n\nThe PCI core emits a message with KERN_INFO severity if it has run out of\nbus numbers. PCIe hotplug emits an additional message with KERN_ERR\nseverity to inform the user that hotplug functionality is disabled at the\nbridge. A similar message for bandwidth control does not seem merited,\ngiven that its only purpose so far is to expose an up-to-date link speed\nin sysfs and throttle the link speed on certain laptops with limited\nThermal Design Power. So error out silently.\n\nUser-visible messages:\n\n pci 0000:16:02.0: bridge configuration invalid ([bus 00-00]), reconfiguring\n [...]\n pci_bus 0000:45: busn_res: [bus 45-74] end is updated to 74\n pci 0000:16:02.0: devices behind bridge are unusable because [bus 45-74] cannot be assigned for them\n [...]\n pcieport 0000:16:02.0: pciehp: Hotplug bridge without secondary bus, ignoring\n [...]\n BUG: kernel NULL pointer dereference\n RIP: pcie_update_link_speed\n pcie_bwnotif_enable\n pcie_bwnotif_probe\n pcie_port_probe_service\n really_probe", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22031", "https://git.kernel.org/linus/667f053b05f00a007738cd7ed6fa1901de19dc7e (6.15-rc1)", "https://git.kernel.org/stable/c/1181924af78e5299ddec6e457789c02dd5966559", "https://git.kernel.org/stable/c/667f053b05f00a007738cd7ed6fa1901de19dc7e", "https://git.kernel.org/stable/c/d93d309013e89631630a12b1770d27e4be78362a", "https://lore.kernel.org/linux-cve-announce/2025041656-CVE-2025-22031-b941@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22031", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22031" ], "PublishedDate": "2025-04-16T15:15:55.71Z", "LastModifiedDate": "2025-10-01T17:15:43.367Z" }, { "VulnerabilityID": "CVE-2025-22051", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22051", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: staging: gpib: Fix Oops after disconnect in agilent usb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: Fix Oops after disconnect in agilent usb\n\nIf the agilent usb dongle is disconnected subsequent calls to the\ndriver cause a NULL dereference Oops as the bus_interface\nis set to NULL on disconnect.\n\nThis problem was introduced by setting usb_dev from the bus_interface\nfor dev_xxx messages.\n\nPreviously bus_interface was checked for NULL only in the functions\ndirectly calling usb_fill_bulk_urb or usb_control_msg.\n\nCheck for valid bus_interface on all interface entry points\nand return -ENODEV if it is NULL.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22051", "https://git.kernel.org/linus/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d (6.15-rc1)", "https://git.kernel.org/stable/c/50ef6e45bec79da4c5a01fad4dc23466ba255099", "https://git.kernel.org/stable/c/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d", "https://git.kernel.org/stable/c/e88633705078f40391a9afc6cc8ea3025e6f692b", "https://lore.kernel.org/linux-cve-announce/2025041603-CVE-2025-22051-68ac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22051", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22051" ], "PublishedDate": "2025-04-16T15:15:58.547Z", "LastModifiedDate": "2025-04-29T19:03:46.9Z" }, { "VulnerabilityID": "CVE-2025-22052", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22052", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: staging: gpib: Fix Oops after disconnect in ni_usb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: Fix Oops after disconnect in ni_usb\n\nIf the usb dongle is disconnected subsequent calls to the\ndriver cause a NULL dereference Oops as the bus_interface\nis set to NULL on disconnect.\n\nThis problem was introduced by setting usb_dev from the bus_interface\nfor dev_xxx messages.\n\nPreviously bus_interface was checked for NULL only in the the functions\ndirectly calling usb_fill_bulk_urb or usb_control_msg.\n\nCheck for valid bus_interface on all interface entry points\nand return -ENODEV if it is NULL.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22052", "https://git.kernel.org/linus/a239c6e91b665f1837cf57b97fe638ef1baf2e78 (6.15-rc1)", "https://git.kernel.org/stable/c/5dc98ba6f7304c188b267ef481281849638447bf", "https://git.kernel.org/stable/c/a239c6e91b665f1837cf57b97fe638ef1baf2e78", "https://git.kernel.org/stable/c/b2d8d7959077c5d4b11d0dc6bd2167791fd1c72e", "https://lore.kernel.org/linux-cve-announce/2025041603-CVE-2025-22052-54f5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22052", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22052" ], "PublishedDate": "2025-04-16T15:15:58.65Z", "LastModifiedDate": "2025-04-29T18:50:16.49Z" }, { "VulnerabilityID": "CVE-2025-22061", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22061", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()\n\nFix the following kernel warning deleting HTB offloaded leafs and/or root\nHTB qdisc in airoha_eth driver properly reporting qid in\nairoha_tc_get_htb_get_leaf_queue routine.\n\n$tc qdisc replace dev eth1 root handle 10: htb offload\n$tc class add dev eth1 arent 10: classid 10:4 htb rate 100mbit ceil 100mbit\n$tc qdisc replace dev eth1 parent 10:4 handle 4: ets bands 8 \\\n quanta 1514 3028 4542 6056 7570 9084 10598 12112\n$tc qdisc del dev eth1 root\n\n[ 55.827864] ------------[ cut here ]------------\n[ 55.832493] WARNING: CPU: 3 PID: 2678 at 0xffffffc0798695a4\n[ 55.956510] CPU: 3 PID: 2678 Comm: tc Tainted: G O 6.6.71 #0\n[ 55.963557] Hardware name: Airoha AN7581 Evaluation Board (DT)\n[ 55.969383] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.976344] pc : 0xffffffc0798695a4\n[ 55.979851] lr : 0xffffffc079869a20\n[ 55.983358] sp : ffffffc0850536a0\n[ 55.986665] x29: ffffffc0850536a0 x28: 0000000000000024 x27: 0000000000000001\n[ 55.993800] x26: 0000000000000000 x25: ffffff8008b19000 x24: ffffff800222e800\n[ 56.000935] x23: 0000000000000001 x22: 0000000000000000 x21: ffffff8008b19000\n[ 56.008071] x20: ffffff8002225800 x19: ffffff800379d000 x18: 0000000000000000\n[ 56.015206] x17: ffffffbf9ea59000 x16: ffffffc080018000 x15: 0000000000000000\n[ 56.022342] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001\n[ 56.029478] x11: ffffffc081471008 x10: ffffffc081575a98 x9 : 0000000000000000\n[ 56.036614] x8 : ffffffc08167fd40 x7 : ffffffc08069e104 x6 : ffffff8007f86000\n[ 56.043748] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000001\n[ 56.050884] x2 : 0000000000000000 x1 : 0000000000000250 x0 : ffffff800222c000\n[ 56.058020] Call trace:\n[ 56.060459] 0xffffffc0798695a4\n[ 56.063618] 0xffffffc079869a20\n[ 56.066777] __qdisc_destroy+0x40/0xa0\n[ 56.070528] qdisc_put+0x54/0x6c\n[ 56.073748] qdisc_graft+0x41c/0x648\n[ 56.077324] tc_get_qdisc+0x168/0x2f8\n[ 56.080978] rtnetlink_rcv_msg+0x230/0x330\n[ 56.085076] netlink_rcv_skb+0x5c/0x128\n[ 56.088913] rtnetlink_rcv+0x14/0x1c\n[ 56.092490] netlink_unicast+0x1e0/0x2c8\n[ 56.096413] netlink_sendmsg+0x198/0x3c8\n[ 56.100337] ____sys_sendmsg+0x1c4/0x274\n[ 56.104261] ___sys_sendmsg+0x7c/0xc0\n[ 56.107924] __sys_sendmsg+0x44/0x98\n[ 56.111492] __arm64_sys_sendmsg+0x20/0x28\n[ 56.115580] invoke_syscall.constprop.0+0x58/0xfc\n[ 56.120285] do_el0_svc+0x3c/0xbc\n[ 56.123592] el0_svc+0x18/0x4c\n[ 56.126647] el0t_64_sync_handler+0x118/0x124\n[ 56.131005] el0t_64_sync+0x150/0x154\n[ 56.134660] ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22061", "https://git.kernel.org/linus/57b290d97c6150774bf929117ca737a26d8fc33d (6.15-rc1)", "https://git.kernel.org/stable/c/57b290d97c6150774bf929117ca737a26d8fc33d", "https://git.kernel.org/stable/c/d7f76197e49e46a8c082a6fededaa8a07e69a860", "https://lore.kernel.org/linux-cve-announce/2025041607-CVE-2025-22061-afde@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22061", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22061" ], "PublishedDate": "2025-04-16T15:15:59.58Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22069", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22069", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler\n\nNaresh Kamboju reported a \"Bad frame pointer\" kernel warning while\nrunning LTP trace ftrace_stress_test.sh in riscv. We can reproduce the\nsame issue with the following command:\n\n```\n$ cd /sys/kernel/debug/tracing\n$ echo 'f:myprobe do_nanosleep%return args1=$retval' \u003e dynamic_events\n$ echo 1 \u003e events/fprobes/enable\n$ echo 1 \u003e tracing_on\n$ sleep 1\n```\n\nAnd we can get the following kernel warning:\n\n[ 127.692888] ------------[ cut here ]------------\n[ 127.693755] Bad frame pointer: expected ff2000000065be50, received ba34c141e9594000\n[ 127.693755] from func do_nanosleep return to ffffffff800ccb16\n[ 127.698699] WARNING: CPU: 1 PID: 129 at kernel/trace/fgraph.c:755 ftrace_return_to_handler+0x1b2/0x1be\n[ 127.699894] Modules linked in:\n[ 127.700908] CPU: 1 UID: 0 PID: 129 Comm: sleep Not tainted 6.14.0-rc3-g0ab191c74642 #32\n[ 127.701453] Hardware name: riscv-virtio,qemu (DT)\n[ 127.701859] epc : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702032] ra : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702151] epc : ffffffff8013b5e0 ra : ffffffff8013b5e0 sp : ff2000000065bd10\n[ 127.702221] gp : ffffffff819c12f8 tp : ff60000080853100 t0 : 6e00000000000000\n[ 127.702284] t1 : 0000000000000020 t2 : 6e7566206d6f7266 s0 : ff2000000065bd80\n[ 127.702346] s1 : ff60000081262000 a0 : 000000000000007b a1 : ffffffff81894f20\n[ 127.702408] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000\n[ 127.702470] a5 : 0000000000000000 a6 : 0000000000000008 a7 : 0000000000000038\n[ 127.702530] s2 : ba34c141e9594000 s3 : 0000000000000000 s4 : ff2000000065bdd0\n[ 127.702591] s5 : 00007fff8adcf400 s6 : 000055556dc1d8c0 s7 : 0000000000000068\n[ 127.702651] s8 : 00007fff8adf5d10 s9 : 000000000000006d s10: 0000000000000001\n[ 127.702710] s11: 00005555737377c8 t3 : ffffffff819d899e t4 : ffffffff819d899e\n[ 127.702769] t5 : ffffffff819d89a0 t6 : ff2000000065bb18\n[ 127.702826] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003\n[ 127.703292] [\u003cffffffff8013b5e0\u003e] ftrace_return_to_handler+0x1b2/0x1be\n[ 127.703760] [\u003cffffffff80017bce\u003e] return_to_handler+0x16/0x26\n[ 127.704009] [\u003cffffffff80017bb8\u003e] return_to_handler+0x0/0x26\n[ 127.704057] [\u003cffffffff800d3352\u003e] common_nsleep+0x42/0x54\n[ 127.704117] [\u003cffffffff800d44a2\u003e] __riscv_sys_clock_nanosleep+0xba/0x10a\n[ 127.704176] [\u003cffffffff80901c56\u003e] do_trap_ecall_u+0x188/0x218\n[ 127.704295] [\u003cffffffff8090cc3e\u003e] handle_exception+0x14a/0x156\n[ 127.705436] ---[ end trace 0000000000000000 ]---\n\nThe reason is that the stack layout for constructing argument for the\nftrace_return_to_handler in the return_to_handler does not match the\n__arch_ftrace_regs structure of riscv, leading to unexpected results.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22069", "https://git.kernel.org/linus/67a5ba8f742f247bc83e46dd2313c142b1383276 (6.15-rc1)", "https://git.kernel.org/stable/c/67a5ba8f742f247bc83e46dd2313c142b1383276", "https://git.kernel.org/stable/c/78b39c587b8f6c69140177108f9c08a75b1c7c37", "https://lore.kernel.org/linux-cve-announce/2025041609-CVE-2025-22069-64d9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22069", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22069" ], "PublishedDate": "2025-04-16T15:16:01.1Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22092", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22092", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: PCI: Fix NULL dereference in SR-IOV VF creation error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix NULL dereference in SR-IOV VF creation error path\n\nClean up when virtfn setup fails to prevent NULL pointer dereference\nduring device removal. The kernel oops below occurred due to incorrect\nerror handling flow when pci_setup_device() fails.\n\nAdd pci_iov_scan_device(), which handles virtfn allocation and setup and\ncleans up if pci_setup_device() fails, so pci_iov_add_virtfn() doesn't need\nto call pci_stop_and_remove_bus_device(). This prevents accessing\npartially initialized virtfn devices during removal.\n\n BUG: kernel NULL pointer dereference, address: 00000000000000d0\n RIP: 0010:device_del+0x3d/0x3d0\n Call Trace:\n pci_remove_bus_device+0x7c/0x100\n pci_iov_add_virtfn+0xfa/0x200\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x6a/0x160 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n\n[bhelgaas: commit log, return ERR_PTR(-ENOMEM) directly]", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22092", "https://git.kernel.org/linus/04d50d953ab46d96b0b32d5ad955fceaa28622db (6.15-rc1)", "https://git.kernel.org/stable/c/04d50d953ab46d96b0b32d5ad955fceaa28622db", "https://git.kernel.org/stable/c/c67a233834b778b8c78f8b62c072ccf87a9eb6d0", "https://git.kernel.org/stable/c/ef421b4d206f0d3681804b8f94f06a8458a53aaf", "https://lore.kernel.org/linux-cve-announce/2025041617-CVE-2025-22092-e56b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22092", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22092" ], "PublishedDate": "2025-04-16T15:16:03.403Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22094", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22094", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'\n\nCommit 176cda0619b6 (\"powerpc/perf: Add perf interface to expose vpa\ncounters\") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided\nL1\u003c-\u003eL2 context switch latency counters to L1 user-space via\nperf-events. However the newly introduced PMU named 'vpa_pmu' doesn't\nassign ownership of the PMU to the module 'vpa_pmu'. Consequently the\nmodule 'vpa_pmu' can be unloaded while one of the perf-events are still\nactive, which can lead to kernel oops and panic of the form below on a\nPseries-LPAR:\n\nBUG: Kernel NULL pointer dereference on read at 0x00000058\n\u003csnip\u003e\n NIP [c000000000506cb8] event_sched_out+0x40/0x258\n LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0\n Call Trace:\n [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)\n [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0\n [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120\n\u003csnip\u003e\n Kernel panic - not syncing: Aiee, killing interrupt handler!\n\nFix this by adding the module ownership to 'vpa_pmu' so that the module\n'vpa_pmu' is ref-counted and prevented from being unloaded when perf-events\nare initialized.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22094", "https://git.kernel.org/linus/ff99d5b6a246715f2257123cdf6c4a29cb33aa78 (6.15-rc1)", "https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9", "https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa", "https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78", "https://lore.kernel.org/linux-cve-announce/2025041618-CVE-2025-22094-d447@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22094", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22094" ], "PublishedDate": "2025-04-16T15:16:03.593Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22096", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22096", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/msm/gem: Fix error code msm_parse_deps()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: Fix error code msm_parse_deps()\n\nThe SUBMIT_ERROR() macro turns the error code negative. This extra '-'\noperation turns it back to positive EINVAL again. The error code is\npassed to ERR_PTR() and since positive values are not an IS_ERR() it\neventually will lead to an oops. Delete the '-'.\n\nPatchwork: https://patchwork.freedesktop.org/patch/637625/", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22096", "https://git.kernel.org/linus/0b305b7cadce835505bd93183a599acb1f800a05 (6.15-rc1)", "https://git.kernel.org/stable/c/0b305b7cadce835505bd93183a599acb1f800a05", "https://git.kernel.org/stable/c/efe759dcf3352d8379a1adad7b4d14044a4c41a7", "https://lore.kernel.org/linux-cve-announce/2025041619-CVE-2025-22096-f14d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22096", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22096" ], "PublishedDate": "2025-04-16T15:16:03.96Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22098", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22098", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()\n\nInstead of attempting the same mutex twice, lock and unlock it.\n\nThis bug has been detected by the Clang thread-safety analyzer.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22098", "https://git.kernel.org/linus/f887685ee0eb4ef716391355568181230338f6eb (6.15-rc1)", "https://git.kernel.org/stable/c/3f988cd2f65175e79349961a43a9deb115174784", "https://git.kernel.org/stable/c/7a8d53aa5b7d2a89cda598239d08423bd66920f1", "https://git.kernel.org/stable/c/f887685ee0eb4ef716391355568181230338f6eb", "https://lore.kernel.org/linux-cve-announce/2025041620-CVE-2025-22098-ed45@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22098", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22098" ], "PublishedDate": "2025-04-16T15:16:04.183Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22099", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22099", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init\n\ndevm_kasprintf() calls can return null pointers on failure.\nBut some return values were not checked in zynqmp_audio_init().\n\nAdd NULL check in zynqmp_audio_init(), avoid referencing null\npointers in the subsequent code.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22099", "https://git.kernel.org/linus/d0660f9c588a1246a1a543c91a1e3cad910237da (6.15-rc1)", "https://git.kernel.org/stable/c/066d6f22e7d84953db6bbf2dae507401157660c6", "https://git.kernel.org/stable/c/d0660f9c588a1246a1a543c91a1e3cad910237da", "https://lore.kernel.org/linux-cve-announce/2025041620-CVE-2025-22099-3db3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22099", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22099" ], "PublishedDate": "2025-04-16T15:16:04.273Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22100", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22100", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/panthor: Fix race condition when gathering fdinfo group samples", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix race condition when gathering fdinfo group samples\n\nCommit e16635d88fa0 (\"drm/panthor: add DRM fdinfo support\") failed to\nprotect access to groups with an xarray lock, which could lead to\nuse-after-free errors.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22100", "https://git.kernel.org/linus/0590c94c3596d6c1a3d549ae611366f2ad4e1d8d (6.15-rc1)", "https://git.kernel.org/stable/c/0590c94c3596d6c1a3d549ae611366f2ad4e1d8d", "https://git.kernel.org/stable/c/6d98c83ad67e7bd86a47494fd6c3863e7bb26db9", "https://git.kernel.org/stable/c/e9d45f42a64a400adba59ee83d03e6db662530b4", "https://lore.kernel.org/linux-cve-announce/2025041620-CVE-2025-22100-a7e4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22100", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22100" ], "PublishedDate": "2025-04-16T15:16:04.363Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22105", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22105", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: bonding: check xdp prog when set bond mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: check xdp prog when set bond mode\n\nFollowing operations can trigger a warning[1]:\n\n ip netns add ns1\n ip netns exec ns1 ip link add bond0 type bond mode balance-rr\n ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp\n ip netns exec ns1 ip link set bond0 type bond mode broadcast\n ip netns del ns1\n\nWhen delete the namespace, dev_xdp_uninstall() is called to remove xdp\nprogram on bond dev, and bond_xdp_set() will check the bond mode. If bond\nmode is changed after attaching xdp program, the warning may occur.\n\nSome bond modes (broadcast, etc.) do not support native xdp. Set bond mode\nwith xdp program attached is not good. Add check for xdp program when set\nbond mode.\n\n [1]\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930\n Modules linked in:\n CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n Workqueue: netns cleanup_net\n RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930\n Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ...\n RSP: 0018:ffffc90000063d80 EFLAGS: 00000282\n RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff\n RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48\n RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb\n R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8\n R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000\n FS: 0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x54/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? bond_net_exit_batch_rtnl+0x5c/0x90\n cleanup_net+0x237/0x3d0\n process_one_work+0x163/0x390\n worker_thread+0x293/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xec/0x1e0\n ? __pfx_kthread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22105", "https://git.kernel.org/linus/094ee6017ea09c11d6af187935a949df32803ce0 (6.15-rc1)", "https://git.kernel.org/stable/c/094ee6017ea09c11d6af187935a949df32803ce0", "https://git.kernel.org/stable/c/0dd4fac43bdea23cfe4bb2a3eabb76d752ac32fb", "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22105-afef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22105", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22105" ], "PublishedDate": "2025-04-16T15:16:04.827Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22106", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22106", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: vmxnet3: unregister xdp rxq info in the reset path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: unregister xdp rxq info in the reset path\n\nvmxnet3 does not unregister xdp rxq info in the\nvmxnet3_reset_work() code path as vmxnet3_rq_destroy()\nis not invoked in this code path. So, we get below message with a\nbacktrace.\n\nMissing unregister, handled but fix driver\nWARNING: CPU:48 PID: 500 at net/core/xdp.c:182\n__xdp_rxq_info_reg+0x93/0xf0\n\nThis patch fixes the problem by moving the unregister\ncode of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22106", "https://git.kernel.org/linus/0dd765fae295832934bf28e45dd5a355e0891ed4 (6.15-rc1)", "https://git.kernel.org/stable/c/0dd765fae295832934bf28e45dd5a355e0891ed4", "https://git.kernel.org/stable/c/23da4e0bb2a38966d29db0ff90a8fe68fdfa1744", "https://git.kernel.org/stable/c/9908541a9e235b7c5e2fbdd59910eaf9c32c3075", "https://git.kernel.org/stable/c/a6157484bee3385a425d288a69e1eaf03232f5fc", "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22106-259e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22106", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22106" ], "PublishedDate": "2025-04-16T15:16:04.913Z", "LastModifiedDate": "2025-09-25T10:15:31.02Z" }, { "VulnerabilityID": "CVE-2025-22107", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22107", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()\n\nThere are actually 2 problems:\n- deleting the last element doesn't require the memmove of elements\n [i + 1, end) over it. Actually, element i+1 is out of bounds.\n- The memmove itself should move size - i - 1 elements, because the last\n element is out of bounds.\n\nThe out-of-bounds element still remains out of bounds after being\naccessed, so the problem is only that we touch it, not that it becomes\nin active use. But I suppose it can lead to issues if the out-of-bounds\nelement is part of an unmapped page.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22107", "https://git.kernel.org/linus/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481 (6.15-rc1)", "https://git.kernel.org/stable/c/59b97641de03c081f26b3a8876628c765b5faa25", "https://git.kernel.org/stable/c/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481", "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22107-1266@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22107", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22107" ], "PublishedDate": "2025-04-16T15:16:04.997Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22108", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22108", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: bnxt_en: Mask the bd_cnt field in the TX BD properly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Mask the bd_cnt field in the TX BD properly\n\nThe bd_cnt field in the TX BD specifies the total number of BDs for\nthe TX packet. The bd_cnt field has 5 bits and the maximum number\nsupported is 32 with the value 0.\n\nCONFIG_MAX_SKB_FRAGS can be modified and the total number of SKB\nfragments can approach or exceed the maximum supported by the chip.\nAdd a macro to properly mask the bd_cnt field so that the value 32\nwill be properly masked and set to 0 in the bd_cnd field.\n\nWithout this patch, the out-of-range bd_cnt value will corrupt the\nTX BD and may cause TX timeout.\n\nThe next patch will check for values exceeding 32.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22108", "https://git.kernel.org/linus/107b25db61122d8f990987895c2912927b8b6e3f (6.15-rc1)", "https://git.kernel.org/stable/c/107b25db61122d8f990987895c2912927b8b6e3f", "https://git.kernel.org/stable/c/f60b41b815826f15c4d0323f923f398c423178d0", "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22108-39f0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22108", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22108" ], "PublishedDate": "2025-04-16T15:16:05.083Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22109", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22109", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ax25: Remove broken autobind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Remove broken autobind\n\nBinding AX25 socket by using the autobind feature leads to memory leaks\nin ax25_connect() and also refcount leaks in ax25_release(). Memory\nleak was detected with kmemleak:\n\n================================================================\nunreferenced object 0xffff8880253cd680 (size 96):\nbacktrace:\n__kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43)\nkmemdup_noprof (mm/util.c:136)\nax25_rt_autobind (net/ax25/ax25_route.c:428)\nax25_connect (net/ax25/af_ax25.c:1282)\n__sys_connect_file (net/socket.c:2045)\n__sys_connect (net/socket.c:2064)\n__x64_sys_connect (net/socket.c:2067)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n================================================================\n\nWhen socket is bound, refcounts must be incremented the way it is done\nin ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of\nautobind, the refcounts are not incremented.\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de\n------------[ cut here ]------------\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\nModules linked in:\nCPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\n...\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4302 [inline]\n netdev_put include/linux/netdevice.h:4319 [inline]\n ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080\n __sock_release net/socket.c:647 [inline]\n sock_close+0xbc/0x240 net/socket.c:1398\n __fput+0x3e9/0x9f0 fs/file_table.c:464\n __do_sys_close fs/open.c:1580 [inline]\n __se_sys_close fs/open.c:1565 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1565\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nConsidering the issues above and the comments left in the code that say:\n\"check if we can remove this feature. It is broken.\"; \"autobinding in this\nmay or may not work\"; - it is better to completely remove this feature than\nto fix it because it is broken and leads to various kinds of memory bugs.\n\nNow calling connect() without first binding socket will result in an\nerror (-EINVAL). Userspace software that relies on the autobind feature\nmight get broken. However, this feature does not seem widely used with\nthis specific driver as it was not reliable at any point of time, and it\nis already broken anyway. E.g. ax25-tools and ax25-apps packages for\npopular distributions do not use the autobind feature for AF_AX25.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22109", "https://git.kernel.org/linus/2f6efbabceb6b2914ee9bafb86d9a51feae9cce8 (6.15-rc1)", "https://git.kernel.org/stable/c/2f6efbabceb6b2914ee9bafb86d9a51feae9cce8", "https://git.kernel.org/stable/c/61203fdd3e35519db9a98b6ff8983c620ffc4696", "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22109-f8e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22109", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22109" ], "PublishedDate": "2025-04-16T15:16:05.167Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22110", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22110", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error\n\nIt is possible that ctx in nfqnl_build_packet_message() could be used\nbefore it is properly initialize, which is only initialized\nby nfqnl_get_sk_secctx().\n\nThis patch corrects this problem by initializing the lsmctx to a safe\nvalue when it is declared.\n\nThis is similar to the commit 35fcac7a7c25\n(\"audit: Initialize lsmctx to avoid memory allocation error\").", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22110", "https://git.kernel.org/linus/778b09d91baafb13408470c721d034d6515cfa5a (6.15-rc1)", "https://git.kernel.org/stable/c/778b09d91baafb13408470c721d034d6515cfa5a", "https://git.kernel.org/stable/c/ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759", "https://lore.kernel.org/linux-cve-announce/2025041624-CVE-2025-22110-6a28@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22110", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22110" ], "PublishedDate": "2025-04-16T15:16:05.253Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22111", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22111", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.\n\nSIOCBRDELIF is passed to dev_ioctl() first and later forwarded to\nbr_ioctl_call(), which causes unnecessary RTNL dance and the splat\nbelow [0] under RTNL pressure.\n\nLet's say Thread A is trying to detach a device from a bridge and\nThread B is trying to remove the bridge.\n\nIn dev_ioctl(), Thread A bumps the bridge device's refcnt by\nnetdev_hold() and releases RTNL because the following br_ioctl_call()\nalso re-acquires RTNL.\n\nIn the race window, Thread B could acquire RTNL and try to remove\nthe bridge device. Then, rtnl_unlock() by Thread B will release RTNL\nand wait for netdev_put() by Thread A.\n\nThread A, however, must hold RTNL after the unlock in dev_ifsioc(),\nwhich may take long under RTNL pressure, resulting in the splat by\nThread B.\n\n Thread A (SIOCBRDELIF) Thread B (SIOCBRDELBR)\n ---------------------- ----------------------\n sock_ioctl sock_ioctl\n `- sock_do_ioctl `- br_ioctl_call\n `- dev_ioctl `- br_ioctl_stub\n |- rtnl_lock |\n |- dev_ifsioc '\n ' |- dev = __dev_get_by_name(...)\n |- netdev_hold(dev, ...) .\n / |- rtnl_unlock ------. |\n | |- br_ioctl_call `---\u003e |- rtnl_lock\n Race | | `- br_ioctl_stub |- br_del_bridge\n Window | | | |- dev = __dev_get_by_name(...)\n | | | May take long | `- br_dev_delete(dev, ...)\n | | | under RTNL pressure | `- unregister_netdevice_queue(dev, ...)\n | | | | `- rtnl_unlock\n \\ | |- rtnl_lock \u003c-' `- netdev_run_todo\n | |- ... `- netdev_run_todo\n | `- rtnl_unlock |- __rtnl_unlock\n | |- netdev_wait_allrefs_any\n |- netdev_put(dev, ...) \u003c----------------'\n Wait refcnt decrement\n and log splat below\n\nTo avoid blocking SIOCBRDELBR unnecessarily, let's not call\ndev_ioctl() for SIOCBRADDIF and SIOCBRDELIF.\n\nIn the dev_ioctl() path, we do the following:\n\n 1. Copy struct ifreq by get_user_ifreq in sock_do_ioctl()\n 2. Check CAP_NET_ADMIN in dev_ioctl()\n 3. Call dev_load() in dev_ioctl()\n 4. Fetch the master dev from ifr.ifr_name in dev_ifsioc()\n\n3. can be done by request_module() in br_ioctl_call(), so we move\n1., 2., and 4. to br_ioctl_stub().\n\nNote that 2. is also checked later in add_del_if(), but it's better\nperformed before RTNL.\n\nSIOCBRADDIF and SIOCBRDELIF have been processed in dev_ioctl() since\nthe pre-git era, and there seems to be no specific reason to process\nthem there.\n\n[0]:\nunregister_netdevice: waiting for wpan3 to become free. Usage count = 2\nref_tracker: wpan3@ffff8880662d8608 has 1/1 users at\n __netdev_tracker_alloc include/linux/netdevice.h:4282 [inline]\n netdev_hold include/linux/netdevice.h:4311 [inline]\n dev_ifsioc+0xc6a/0x1160 net/core/dev_ioctl.c:624\n dev_ioctl+0x255/0x10c0 net/core/dev_ioctl.c:826\n sock_do_ioctl+0x1ca/0x260 net/socket.c:1213\n sock_ioctl+0x23a/0x6c0 net/socket.c:1318\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x1a4/0x210 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22111", "https://git.kernel.org/linus/ed3ba9b6e280e14cc3148c1b226ba453f02fa76c (6.15-rc1)", "https://git.kernel.org/stable/c/00fe0ac64efd1f5373b3dd9f1f84b19235371e39", "https://git.kernel.org/stable/c/ed3ba9b6e280e14cc3148c1b226ba453f02fa76c", "https://lore.kernel.org/linux-cve-announce/2025041624-CVE-2025-22111-8bec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22111", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22111" ], "PublishedDate": "2025-04-16T15:16:05.347Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22114", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22114", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: btrfs: don't clobber ret in btrfs_validate_super()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't clobber ret in btrfs_validate_super()\n\nCommit 2a9bb78cfd36 (\"btrfs: validate system chunk array at\nbtrfs_validate_super()\") introduces a call to validate_sys_chunk_array()\nin btrfs_validate_super(), which clobbers the value of ret set earlier.\nThis has the effect of negating the validity checks done earlier, making\nit so btrfs could potentially try to mount invalid filesystems.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22114", "https://git.kernel.org/linus/9db9c7dd5b4e1d3205137a094805980082c37716 (6.15-rc1)", "https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716", "https://git.kernel.org/stable/c/ef6800a2015e706e9852a5ec15263fec9990d012", "https://lore.kernel.org/linux-cve-announce/2025041625-CVE-2025-22114-721d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22114", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22114" ], "PublishedDate": "2025-04-16T15:16:05.617Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22116", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22116", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: idpf: check error for register_netdev() on init", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: check error for register_netdev() on init\n\nCurrent init logic ignores the error code from register_netdev(),\nwhich will cause WARN_ON() on attempt to unregister it, if there was one,\nand there is no info for the user that the creation of the netdev failed.\n\nWARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10\n...\n[ 3707.563641] unregister_netdev+0x1c/0x30\n[ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf]\n[ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf]\n[ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf]\n[ 3707.563739] idpf_remove+0xbf/0x780 [idpf]\n[ 3707.563769] pci_device_remove+0xab/0x1e0\n[ 3707.563786] device_release_driver_internal+0x371/0x530\n[ 3707.563803] driver_detach+0xbf/0x180\n[ 3707.563816] bus_remove_driver+0x11b/0x2a0\n[ 3707.563829] pci_unregister_driver+0x2a/0x250\n\nIntroduce an error check and log the vport number and error code.\nOn removal make sure to check VPORT_REG_NETDEV flag prior to calling\nunregister and free on the netdev.\n\nAdd local variables for idx, vport_config and netdev for readability.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22116", "https://git.kernel.org/linus/680811c67906191b237bbafe7dabbbad64649b39 (6.15-rc1)", "https://git.kernel.org/stable/c/680811c67906191b237bbafe7dabbbad64649b39", "https://git.kernel.org/stable/c/89768e33752211b2240ec4c34138170c95f11f97", "https://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22116-a2f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22116", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22116" ], "PublishedDate": "2025-04-16T15:16:05.8Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22117", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22117", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()\n\nFix using the untrusted value of proto-\u003eraw.pkt_len in function\nice_vc_fdir_parse_raw() by verifying if it does not exceed the\nVIRTCHNL_MAX_SIZE_RAW_PACKET value.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22117", "https://git.kernel.org/linus/1388dd564183a5a18ec4a966748037736b5653c5 (6.15-rc1)", "https://git.kernel.org/stable/c/1388dd564183a5a18ec4a966748037736b5653c5", "https://git.kernel.org/stable/c/362f704ba73a359db9cded567e891d9a8f081875", "https://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22117-2d76@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22117", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22117" ], "PublishedDate": "2025-04-16T15:16:05.9Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22118", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22118", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ice: validate queue quanta parameters to prevent OOB access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: validate queue quanta parameters to prevent OOB access\n\nAdd queue wraparound prevention in quanta configuration.\nEnsure end_qid does not overflow by validating start_qid and num_queues.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22118", "https://git.kernel.org/linus/e2f7d3f7331b92cb820da23e8c45133305da1e63 (6.15-rc1)", "https://git.kernel.org/stable/c/4161cf3f4c11006507f4e02bedc048a215a4b81a", "https://git.kernel.org/stable/c/e2f7d3f7331b92cb820da23e8c45133305da1e63", "https://lore.kernel.org/linux-cve-announce/2025041627-CVE-2025-22118-6ba3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22118", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22118" ], "PublishedDate": "2025-04-16T15:16:06.003Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-22127", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22127", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: f2fs: fix potential deadloop in prepare_compress_overwrite()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix potential deadloop in prepare_compress_overwrite()\n\nJan Prusakowski reported a kernel hang issue as below:\n\nWhen running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I\nencountered a problem in generic/475 test where fsstress process\ngets blocked in __f2fs_write_data_pages() and the test hangs.\nThe options I used are:\n\nMKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc\nMOUNT_OPTIONS -- -o acl,user_xattr -o discard,compress_extension=* /dev/vdc /vdc\n\nINFO: task kworker/u8:0:11 blocked for more than 122 seconds.\n Not tainted 6.14.0-rc3-xfstests-lockdep #1\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/u8:0 state:D stack:0 pid:11 tgid:11 ppid:2 task_flags:0x4208160 flags:0x00004000\nWorkqueue: writeback wb_workfn (flush-253:0)\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x309/0x8e0\n schedule+0x3a/0x100\n schedule_preempt_disabled+0x15/0x30\n __mutex_lock+0x59a/0xdb0\n __f2fs_write_data_pages+0x3ac/0x400\n do_writepages+0xe8/0x290\n __writeback_single_inode+0x5c/0x360\n writeback_sb_inodes+0x22f/0x570\n wb_writeback+0xb0/0x410\n wb_do_writeback+0x47/0x2f0\n wb_workfn+0x5a/0x1c0\n process_one_work+0x223/0x5b0\n worker_thread+0x1d5/0x3c0\n kthread+0xfd/0x230\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThe root cause is: once generic/475 starts toload error table to dm\ndevice, f2fs_prepare_compress_overwrite() will loop reading compressed\ncluster pages due to IO error, meanwhile it has held .writepages lock,\nit can block all other writeback tasks.\n\nLet's fix this issue w/ below changes:\n- add f2fs_handle_page_eio() in prepare_compress_overwrite() to\ndetect IO error.\n- detect cp_error earler in f2fs_read_multi_pages().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22127", "https://git.kernel.org/linus/3147ee567dd9004a49826ddeaf0a4b12865d4409 (6.15-rc1)", "https://git.kernel.org/stable/c/3147ee567dd9004a49826ddeaf0a4b12865d4409", "https://git.kernel.org/stable/c/7215cf8ef54bdc9082dffac4662416d54961e258", "https://lore.kernel.org/linux-cve-announce/2025041630-CVE-2025-22127-81a6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22127", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22127" ], "PublishedDate": "2025-04-16T15:16:06.813Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-23129", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23129", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath11k_pci_alloc_msi(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ. This results in the\nbelow warning:\n\nWARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 free_irq+0x278/0x29c\nCall trace:\n free_irq+0x278/0x29c\n ath11k_pcic_free_irq+0x70/0x10c [ath11k]\n ath11k_pci_probe+0x800/0x820 [ath11k_pci]\n local_pci_probe+0x40/0xbc\n\nThe warning is due to not clearing the affinity hint before freeing the\nIRQs.\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath11k_pcic_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.\n\nTested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23129", "https://git.kernel.org/linus/68410c5bd381a81bcc92b808e7dc4e6b9ed25d11 (6.15-rc1)", "https://git.kernel.org/stable/c/3fc42cfcc6e336f25dee79b34e57c4a63cd652a5", "https://git.kernel.org/stable/c/68410c5bd381a81bcc92b808e7dc4e6b9ed25d11", "https://lore.kernel.org/linux-cve-announce/2025041630-CVE-2025-23129-7ada@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23129", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23129" ], "PublishedDate": "2025-04-16T15:16:07.373Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-23130", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23130", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: f2fs: fix to avoid panic once fallocation fails for pinfile", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid panic once fallocation fails for pinfile\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2746!\nCPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0\nRIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline]\nRIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876\nCall Trace:\n \u003cTASK\u003e\n __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3210\n f2fs_allocate_new_section fs/f2fs/segment.c:3224 [inline]\n f2fs_allocate_pinning_section+0xfa/0x4e0 fs/f2fs/segment.c:3238\n f2fs_expand_inode_data+0x696/0xca0 fs/f2fs/file.c:1830\n f2fs_fallocate+0x537/0xa10 fs/f2fs/file.c:1940\n vfs_fallocate+0x569/0x6e0 fs/open.c:327\n do_vfs_ioctl+0x258c/0x2e40 fs/ioctl.c:885\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x80/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent pinfile allocation may run out of free section, result in\npanic in get_new_segment(), let's expand pin_sem lock coverage to\ninclude f2fs_gc(), so that we can make sure to reclaim enough free\nspace for following allocation.\n\nIn addition, do below changes to enhance error path handling:\n- call f2fs_bug_on() only in non-pinfile allocation path in\nget_new_segment().\n- call reset_curseg_fields() to reset all fields of curseg in\nnew_curseg()", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23130", "https://git.kernel.org/linus/48ea8b200414ac69ea96f4c231f5c7ef1fbeffef (6.15-rc1)", "https://git.kernel.org/stable/c/48ea8b200414ac69ea96f4c231f5c7ef1fbeffef", "https://git.kernel.org/stable/c/9392862608d081a8346a3b841f862d732fce954b", "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23130-438d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23130", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23130" ], "PublishedDate": "2025-04-16T15:16:07.457Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-23131", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23131", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: dlm: prevent NPD when writing a positive value to event_done", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23131", "https://git.kernel.org/linus/8e2bad543eca5c25cd02cbc63d72557934d45f13 (6.15-rc1)", "https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13", "https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c", "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23131-1a88@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23131", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23131" ], "PublishedDate": "2025-04-16T15:16:07.547Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-23132", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23132", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: f2fs: quota: fix to avoid warning in dquot_writeback_dquots()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: quota: fix to avoid warning in dquot_writeback_dquots()\n\nF2FS-fs (dm-59): checkpoint=enable has some unwritten data.\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308\npc : dquot_writeback_dquots+0x2fc/0x308\nlr : f2fs_quota_sync+0xcc/0x1c4\nCall trace:\ndquot_writeback_dquots+0x2fc/0x308\nf2fs_quota_sync+0xcc/0x1c4\nf2fs_write_checkpoint+0x3d4/0x9b0\nf2fs_issue_checkpoint+0x1bc/0x2c0\nf2fs_sync_fs+0x54/0x150\nf2fs_do_sync_file+0x2f8/0x814\n__f2fs_ioctl+0x1960/0x3244\nf2fs_ioctl+0x54/0xe0\n__arm64_sys_ioctl+0xa8/0xe4\ninvoke_syscall+0x58/0x114\n\ncheckpoint and f2fs_remount may race as below, resulting triggering warning\nin dquot_writeback_dquots().\n\natomic write remount\n - do_remount\n - down_write(\u0026sb-\u003es_umount);\n - f2fs_remount\n- ioctl\n - f2fs_do_sync_file\n - f2fs_sync_fs\n - f2fs_write_checkpoint\n - block_operations\n - locked = down_read_trylock(\u0026sbi-\u003esb-\u003es_umount)\n : fail to lock due to the write lock was held by remount\n - up_write(\u0026sb-\u003es_umount);\n - f2fs_quota_sync\n - dquot_writeback_dquots\n - WARN_ON_ONCE(!rwsem_is_locked(\u0026sb-\u003es_umount))\n : trigger warning because s_umount lock was unlocked by remount\n\nIf checkpoint comes from mount/umount/remount/freeze/quotactl, caller of\ncheckpoint has already held s_umount lock, calling dquot_writeback_dquots()\nin the context should be safe.\n\nSo let's record task to sbi-\u003eumount_lock_holder, so that checkpoint can\nknow whether the lock has held in the context or not by checking current\nw/ it.\n\nIn addition, in order to not misrepresent caller of checkpoint, we should\nnot allow to trigger async checkpoint for those callers: mount/umount/remount/\nfreeze/quotactl.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23132", "https://git.kernel.org/linus/eb85c2410d6f581e957cd03a644ff6ddbe592af9 (6.15-rc1)", "https://git.kernel.org/stable/c/d7acf0a6c87aa282c86a36dbaa2f92fda88c5884", "https://git.kernel.org/stable/c/eb85c2410d6f581e957cd03a644ff6ddbe592af9", "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23132-cbf9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23132", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23132" ], "PublishedDate": "2025-04-16T15:16:07.63Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-23135", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23135", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: RISC-V: KVM: Teardown riscv specific bits after kvm_exit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: KVM: Teardown riscv specific bits after kvm_exit\n\nDuring a module removal, kvm_exit invokes arch specific disable\ncall which disables AIA. However, we invoke aia_exit before kvm_exit\nresulting in the following warning. KVM kernel module can't be inserted\nafterwards due to inconsistent state of IRQ.\n\n[25469.031389] percpu IRQ 31 still enabled on CPU0!\n[25469.031732] WARNING: CPU: 3 PID: 943 at kernel/irq/manage.c:2476 __free_percpu_irq+0xa2/0x150\n[25469.031804] Modules linked in: kvm(-)\n[25469.031848] CPU: 3 UID: 0 PID: 943 Comm: rmmod Not tainted 6.14.0-rc5-06947-g91c763118f47-dirty #2\n[25469.031905] Hardware name: riscv-virtio,qemu (DT)\n[25469.031928] epc : __free_percpu_irq+0xa2/0x150\n[25469.031976] ra : __free_percpu_irq+0xa2/0x150\n[25469.032197] epc : ffffffff8007db1e ra : ffffffff8007db1e sp : ff2000000088bd50\n[25469.032241] gp : ffffffff8131cef8 tp : ff60000080b96400 t0 : ff2000000088baf8\n[25469.032285] t1 : fffffffffffffffc t2 : 5249207570637265 s0 : ff2000000088bd90\n[25469.032329] s1 : ff60000098b21080 a0 : 037d527a15eb4f00 a1 : 037d527a15eb4f00\n[25469.032372] a2 : 0000000000000023 a3 : 0000000000000001 a4 : ffffffff8122dbf8\n[25469.032410] a5 : 0000000000000fff a6 : 0000000000000000 a7 : ffffffff8122dc10\n[25469.032448] s2 : ff60000080c22eb0 s3 : 0000000200000022 s4 : 000000000000001f\n[25469.032488] s5 : ff60000080c22e00 s6 : ffffffff80c351c0 s7 : 0000000000000000\n[25469.032582] s8 : 0000000000000003 s9 : 000055556b7fb490 s10: 00007ffff0e12fa0\n[25469.032621] s11: 00007ffff0e13e9a t3 : ffffffff81354ac7 t4 : ffffffff81354ac7\n[25469.032664] t5 : ffffffff81354ac8 t6 : ffffffff81354ac7\n[25469.032698] status: 0000000200000100 badaddr: ffffffff8007db1e cause: 0000000000000003\n[25469.032738] [\u003cffffffff8007db1e\u003e] __free_percpu_irq+0xa2/0x150\n[25469.032797] [\u003cffffffff8007dbfc\u003e] free_percpu_irq+0x30/0x5e\n[25469.032856] [\u003cffffffff013a57dc\u003e] kvm_riscv_aia_exit+0x40/0x42 [kvm]\n[25469.033947] [\u003cffffffff013b4e82\u003e] cleanup_module+0x10/0x32 [kvm]\n[25469.035300] [\u003cffffffff8009b150\u003e] __riscv_sys_delete_module+0x18e/0x1fc\n[25469.035374] [\u003cffffffff8000c1ca\u003e] syscall_handler+0x3a/0x46\n[25469.035456] [\u003cffffffff809ec9a4\u003e] do_trap_ecall_u+0x72/0x134\n[25469.035536] [\u003cffffffff809f5e18\u003e] handle_exception+0x148/0x156\n\nInvoke aia_exit and other arch specific cleanup functions after kvm_exit\nso that disable gets a chance to be called first before exit.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23135", "https://git.kernel.org/linus/2d117e67f318303f6ab699a5511d1fac3f170545 (6.15-rc1)", "https://git.kernel.org/stable/c/1521cc04f0b6e737ff30105aa57fa9dde8493231", "https://git.kernel.org/stable/c/1edb2de48616b11ee05e9a65d74c70abcb6d9939", "https://git.kernel.org/stable/c/2d117e67f318303f6ab699a5511d1fac3f170545", "https://lore.kernel.org/linux-cve-announce/2025041633-CVE-2025-23135-b4dd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23135", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23135" ], "PublishedDate": "2025-04-16T15:16:07.883Z", "LastModifiedDate": "2025-04-17T20:22:16.24Z" }, { "VulnerabilityID": "CVE-2025-37743", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37743", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath12k: Avoid memory leak while enabling statistics", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid memory leak while enabling statistics\n\nDriver uses monitor destination rings for extended statistics mode and\nstandalone monitor mode. In extended statistics mode, TLVs are parsed from\nthe buffer received from the monitor destination ring and assigned to the\nppdu_info structure to update per-packet statistics. In standalone monitor\nmode, along with per-packet statistics, the packet data (payload) is\ncaptured, and the driver updates per MSDU to mac80211.\n\nWhen the AP interface is enabled, only extended statistics mode is\nactivated. As part of enabling monitor rings for collecting statistics,\nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter\nconfiguration. This TLV is received from the monitor destination ring, and\nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a\nmemory leak. The kzalloc for the mon_mpdu object is only required while\nenabling the standalone monitor interface. This causes a memory leak while\nenabling extended statistics mode in the driver.\n\nFix this memory leak by removing the kzalloc for the mon_mpdu object in\nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone\nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs.\nThese TLV tags will be handled properly when enabling standalone monitor\nmode in the future.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37743", "https://git.kernel.org/linus/ecfc131389923405be8e7a6f4408fd9321e4d19b (6.15-rc1)", "https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c", "https://git.kernel.org/stable/c/ecfc131389923405be8e7a6f4408fd9321e4d19b", "https://lore.kernel.org/linux-cve-announce/2025050134-CVE-2025-37743-35a7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37743", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37743" ], "PublishedDate": "2025-05-01T13:15:53Z", "LastModifiedDate": "2025-05-02T13:53:20.943Z" }, { "VulnerabilityID": "CVE-2025-37746", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37746", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: perf/dwc_pcie: fix duplicate pci_dev devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/dwc_pcie: fix duplicate pci_dev devices\n\nDuring platform_device_register, wrongly using struct device\npci_dev as platform_data caused a kmemdup copy of pci_dev. Worse\nstill, accessing the duplicated device leads to list corruption as its\nmutex content (e.g., list, magic) remains the same as the original.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37746", "https://git.kernel.org/linus/7f35b429802a8065aa61e2a3f567089649f4d98e (6.15-rc1)", "https://git.kernel.org/stable/c/7f35b429802a8065aa61e2a3f567089649f4d98e", "https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9", "https://lore.kernel.org/linux-cve-announce/2025050135-CVE-2025-37746-2d53@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37746", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37746" ], "PublishedDate": "2025-05-01T13:15:53.313Z", "LastModifiedDate": "2025-05-02T13:53:20.943Z" }, { "VulnerabilityID": "CVE-2025-37860", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37860", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: sfc: fix NULL dereferences in ef100_process_design_param()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix NULL dereferences in ef100_process_design_param()\n\nSince cited commit, ef100_probe_main() and hence also\n ef100_check_design_params() run before efx-\u003enet_dev is created;\n consequently, we cannot netif_set_tso_max_size() or _segs() at this\n point.\nMove those netif calls to ef100_probe_netdev(), and also replace\n netif_err within the design params code with pci_err.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37860", "https://git.kernel.org/linus/8241ecec1cdc6699ae197d52d58e76bddd995fa5 (6.15-rc1)", "https://git.kernel.org/stable/c/8241ecec1cdc6699ae197d52d58e76bddd995fa5", "https://git.kernel.org/stable/c/e56391011381d6d029da377a65ac314cb3d5def2", "https://lore.kernel.org/linux-cve-announce/2025041816-CVE-2025-37860-9af2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37860", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37860" ], "PublishedDate": "2025-04-18T07:15:42.883Z", "LastModifiedDate": "2025-10-01T17:15:45.527Z" }, { "VulnerabilityID": "CVE-2025-37966", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37966", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL\n\nWhen userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not\navailable, the kernel crashes:\n\nOops - illegal instruction [#1]\n [snip]\nepc : set_tagged_addr_ctrl+0x112/0x15a\n ra : set_tagged_addr_ctrl+0x74/0x15a\nepc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10\n [snip]\nstatus: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002\n set_tagged_addr_ctrl+0x112/0x15a\n __riscv_sys_prctl+0x352/0x73c\n do_trap_ecall_u+0x17c/0x20c\n andle_exception+0x150/0x15c\n\nFix it by checking if Supm is available.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37966", "https://git.kernel.org/linus/ae08d55807c099357c047dba17624b09414635dd (6.15-rc6)", "https://git.kernel.org/stable/c/4b595a2f5656cd45d534ed2160c94f7662adefe5", "https://git.kernel.org/stable/c/ae08d55807c099357c047dba17624b09414635dd", "https://lore.kernel.org/linux-cve-announce/2025052045-CVE-2025-37966-8d4c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37966", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://www.cve.org/CVERecord?id=CVE-2025-37966" ], "PublishedDate": "2025-05-20T17:15:47.02Z", "LastModifiedDate": "2025-05-21T20:24:58.133Z" }, { "VulnerabilityID": "CVE-2025-38132", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38132", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: coresight: holding cscfg_csdev_lock while removing cscfg from csdev", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere'll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list's\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38132", "https://git.kernel.org/linus/53b9e2659719b04f5ba7593f2af0f2335f75e94a (6.16-rc1)", "https://git.kernel.org/stable/c/42f8afb0b161631fd1d814d017f75f955475ad41", "https://git.kernel.org/stable/c/53b9e2659719b04f5ba7593f2af0f2335f75e94a", "https://lore.kernel.org/linux-cve-announce/2025070331-CVE-2025-38132-bfc9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38132", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38132" ], "PublishedDate": "2025-07-03T09:15:27.563Z", "LastModifiedDate": "2025-07-03T15:13:53.147Z" }, { "VulnerabilityID": "CVE-2025-38187", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38187", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller's RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller's container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38187", "https://git.kernel.org/linus/9802f0a63b641f4cddb2139c814c2e95cb825099 (6.16-rc3)", "https://git.kernel.org/stable/c/9802f0a63b641f4cddb2139c814c2e95cb825099", "https://git.kernel.org/stable/c/cd4677407c0ee250fc21e36439c8a442ddd62cc1", "https://lore.kernel.org/linux-cve-announce/2025070413-CVE-2025-38187-dafd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38187", "https://www.cve.org/CVERecord?id=CVE-2025-38187" ], "PublishedDate": "2025-07-04T14:15:25.64Z", "LastModifiedDate": "2025-07-08T16:18:53.607Z" }, { "VulnerabilityID": "CVE-2025-38199", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38199", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak due to multiple rx_stats allocation\n\nrx_stats for each arsta is allocated when adding a station.\narsta-\u003erx_stats will be freed when a station is removed.\n\nRedundant allocations are occurring when the same station is added\nmultiple times. This causes ath12k_mac_station_add() to be called\nmultiple times, and rx_stats is allocated each time. As a result there\nis memory leaks.\n\nPrevent multiple allocations of rx_stats when ath12k_mac_station_add()\nis called repeatedly by checking if rx_stats is already allocated\nbefore allocating again. Allocate arsta-\u003erx_stats if arsta-\u003erx_stats\nis NULL respectively.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38199", "https://git.kernel.org/linus/c426497fa2055c8005196922e7d29c41d7e0948a (6.16-rc1)", "https://git.kernel.org/stable/c/232f962ae5fca98912a719e64b4964a5aec7c99b", "https://git.kernel.org/stable/c/c426497fa2055c8005196922e7d29c41d7e0948a", "https://lore.kernel.org/linux-cve-announce/2025070417-CVE-2025-38199-287e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38199", "https://www.cve.org/CVERecord?id=CVE-2025-38199" ], "PublishedDate": "2025-07-04T14:15:27.707Z", "LastModifiedDate": "2025-07-08T16:18:53.607Z" }, { "VulnerabilityID": "CVE-2025-38205", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38205", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid divide by zero by initializing dummy pitch to 1\n\n[Why]\nIf the dummy values in `populate_dummy_dml_surface_cfg()` aren't updated\nthen they can lead to a divide by zero in downstream callers like\nCalculateVMAndRowBytes()\n\n[How]\nInitialize dummy value to a value to avoid divide by zero.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38205", "https://git.kernel.org/linus/7e40f64896e8e3dca471e287672db5ace12ea0be (6.16-rc1)", "https://git.kernel.org/stable/c/7e40f64896e8e3dca471e287672db5ace12ea0be", "https://git.kernel.org/stable/c/8044f981b2cf8c32fe1bd5d1fc991552cdf7ffe0", "https://lore.kernel.org/linux-cve-announce/2025070419-CVE-2025-38205-0316@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38205", "https://www.cve.org/CVERecord?id=CVE-2025-38205" ], "PublishedDate": "2025-07-04T14:15:28.54Z", "LastModifiedDate": "2025-07-08T16:18:53.607Z" }, { "VulnerabilityID": "CVE-2025-38207", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38207", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mm: fix uprobe pte be overwritten when expanding vma", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix uprobe pte be overwritten when expanding vma\n\nPatch series \"Fix uprobe pte be overwritten when expanding vma\".\n\n\nThis patch (of 4):\n\nWe encountered a BUG alert triggered by Syzkaller as follows:\n BUG: Bad rss-counter state mm:00000000b4a60fca type:MM_ANONPAGES val:1\n\nAnd we can reproduce it with the following steps:\n1. register uprobe on file at zero offset\n2. mmap the file at zero offset:\n addr1 = mmap(NULL, 2 * 4096, PROT_NONE, MAP_PRIVATE, fd, 0);\n3. mremap part of vma1 to new vma2:\n addr2 = mremap(addr1, 4096, 2 * 4096, MREMAP_MAYMOVE);\n4. mremap back to orig addr1:\n mremap(addr2, 4096, 4096, MREMAP_MAYMOVE | MREMAP_FIXED, addr1);\n\nIn step 3, the vma1 range [addr1, addr1 + 4096] will be remap to new vma2\nwith range [addr2, addr2 + 8192], and remap uprobe anon page from the vma1\nto vma2, then unmap the vma1 range [addr1, addr1 + 4096].\n\nIn step 4, the vma2 range [addr2, addr2 + 4096] will be remap back to the\naddr range [addr1, addr1 + 4096]. Since the addr range [addr1 + 4096,\naddr1 + 8192] still maps the file, it will take vma_merge_new_range to\nexpand the range, and then do uprobe_mmap in vma_complete. Since the\nmerged vma pgoff is also zero offset, it will install uprobe anon page to\nthe merged vma. However, the upcomming move_page_tables step, which use\nset_pte_at to remap the vma2 uprobe pte to the merged vma, will overwrite\nthe newly uprobe pte in the merged vma, and lead that pte to be orphan.\n\nSince the uprobe pte will be remapped to the merged vma, we can remove the\nunnecessary uprobe_mmap upon merged vma.\n\nThis problem was first found in linux-6.6.y and also exists in the\ncommunity syzkaller:\nhttps://lore.kernel.org/all/000000000000ada39605a5e71711@google.com/T/", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38207", "https://git.kernel.org/linus/2b12d06c37fd3a394376f42f026a7478d826ed63 (6.16-rc1)", "https://git.kernel.org/stable/c/2b12d06c37fd3a394376f42f026a7478d826ed63", "https://git.kernel.org/stable/c/58b83b9a9a929611a2a2e7d88f45cb0d786b7ee0", "https://lore.kernel.org/linux-cve-announce/2025070420-CVE-2025-38207-e2ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38207", "https://www.cve.org/CVERecord?id=CVE-2025-38207" ], "PublishedDate": "2025-07-04T14:15:28.823Z", "LastModifiedDate": "2025-07-08T16:18:53.607Z" }, { "VulnerabilityID": "CVE-2025-38234", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38234", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: sched/rt: Fix race in push_rt_task", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Fix race in push_rt_task\n\nOverview\n========\nWhen a CPU chooses to call push_rt_task and picks a task to push to\nanother CPU's runqueue then it will call find_lock_lowest_rq method\nwhich would take a double lock on both CPUs' runqueues. If one of the\nlocks aren't readily available, it may lead to dropping the current\nrunqueue lock and reacquiring both the locks at once. During this window\nit is possible that the task is already migrated and is running on some\nother CPU. These cases are already handled. However, if the task is\nmigrated and has already been executed and another CPU is now trying to\nwake it up (ttwu) such that it is queued again on the runqeue\n(on_rq is 1) and also if the task was run by the same CPU, then the\ncurrent checks will pass even though the task was migrated out and is no\nlonger in the pushable tasks list.\n\nCrashes\n=======\nThis bug resulted in quite a few flavors of crashes triggering kernel\npanics with various crash signatures such as assert failures, page\nfaults, null pointer dereferences, and queue corruption errors all\ncoming from scheduler itself.\n\nSome of the crashes:\n-\u003e kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u003e= MAX_RT_PRIO)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? pick_next_task_rt+0x6e/0x1d0\n ? do_error_trap+0x64/0xa0\n ? pick_next_task_rt+0x6e/0x1d0\n ? exc_invalid_op+0x4c/0x60\n ? pick_next_task_rt+0x6e/0x1d0\n ? asm_exc_invalid_op+0x12/0x20\n ? pick_next_task_rt+0x6e/0x1d0\n __schedule+0x5cb/0x790\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: kernel NULL pointer dereference, address: 00000000000000c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? __warn+0x8a/0xe0\n ? exc_page_fault+0x3d6/0x520\n ? asm_exc_page_fault+0x1e/0x30\n ? pick_next_task_rt+0xb5/0x1d0\n ? pick_next_task_rt+0x8c/0x1d0\n __schedule+0x583/0x7e0\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: unable to handle page fault for address: ffff9464daea5900\n kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u003ecpu != task_cpu(p))\n\n-\u003e kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u003enr_running)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? do_error_trap+0x64/0xa0\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? exc_invalid_op+0x4c/0x60\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? asm_exc_invalid_op+0x12/0x20\n ? dequeue_top_rt_rq+0xa2/0xb0\n dequeue_rt_entity+0x1f/0x70\n dequeue_task_rt+0x2d/0x70\n __schedule+0x1a8/0x7e0\n ? blk_finish_plug+0x25/0x40\n schedule+0x3c/0xb0\n futex_wait_queue_me+0xb6/0x120\n futex_wait+0xd9/0x240\n do_futex+0x344/0xa90\n ? get_mm_exe_file+0x30/0x60\n ? audit_exe_compare+0x58/0x70\n ? audit_filter_rules.constprop.26+0x65e/0x1220\n __x64_sys_futex+0x148/0x1f0\n do_syscall_64+0x30/0x80\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\n\n-\u003e BUG: unable to handle page fault for address: ffff8cf3608bc2c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? spurious_kernel_fault+0x171/0x1c0\n ? exc_page_fault+0x3b6/0x520\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? asm_exc_page_fault+0x1e/0x30\n ? _cond_resched+0x15/0x30\n ? futex_wait_queue_me+0xc8/0x120\n ? futex_wait+0xd9/0x240\n ? try_to_wake_up+0x1b8/0x490\n ? futex_wake+0x78/0x160\n ? do_futex+0xcd/0xa90\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? plist_del+0x6a/0xd0\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? dequeue_pushable_task+0x20/0x70\n ? __schedule+0x382/0x7e0\n ? asm_sysvec_reschedule_i\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38234", "https://git.kernel.org/linus/690e47d1403e90b7f2366f03b52ed3304194c793 (6.16-rc1)", "https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d", "https://git.kernel.org/stable/c/690e47d1403e90b7f2366f03b52ed3304194c793", "https://lore.kernel.org/linux-cve-announce/2025070430-CVE-2025-38234-6984@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38234", "https://www.cve.org/CVERecord?id=CVE-2025-38234" ], "PublishedDate": "2025-07-04T14:15:33.087Z", "LastModifiedDate": "2025-07-08T16:18:53.607Z" }, { "VulnerabilityID": "CVE-2025-38237", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38237", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()\n\nIn fimc_is_hw_change_mode(), the function changes camera modes without\nwaiting for hardware completion, risking corrupted data or system hangs\nif subsequent operations proceed before the hardware is ready.\n\nAdd fimc_is_hw_wait_intmsr0_intmsd0() after mode configuration, ensuring\nhardware state synchronization and stable interrupt handling.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38237", "https://git.kernel.org/linus/bd9f6ce7d512fa21249415c16af801a4ed5d97b6 (6.16-rc1)", "https://git.kernel.org/stable/c/14acbb5af101b7bb58c0952949bba4c5fdf0ee7e", "https://git.kernel.org/stable/c/b0d92b94278561f43057003a73a17ce13b7c1a1a", "https://git.kernel.org/stable/c/bb97dfab7615fea97322b8a6131546e80f878a69", "https://git.kernel.org/stable/c/bd9f6ce7d512fa21249415c16af801a4ed5d97b6", "https://git.kernel.org/stable/c/e4077a10a25560ec0bd0b42322e4ea027d6f76e2", "https://lore.kernel.org/linux-cve-announce/2025070807-CVE-2025-38237-68e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38237", "https://ubuntu.com/security/notices/USN-7774-1", "https://ubuntu.com/security/notices/USN-7774-2", "https://ubuntu.com/security/notices/USN-7774-3", "https://ubuntu.com/security/notices/USN-7774-4", "https://ubuntu.com/security/notices/USN-7774-5", "https://ubuntu.com/security/notices/USN-7775-1", "https://ubuntu.com/security/notices/USN-7775-2", "https://ubuntu.com/security/notices/USN-7775-3", "https://ubuntu.com/security/notices/USN-7776-1", "https://www.cve.org/CVERecord?id=CVE-2025-38237" ], "PublishedDate": "2025-07-08T08:15:21.87Z", "LastModifiedDate": "2025-07-08T16:18:14.207Z" }, { "VulnerabilityID": "CVE-2025-38261", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38261", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: riscv: save the SR_SUM status over switches", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: save the SR_SUM status over switches\n\nWhen threads/tasks are switched we need to ensure the old execution's\nSR_SUM state is saved and the new thread has the old SR_SUM state\nrestored.\n\nThe issue was seen under heavy load especially with the syz-stress tool\nrunning, with crashes as follows in schedule_tail:\n\nUnable to handle kernel access to user memory without uaccess routines\nat virtual address 000000002749f0d0\nOops [#1]\nModules linked in:\nCPU: 1 PID: 4875 Comm: syz-executor.0 Not tainted\n5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0\nHardware name: riscv-virtio,qemu (DT)\nepc : schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n ra : task_pid_vnr include/linux/sched.h:1421 [inline]\n ra : schedule_tail+0x70/0xb2 kernel/sched/core.c:4264\nepc : ffffffe00008c8b0 ra : ffffffe00008c8ae sp : ffffffe025d17ec0\n gp : ffffffe005d25378 tp : ffffffe00f0d0000 t0 : 0000000000000000\n t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe025d17ee0\n s1 : 000000002749f0d0 a0 : 000000000000002a a1 : 0000000000000003\n a2 : 1ffffffc0cfac500 a3 : ffffffe0000c80cc a4 : 5ae9db91c19bbe00\n a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe000082eba\n s2 : 0000000000040000 s3 : ffffffe00eef96c0 s4 : ffffffe022c77fe0\n s5 : 0000000000004000 s6 : ffffffe067d74e00 s7 : ffffffe067d74850\n s8 : ffffffe067d73e18 s9 : ffffffe067d74e00 s10: ffffffe00eef96e8\n s11: 000000ae6cdf8368 t3 : 5ae9db91c19bbe00 t4 : ffffffc4043cafb2\n t5 : ffffffc4043cafba t6 : 0000000000040000\nstatus: 0000000000000120 badaddr: 000000002749f0d0 cause:\n000000000000000f\nCall Trace:\n[\u003cffffffe00008c8b0\u003e] schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n[\u003cffffffe000005570\u003e] ret_from_exception+0x0/0x14\nDumping ftrace buffer:\n (ftrace buffer empty)\n---[ end trace b5f8f9231dc87dda ]---\n\nThe issue comes from the put_user() in schedule_tail\n(kernel/sched/core.c) doing the following:\n\nasmlinkage __visible void schedule_tail(struct task_struct *prev)\n{\n...\n if (current-\u003eset_child_tid)\n put_user(task_pid_vnr(current), current-\u003eset_child_tid);\n...\n}\n\nthe put_user() macro causes the code sequence to come out as follows:\n\n1:\t__enable_user_access()\n2:\treg = task_pid_vnr(current);\n3:\t*current-\u003eset_child_tid = reg;\n4:\t__disable_user_access()\n\nThe problem is that we may have a sleeping function as argument which\ncould clear SR_SUM causing the panic above. This was fixed by\nevaluating the argument of the put_user() macro outside the user-enabled\nsection in commit 285a76bb2cf5 (\"riscv: evaluate put_user() arg before\nenabling user access\")\"\n\nIn order for riscv to take advantage of unsafe_get/put_XXX() macros and\nto avoid the same issue we had with put_user() and sleeping functions we\nmust ensure code flow can go through switch_to() from within a region of\ncode with SR_SUM enabled and come back with SR_SUM still enabled. This\npatch addresses the problem allowing future work to enable full use of\nunsafe_get/put_XXX() macros without needing to take a CSR bit flip cost\non every access. Make switch_to() save and restore SR_SUM.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38261", "https://git.kernel.org/linus/788aa64c01f1262310b4c1fb827a36df170d86ea (6.16-rc1)", "https://git.kernel.org/stable/c/69ea599a8dab93a620c92c255be4239a06290a77", "https://git.kernel.org/stable/c/788aa64c01f1262310b4c1fb827a36df170d86ea", "https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38261-54c0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38261", "https://www.cve.org/CVERecord?id=CVE-2025-38261" ], "PublishedDate": "2025-07-09T11:15:28.46Z", "LastModifiedDate": "2025-07-10T13:17:30.017Z" }, { "VulnerabilityID": "CVE-2025-38284", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38284", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: rtw89: pci: configure manual DAC mode via PCI config API only", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: pci: configure manual DAC mode via PCI config API only\n\nTo support 36-bit DMA, configure chip proprietary bit via PCI config API\nor chip DBI interface. However, the PCI device mmap isn't set yet and\nthe DBI is also inaccessible via mmap, so only if the bit can be accessible\nvia PCI config API, chip can support 36-bit DMA. Otherwise, fallback to\n32-bit DMA.\n\nWith NULL mmap address, kernel throws trace:\n\n BUG: unable to handle page fault for address: 0000000000001090\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 71 Comm: irq/26-pciehp Tainted: G OE 6.14.2-061402-generic #202504101348\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n RIP: 0010:rtw89_pci_ops_write16+0x12/0x30 [rtw89_pci]\n RSP: 0018:ffffb0ffc0acf9d8 EFLAGS: 00010206\n RAX: ffffffffc158f9c0 RBX: ffff94865e702020 RCX: 0000000000000000\n RDX: 0000000000000718 RSI: 0000000000001090 RDI: ffff94865e702020\n RBP: ffffb0ffc0acf9d8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000015\n R13: 0000000000000719 R14: ffffb0ffc0acfa1f R15: ffffffffc1813060\n FS: 0000000000000000(0000) GS:ffff9486f3480000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000001090 CR3: 0000000090440001 CR4: 00000000000626f0\n Call Trace:\n \u003cTASK\u003e\n rtw89_pci_read_config_byte+0x6d/0x120 [rtw89_pci]\n rtw89_pci_cfg_dac+0x5b/0xb0 [rtw89_pci]\n rtw89_pci_probe+0xa96/0xbd0 [rtw89_pci]\n ? __pfx___device_attach_driver+0x10/0x10\n ? __pfx___device_attach_driver+0x10/0x10\n local_pci_probe+0x47/0xa0\n pci_call_probe+0x5d/0x190\n pci_device_probe+0xa7/0x160\n really_probe+0xf9/0x370\n ? pm_runtime_barrier+0x55/0xa0\n __driver_probe_device+0x8c/0x140\n driver_probe_device+0x24/0xd0\n __device_attach_driver+0xcd/0x170\n bus_for_each_drv+0x99/0x100\n __device_attach+0xb4/0x1d0\n device_attach+0x10/0x20\n pci_bus_add_device+0x59/0x90\n pci_bus_add_devices+0x31/0x80\n pciehp_configure_device+0xaa/0x170\n pciehp_enable_slot+0xd6/0x240\n pciehp_handle_presence_or_link_change+0xf1/0x180\n pciehp_ist+0x162/0x1c0\n irq_thread_fn+0x24/0x70\n irq_thread+0xef/0x1c0\n ? __pfx_irq_thread_fn+0x10/0x10\n ? __pfx_irq_thread_dtor+0x10/0x10\n ? __pfx_irq_thread+0x10/0x10\n kthread+0xfc/0x230\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x47/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38284", "https://git.kernel.org/linus/a70cf04b08f44f41bce14659aa7012674b15d9de (6.16-rc1)", "https://git.kernel.org/stable/c/a70cf04b08f44f41bce14659aa7012674b15d9de", "https://git.kernel.org/stable/c/e1e0f046041474004dc6ebce5ce1d3e86556291d", "https://lore.kernel.org/linux-cve-announce/2025071010-CVE-2025-38284-1574@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38284", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38284" ], "PublishedDate": "2025-07-10T08:15:26.857Z", "LastModifiedDate": "2025-07-10T13:17:30.017Z" }, { "VulnerabilityID": "CVE-2025-38359", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38359", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: s390/mm: Fix in_atomic() handling in do_secure_storage_access()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Fix in_atomic() handling in do_secure_storage_access()\n\nKernel user spaces accesses to not exported pages in atomic context\nincorrectly try to resolve the page fault.\nWith debug options enabled call traces like this can be seen:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39\npreempt_count: 1, expected: 0\nRCU nest depth: 0, expected: 0\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003c00000383ea47cfa2\u003e] copy_page_from_iter_atomic+0xa2/0x8a0\nCPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39\nTainted: G W 6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT\nTainted: [W]=WARN\nHardware name: IBM 3931 A01 703 (LPAR)\nCall Trace:\n [\u003c00000383e990d282\u003e] dump_stack_lvl+0xa2/0xe8\n [\u003c00000383e99bf152\u003e] __might_resched+0x292/0x2d0\n [\u003c00000383eaa7c374\u003e] down_read+0x34/0x2d0\n [\u003c00000383e99432f8\u003e] do_secure_storage_access+0x108/0x360\n [\u003c00000383eaa724b0\u003e] __do_pgm_check+0x130/0x220\n [\u003c00000383eaa842e4\u003e] pgm_check_handler+0x114/0x160\n [\u003c00000383ea47d028\u003e] copy_page_from_iter_atomic+0x128/0x8a0\n([\u003c00000383ea47d016\u003e] copy_page_from_iter_atomic+0x116/0x8a0)\n [\u003c00000383e9c45eae\u003e] generic_perform_write+0x16e/0x310\n [\u003c00000383e9eb87f4\u003e] ext4_buffered_write_iter+0x84/0x160\n [\u003c00000383e9da0de4\u003e] vfs_write+0x1c4/0x460\n [\u003c00000383e9da123c\u003e] ksys_write+0x7c/0x100\n [\u003c00000383eaa7284e\u003e] __do_syscall+0x15e/0x280\n [\u003c00000383eaa8417e\u003e] system_call+0x6e/0x90\nINFO: lockdep is turned off.\n\nIt is not allowed to take the mmap_lock while in atomic context. Therefore\nhandle such a secure storage access fault as if the accessed page is not\nmapped: the uaccess function will return -EFAULT, and the caller has to\ndeal with this. Usually this means that the access is retried in process\ncontext, which allows to resolve the page fault (or in this case export the\npage).", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38359", "https://git.kernel.org/linus/11709abccf93b08adde95ef313c300b0d4bc28f1 (6.16-rc1)", "https://git.kernel.org/stable/c/11709abccf93b08adde95ef313c300b0d4bc28f1", "https://git.kernel.org/stable/c/d2e317dfd2d1fe416c77315d17c5d57dbe374915", "https://lore.kernel.org/linux-cve-announce/2025072556-CVE-2025-38359-8cda@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38359", "https://www.cve.org/CVERecord?id=CVE-2025-38359" ], "PublishedDate": "2025-07-25T13:15:24.687Z", "LastModifiedDate": "2025-07-25T15:29:19.837Z" }, { "VulnerabilityID": "CVE-2025-38421", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38421", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: platform/x86/amd: pmf: Use device managed allocations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: pmf: Use device managed allocations\n\nIf setting up smart PC fails for any reason then this can lead to\na double free when unloading amd-pmf. This is because dev-\u003ebuf was\nfreed but never set to NULL and is again freed in amd_pmf_remove().\n\nTo avoid subtle allocation bugs in failures leading to a double free\nchange all allocations into device managed allocations.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38421", "https://git.kernel.org/linus/d9db3a941270d92bbd1a6a6b54a10324484f2f2d (6.16-rc3)", "https://git.kernel.org/stable/c/0d10b532f861253c283863522d59d099fcb0796d", "https://git.kernel.org/stable/c/d9db3a941270d92bbd1a6a6b54a10324484f2f2d", "https://lore.kernel.org/linux-cve-announce/2025072554-CVE-2025-38421-8601@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38421", "https://www.cve.org/CVERecord?id=CVE-2025-38421" ], "PublishedDate": "2025-07-25T15:15:26.927Z", "LastModifiedDate": "2025-07-25T15:29:19.837Z" }, { "VulnerabilityID": "CVE-2025-38426", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38426", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/amdgpu: Add basic validation for RAS header", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38426", "https://git.kernel.org/linus/5df0d6addb7e9b6f71f7162d1253762a5be9138e (6.16-rc1)", "https://git.kernel.org/stable/c/5df0d6addb7e9b6f71f7162d1253762a5be9138e", "https://git.kernel.org/stable/c/b52f52bc5ba9feb026c0be600f8ac584fd12d187", "https://lore.kernel.org/linux-cve-announce/2025072555-CVE-2025-38426-718c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38426", "https://www.cve.org/CVERecord?id=CVE-2025-38426" ], "PublishedDate": "2025-07-25T15:15:27.51Z", "LastModifiedDate": "2025-07-25T15:29:19.837Z" }, { "VulnerabilityID": "CVE-2025-38584", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38584", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: padata: Fix pd UAF once and for all", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix pd UAF once and for all\n\nThere is a race condition/UAF in padata_reorder that goes back\nto the initial commit. A reference count is taken at the start\nof the process in padata_do_parallel, and released at the end in\npadata_serial_worker.\n\nThis reference count is (and only is) required for padata_replace\nto function correctly. If padata_replace is never called then\nthere is no issue.\n\nIn the function padata_reorder which serves as the core of padata,\nas soon as padata is added to queue-\u003eserial.list, and the associated\nspin lock released, that padata may be processed and the reference\ncount on pd would go away.\n\nFix this by getting the next padata before the squeue-\u003eserial lock\nis released.\n\nIn order to make this possible, simplify padata_reorder by only\ncalling it once the next padata arrives.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38584", "https://git.kernel.org/linus/71203f68c7749609d7fc8ae6ad054bdedeb24f91 (6.17-rc1)", "https://git.kernel.org/stable/c/71203f68c7749609d7fc8ae6ad054bdedeb24f91", "https://git.kernel.org/stable/c/cdf79bd2e1ecb3cc75631c73d8f4149be6019a52", "https://git.kernel.org/stable/c/dbe3e911a59bda6de96e7cae387ff882c2c177fa", "https://lore.kernel.org/linux-cve-announce/2025081914-CVE-2025-38584-2648@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38584", "https://www.cve.org/CVERecord?id=CVE-2025-38584" ], "PublishedDate": "2025-08-19T17:15:35.723Z", "LastModifiedDate": "2025-08-20T14:40:17.713Z" }, { "VulnerabilityID": "CVE-2025-38591", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38591", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: bpf: Reject narrower access to pointer ctx fields", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject narrower access to pointer ctx fields\n\nThe following BPF program, simplified from a syzkaller repro, causes a\nkernel warning:\n\n r0 = *(u8 *)(r1 + 169);\n exit;\n\nWith pointer field sk being at offset 168 in __sk_buff. This access is\ndetected as a narrower read in bpf_skb_is_valid_access because it\ndoesn't match offsetof(struct __sk_buff, sk). It is therefore allowed\nand later proceeds to bpf_convert_ctx_access. Note that for the\n\"is_narrower_load\" case in the convert_ctx_accesses(), the insn-\u003eoff\nis aligned, so the cnt may not be 0 because it matches the\noffsetof(struct __sk_buff, sk) in the bpf_convert_ctx_access. However,\nthe target_size stays 0 and the verifier errors with a kernel warning:\n\n verifier bug: error during ctx access conversion(1)\n\nThis patch fixes that to return a proper \"invalid bpf_context access\noff=X size=Y\" error on the load instruction.\n\nThe same issue affects multiple other fields in context structures that\nallow narrow access. Some other non-affected fields (for sk_msg,\nsk_lookup, and sockopt) were also changed to use bpf_ctx_range_ptr for\nconsistency.\n\nNote this syzkaller crash was reported in the \"Closes\" link below, which\nused to be about a different bug, fixed in\ncommit fce7bd8e385a (\"bpf/verifier: Handle BPF_LOAD_ACQ instructions\nin insn_def_regno()\"). Because syzbot somehow confused the two bugs,\nthe new crash and repro didn't get reported to the mailing list.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38591", "https://git.kernel.org/linus/e09299225d5ba3916c91ef70565f7d2187e4cca0 (6.17-rc1)", "https://git.kernel.org/stable/c/202900ceeef67458c964c2af6e1427c8e533ea7c", "https://git.kernel.org/stable/c/e09299225d5ba3916c91ef70565f7d2187e4cca0", "https://lore.kernel.org/linux-cve-announce/2025081917-CVE-2025-38591-2a4d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38591", "https://www.cve.org/CVERecord?id=CVE-2025-38591" ], "PublishedDate": "2025-08-19T17:15:36.79Z", "LastModifiedDate": "2025-08-20T14:40:17.713Z" }, { "VulnerabilityID": "CVE-2025-38597", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38597", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port\n\nEach window of a vop2 is usable by a specific set of video ports, so while\nbinding the vop2, we look through the list of available windows trying to\nfind one designated as primary-plane and usable by that specific port.\n\nThe code later wants to use drm_crtc_init_with_planes with that found\nprimary plane, but nothing has checked so far if a primary plane was\nactually found.\n\nFor whatever reason, the rk3576 vp2 does not have a usable primary window\n(if vp0 is also in use) which brought the issue to light and ended in a\nnull-pointer dereference further down.\n\nAs we expect a primary-plane to exist for a video-port, add a check at\nthe end of the window-iteration and fail probing if none was found.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38597", "https://git.kernel.org/linus/f9f68bf1d0efeadb6c427c9dbb30f307a7def19b (6.17-rc1)", "https://git.kernel.org/stable/c/38682edbbad272b5f8c7bf55128b42cd10626f73", "https://git.kernel.org/stable/c/e1eef239399927b368f70a716044fb10085627c8", "https://git.kernel.org/stable/c/f9f68bf1d0efeadb6c427c9dbb30f307a7def19b", "https://lore.kernel.org/linux-cve-announce/2025081919-CVE-2025-38597-82d6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38597", "https://www.cve.org/CVERecord?id=CVE-2025-38597" ], "PublishedDate": "2025-08-19T17:15:37.613Z", "LastModifiedDate": "2025-08-20T14:40:17.713Z" }, { "VulnerabilityID": "CVE-2025-38605", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38605", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()\n\nIn ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to\nretrieve the ab pointer. In vdev delete sequence the arvif-\u003ear could\nbecome NULL and that would trigger kernel panic.\nSince the caller ath12k_dp_tx() already has a valid ab pointer, pass it\ndirectly to avoid panic and unnecessary dereferencing.\n\nPC points to \"ath12k_dp_tx+0x228/0x988 [ath12k]\"\nLR points to \"ath12k_dp_tx+0xc8/0x988 [ath12k]\".\nThe Backtrace obtained is as follows:\nath12k_dp_tx+0x228/0x988 [ath12k]\nath12k_mac_tx_check_max_limit+0x608/0x920 [ath12k]\nieee80211_process_measurement_req+0x320/0x348 [mac80211]\nieee80211_tx_dequeue+0x9ac/0x1518 [mac80211]\nieee80211_tx_dequeue+0xb14/0x1518 [mac80211]\nieee80211_tx_prepare_skb+0x224/0x254 [mac80211]\nieee80211_xmit+0xec/0x100 [mac80211]\n__ieee80211_subif_start_xmit+0xc50/0xf40 [mac80211]\nieee80211_subif_start_xmit+0x2e8/0x308 [mac80211]\nnetdev_start_xmit+0x150/0x18c\ndev_hard_start_xmit+0x74/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38605", "https://git.kernel.org/linus/05062834350f0bf7ad1abcebc2807220e90220eb (6.17-rc1)", "https://git.kernel.org/stable/c/05062834350f0bf7ad1abcebc2807220e90220eb", "https://git.kernel.org/stable/c/b508f370f88f277c95e2bd3bc47217a96d668cee", "https://git.kernel.org/stable/c/ee4f8e7fa578f9f28cef5f409677db25f4f83d7e", "https://lore.kernel.org/linux-cve-announce/2025081922-CVE-2025-38605-32f2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38605", "https://www.cve.org/CVERecord?id=CVE-2025-38605" ], "PublishedDate": "2025-08-19T17:15:38.793Z", "LastModifiedDate": "2025-08-20T14:40:17.713Z" }, { "VulnerabilityID": "CVE-2025-38621", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38621", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: md: make rdev_addable usable for rcu mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: make rdev_addable usable for rcu mode\n\nOur testcase trigger panic:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000e0\n...\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94\nPREEMPT(none)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nWorkqueue: md_misc md_start_sync\nRIP: 0010:rdev_addable+0x4d/0xf0\n...\nCall Trace:\n \u003cTASK\u003e\n md_start_sync+0x329/0x480\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x14d/0x180\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nModules linked in: raid10\nCR2: 00000000000000e0\n---[ end trace 0000000000000000 ]---\nRIP: 0010:rdev_addable+0x4d/0xf0\n\nmd_spares_need_change in md_start_sync will call rdev_addable which\nprotected by rcu_read_lock/rcu_read_unlock. This rcu context will help\nprotect rdev won't be released, but rdev-\u003emddev will be set to NULL\nbefore we call synchronize_rcu in md_kick_rdev_from_array. Fix this by\nusing READ_ONCE and check does rdev-\u003emddev still alive.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38621", "https://git.kernel.org/linus/13017b427118f4311471ee47df74872372ca8482 (6.17-rc1)", "https://git.kernel.org/stable/c/13017b427118f4311471ee47df74872372ca8482", "https://git.kernel.org/stable/c/b5fbe940862339cdcc34dea7a057ad18d18fa137", "https://lore.kernel.org/linux-cve-announce/2025082229-CVE-2025-38621-763f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38621", "https://www.cve.org/CVERecord?id=CVE-2025-38621" ], "PublishedDate": "2025-08-22T16:15:35.46Z", "LastModifiedDate": "2025-08-22T18:08:51.663Z" }, { "VulnerabilityID": "CVE-2025-38627", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38627", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic\n\nThe decompress_io_ctx may be released asynchronously after\nI/O completion. If this file is deleted immediately after read,\nand the kworker of processing post_read_wq has not been executed yet\ndue to high workloads, It is possible that the inode(f2fs_inode_info)\nis evicted and freed before it is used f2fs_free_dic.\n\n The UAF case as below:\n Thread A Thread B\n - f2fs_decompress_end_io\n - f2fs_put_dic\n - queue_work\n add free_dic work to post_read_wq\n - do_unlink\n - iput\n - evict\n - call_rcu\n This file is deleted after read.\n\n Thread C kworker to process post_read_wq\n - rcu_do_batch\n - f2fs_free_inode\n - kmem_cache_free\n inode is freed by rcu\n - process_scheduled_works\n - f2fs_late_free_dic\n - f2fs_free_dic\n - f2fs_release_decomp_mem\n read (dic-\u003einode)-\u003ei_compress_algorithm\n\nThis patch store compress_algorithm and sbi in dic to avoid inode UAF.\n\nIn addition, the previous solution is deprecated in [1] may cause system hang.\n[1] https://lore.kernel.org/all/c36ab955-c8db-4a8b-a9d0-f07b5f426c3f@kernel.org", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38627", "https://git.kernel.org/linus/39868685c2a94a70762bc6d77dc81d781d05bff5 (6.17-rc1)", "https://git.kernel.org/stable/c/39868685c2a94a70762bc6d77dc81d781d05bff5", "https://git.kernel.org/stable/c/8fae5b6addd5f6895e03797b56e3c7b9f9cd15c9", "https://lore.kernel.org/linux-cve-announce/2025082231-CVE-2025-38627-7cb6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38627", "https://www.cve.org/CVERecord?id=CVE-2025-38627" ], "PublishedDate": "2025-08-22T16:15:36.337Z", "LastModifiedDate": "2025-08-22T18:08:51.663Z" }, { "VulnerabilityID": "CVE-2025-38636", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38636", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: rv: Use strings in da monitors tracepoints", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrv: Use strings in da monitors tracepoints\n\nUsing DA monitors tracepoints with KASAN enabled triggers the following\nwarning:\n\n BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n Read of size 32 at addr ffffffffaada8980 by task ...\n Call Trace:\n \u003cTASK\u003e\n [...]\n do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10\n ? trace_event_sncid+0x83/0x200\n trace_event_sncid+0x163/0x200\n [...]\n The buggy address belongs to the variable:\n automaton_snep+0x4e0/0x5e0\n\nThis is caused by the tracepoints reading 32 bytes __array instead of\n__string from the automata definition. Such strings are literals and\nreading 32 bytes ends up in out of bound memory accesses (e.g. the next\nautomaton's data in this case).\nThe error is harmless as, while printing the string, we stop at the null\nterminator, but it should still be fixed.\n\nUse the __string facilities while defining the tracepoints to avoid\nreading out of bound memory.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38636", "https://git.kernel.org/linus/7f904ff6e58d398c4336f3c19c42b338324451f7 (6.17-rc1)", "https://git.kernel.org/stable/c/0ebc70d973ce7a81826b5c4f55f743e07f5864d9", "https://git.kernel.org/stable/c/7f904ff6e58d398c4336f3c19c42b338324451f7", "https://lore.kernel.org/linux-cve-announce/2025082233-CVE-2025-38636-0ce2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38636", "https://www.cve.org/CVERecord?id=CVE-2025-38636" ], "PublishedDate": "2025-08-22T16:15:37.587Z", "LastModifiedDate": "2025-08-22T18:08:51.663Z" }, { "VulnerabilityID": "CVE-2025-38643", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38643", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()\n\nCallers of wdev_chandef() must hold the wiphy mutex.\n\nBut the worker cfg80211_propagate_cac_done_wk() never takes the lock.\nWhich triggers the warning below with the mesh_peer_connected_dfs\ntest from hostapd and not (yet) released mac80211 code changes:\n\nWARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165\nModules linked in:\nCPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf\nWorkqueue: cfg80211 cfg80211_propagate_cac_done_wk\nStack:\n 00000000 00000001 ffffff00 6093267c\n 00000000 6002ec30 6d577c50 60037608\n 00000000 67e8d108 6063717b 00000000\nCall Trace:\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c6003c2b3\u003e] show_stack+0x10e/0x11a\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c60037608\u003e] dump_stack_lvl+0x71/0xb8\n [\u003c6063717b\u003e] ? wdev_chandef+0x60/0x165\n [\u003c6003766d\u003e] dump_stack+0x1e/0x20\n [\u003c6005d1b7\u003e] __warn+0x101/0x20f\n [\u003c6005d3a8\u003e] warn_slowpath_fmt+0xe3/0x15d\n [\u003c600b0c5c\u003e] ? mark_lock.part.0+0x0/0x4ec\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c600b11a2\u003e] ? mark_held_locks+0x5a/0x6e\n [\u003c6005d2c5\u003e] ? warn_slowpath_fmt+0x0/0x15d\n [\u003c60052e53\u003e] ? unblock_signals+0x3a/0xe7\n [\u003c60052f2d\u003e] ? um_set_signals+0x2d/0x43\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c607508b2\u003e] ? lock_is_held_type+0x207/0x21f\n [\u003c6063717b\u003e] wdev_chandef+0x60/0x165\n [\u003c605f89b4\u003e] regulatory_propagate_dfs_state+0x247/0x43f\n [\u003c60052f00\u003e] ? um_set_signals+0x0/0x43\n [\u003c605e6bfd\u003e] cfg80211_propagate_cac_done_wk+0x3a/0x4a\n [\u003c6007e460\u003e] process_scheduled_works+0x3bc/0x60e\n [\u003c6007d0ec\u003e] ? move_linked_works+0x4d/0x81\n [\u003c6007d120\u003e] ? assign_work+0x0/0xaa\n [\u003c6007f81f\u003e] worker_thread+0x220/0x2dc\n [\u003c600786ef\u003e] ? set_pf_worker+0x0/0x57\n [\u003c60087c96\u003e] ? to_kthread+0x0/0x43\n [\u003c6008ab3c\u003e] kthread+0x2d3/0x2e2\n [\u003c6007f5ff\u003e] ? worker_thread+0x0/0x2dc\n [\u003c6006c05b\u003e] ? calculate_sigpending+0x0/0x56\n [\u003c6003b37d\u003e] new_thread_handler+0x4a/0x64\nirq event stamp: 614611\nhardirqs last enabled at (614621): [\u003c00000000600bc96b\u003e] __up_console_sem+0x82/0xaf\nhardirqs last disabled at (614630): [\u003c00000000600bc92c\u003e] __up_console_sem+0x43/0xaf\nsoftirqs last enabled at (614268): [\u003c00000000606c55c6\u003e] __ieee80211_wake_queue+0x933/0x985\nsoftirqs last disabled at (614266): [\u003c00000000606c52d6\u003e] __ieee80211_wake_queue+0x643/0x985", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38643", "https://git.kernel.org/linus/2c5dee15239f3f3e31aa5c8808f18996c039e2c1 (6.17-rc1)", "https://git.kernel.org/stable/c/2c5dee15239f3f3e31aa5c8808f18996c039e2c1", "https://git.kernel.org/stable/c/7022df2248c08c6f75a01714163ac902333bf3db", "https://git.kernel.org/stable/c/dbce810607726408f889d3358f4780fd1436861e", "https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38643-a281@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38643", "https://www.cve.org/CVERecord?id=CVE-2025-38643" ], "PublishedDate": "2025-08-22T16:15:38.417Z", "LastModifiedDate": "2025-08-22T18:08:51.663Z" }, { "VulnerabilityID": "CVE-2025-38678", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38678", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: netfilter: nf_tables: reject duplicate device on updates", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38678", "https://git.kernel.org/linus/cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973 (6.17-rc2)", "https://git.kernel.org/stable/c/cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973", "https://git.kernel.org/stable/c/d7615bde541f16517d6790412da6ec46fa8a4c1f", "https://lore.kernel.org/linux-cve-announce/2025090318-CVE-2025-38678-faa7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38678", "https://www.cve.org/CVERecord?id=CVE-2025-38678" ], "PublishedDate": "2025-09-03T13:15:48.897Z", "LastModifiedDate": "2025-09-04T15:36:56.447Z" }, { "VulnerabilityID": "CVE-2025-39678", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39678", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: platform/x86/amd/hsmp: Ensure sock-\u003emetric_tbl_addr is non-NULL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/hsmp: Ensure sock-\u003emetric_tbl_addr is non-NULL\n\nIf metric table address is not allocated, accessing metrics_bin will\nresult in a NULL pointer dereference, so add a check.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39678", "https://git.kernel.org/linus/2c78fb287e1f430b929f2e49786518350d15605c (6.17-rc3)", "https://git.kernel.org/stable/c/2c78fb287e1f430b929f2e49786518350d15605c", "https://git.kernel.org/stable/c/d47782d5c0cb87b9826041f34505580204ccf703", "https://lore.kernel.org/linux-cve-announce/2025090545-CVE-2025-39678-d4ca@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39678", "https://www.cve.org/CVERecord?id=CVE-2025-39678" ], "PublishedDate": "2025-09-05T18:15:44.17Z", "LastModifiedDate": "2025-09-08T16:25:38.81Z" }, { "VulnerabilityID": "CVE-2025-39745", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39745", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcutorture: Fix rcutorture_one_extend_check() splat in RT kernels\n\nFor built with CONFIG_PREEMPT_RT=y kernels, running rcutorture\ntests resulted in the following splat:\n\n[ 68.797425] rcutorture_one_extend_check during change: Current 0x1 To add 0x1 To remove 0x0 preempt_count() 0x0\n[ 68.797533] WARNING: CPU: 2 PID: 512 at kernel/rcu/rcutorture.c:1993 rcutorture_one_extend_check+0x419/0x560 [rcutorture]\n[ 68.797601] Call Trace:\n[ 68.797602] \u003cTASK\u003e\n[ 68.797619] ? lockdep_softirqs_off+0xa5/0x160\n[ 68.797631] rcutorture_one_extend+0x18e/0xcc0 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797646] ? local_clock+0x19/0x40\n[ 68.797659] rcu_torture_one_read+0xf0/0x280 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797678] ? __pfx_rcu_torture_one_read+0x10/0x10 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797804] ? __pfx_rcu_torture_timer+0x10/0x10 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797815] rcu-torture: rcu_torture_reader task started\n[ 68.797824] rcu-torture: Creating rcu_torture_reader task\n[ 68.797824] rcu_torture_reader+0x238/0x580 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797836] ? kvm_sched_clock_read+0x15/0x30\n\nDisable BH does not change the SOFTIRQ corresponding bits in\npreempt_count() for RT kernels, this commit therefore use\nsoftirq_count() to check the if BH is disabled.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39745", "https://git.kernel.org/linus/8d71351d88e478d3c4e945e3218e97ec677fd807 (6.17-rc1)", "https://git.kernel.org/stable/c/69c5ae0f441c2d72e8f48dc1e08464c172360c4c", "https://git.kernel.org/stable/c/8d71351d88e478d3c4e945e3218e97ec677fd807", "https://git.kernel.org/stable/c/a85550267247cdf5e7499be00ea8e388ab014e50", "https://lore.kernel.org/linux-cve-announce/2025091140-CVE-2025-39745-ac0b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39745", "https://www.cve.org/CVERecord?id=CVE-2025-39745" ], "PublishedDate": "2025-09-11T17:15:37.75Z", "LastModifiedDate": "2025-09-15T15:22:38.297Z" }, { "VulnerabilityID": "CVE-2025-39762", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39762", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm/amd/display: add null check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: add null check\n\n[WHY]\nPrevents null pointer dereferences to enhance function robustness\n\n[HOW]\nAdds early null check and return false if invalid.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39762", "https://git.kernel.org/linus/158b9201c17fc93ed4253c2f03b77fd2671669a1 (6.17-rc1)", "https://git.kernel.org/stable/c/10d97cc1a14ef1f611e156b0b27e8b226e103cc2", "https://git.kernel.org/stable/c/13895744e2c639324cf3cb18f2ba4e3f400dd0dd", "https://git.kernel.org/stable/c/158b9201c17fc93ed4253c2f03b77fd2671669a1", "https://lore.kernel.org/linux-cve-announce/2025091146-CVE-2025-39762-a8e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39762", "https://www.cve.org/CVERecord?id=CVE-2025-39762" ], "PublishedDate": "2025-09-11T17:15:40.313Z", "LastModifiedDate": "2025-09-15T15:22:38.297Z" }, { "VulnerabilityID": "CVE-2025-39764", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39764", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: netfilter: ctnetlink: remove refcounting in expectation dumpers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: remove refcounting in expectation dumpers\n\nSame pattern as previous patch: do not keep the expectation object\nalive via refcount, only store a cookie value and then use that\nas the skip hint for dump resumption.\n\nAFAICS this has the same issue as the one resolved in the conntrack\ndumper, when we do\n if (!refcount_inc_not_zero(\u0026exp-\u003euse))\n\nto increment the refcount, there is a chance that exp == last, which\ncauses a double-increment of the refcount and subsequent memory leak.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39764", "https://git.kernel.org/linus/1492e3dcb2be3aa46d1963da96aa9593e4e4db5a (6.17-rc2)", "https://git.kernel.org/stable/c/1492e3dcb2be3aa46d1963da96aa9593e4e4db5a", "https://git.kernel.org/stable/c/a4d634ded4d3d400f115d84f654f316f249531c9", "https://lore.kernel.org/linux-cve-announce/2025091147-CVE-2025-39764-b300@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39764", "https://www.cve.org/CVERecord?id=CVE-2025-39764" ], "PublishedDate": "2025-09-11T17:15:40.653Z", "LastModifiedDate": "2025-09-15T15:22:38.297Z" }, { "VulnerabilityID": "CVE-2025-39789", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39789", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: crypto: x86/aegis - Add missing error checks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: x86/aegis - Add missing error checks\n\nThe skcipher_walk functions can allocate memory and can fail, so\nchecking for errors is necessary.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39789", "https://git.kernel.org/linus/3d9eb180fbe8828cce43bce4c370124685b205c3 (6.17-rc1)", "https://git.kernel.org/stable/c/3d9eb180fbe8828cce43bce4c370124685b205c3", "https://git.kernel.org/stable/c/475104178f4d30e749ee4f5473c87f692b93bebb", "https://lore.kernel.org/linux-cve-announce/2025091152-CVE-2025-39789-8cdc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39789", "https://www.cve.org/CVERecord?id=CVE-2025-39789" ], "PublishedDate": "2025-09-11T17:15:45.22Z", "LastModifiedDate": "2025-09-15T15:22:38.297Z" }, { "VulnerabilityID": "CVE-2025-39816", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39816", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths\n\nSince the buffers are mapped from userspace, it is prudent to use\nREAD_ONCE() to read the value into a local variable, and use that for\nany other actions taken. Having a stable read of the buffer length\navoids worrying about it changing after checking, or being read multiple\ntimes.\n\nSimilarly, the buffer may well change in between it being picked and\nbeing committed. Ensure the looping for incremental ring buffer commit\nstops if it hits a zero sized buffer, as no further progress can be made\nat that point.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39816", "https://git.kernel.org/linus/98b6fa62c84f2e129161e976a5b9b3cb4ccd117b (6.17-rc4)", "https://git.kernel.org/stable/c/390a61d284e1ced088d43928dfcf6f86fffdd780", "https://git.kernel.org/stable/c/695673eb5711ee5eb1769481cf1503714716a7d1", "https://git.kernel.org/stable/c/98b6fa62c84f2e129161e976a5b9b3cb4ccd117b", "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39816-f21d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39816", "https://www.cve.org/CVERecord?id=CVE-2025-39816" ], "PublishedDate": "2025-09-16T13:15:56.79Z", "LastModifiedDate": "2025-09-25T10:15:31.527Z" }, { "VulnerabilityID": "CVE-2025-39822", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39822", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: io_uring/kbuf: fix signedness in this_len calculation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: fix signedness in this_len calculation\n\nWhen importing and using buffers, buf-\u003elen is considered unsigned.\nHowever, buf-\u003elen is converted to signed int when committing. This can\nlead to unexpected behavior if the buffer is large enough to be\ninterpreted as a negative value. Make min_t calculation unsigned.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39822", "https://git.kernel.org/linus/c64eff368ac676e8540344d27a3de47e0ad90d21 (6.17-rc4)", "https://git.kernel.org/stable/c/c64eff368ac676e8540344d27a3de47e0ad90d21", "https://git.kernel.org/stable/c/f4f411c068402c370c4f9a9d4950a97af97bbbb1", "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39822-454e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39822", "https://www.cve.org/CVERecord?id=CVE-2025-39822" ], "PublishedDate": "2025-09-16T13:15:59.873Z", "LastModifiedDate": "2025-09-17T14:18:55.093Z" }, { "VulnerabilityID": "CVE-2025-39830", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39830", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path\n\nIn the error path of hws_pool_buddy_init(), the buddy allocator cleanup\ndoesn't free the allocator structure itself, causing a memory leak.\n\nAdd the missing kfree() to properly release all allocated memory.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39830", "https://git.kernel.org/linus/2c0a959bebdc1ada13cf9a8242f177c5400299e6 (6.17-rc4)", "https://git.kernel.org/stable/c/2c0a959bebdc1ada13cf9a8242f177c5400299e6", "https://git.kernel.org/stable/c/86d13a6f49cb68aa91bd718b1b627e72e77285c1", "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39830-5341@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39830", "https://www.cve.org/CVERecord?id=CVE-2025-39830" ], "PublishedDate": "2025-09-16T14:15:51.183Z", "LastModifiedDate": "2025-09-17T14:18:55.093Z" }, { "VulnerabilityID": "CVE-2025-39833", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39833", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mISDN: hfcpci: Fix warning when deleting uninitialized timer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \u003cTASK\u003e\n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39833", "https://git.kernel.org/linus/97766512a9951b9fd6fc97f1b93211642bb0b220 (6.17-rc4)", "https://git.kernel.org/stable/c/43fc5da8133badf17f5df250ba03b9d882254845", "https://git.kernel.org/stable/c/97766512a9951b9fd6fc97f1b93211642bb0b220", "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39833-c2ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39833", "https://www.cve.org/CVERecord?id=CVE-2025-39833" ], "PublishedDate": "2025-09-16T14:15:51.58Z", "LastModifiedDate": "2025-09-17T14:18:55.093Z" }, { "VulnerabilityID": "CVE-2025-39834", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39834", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow\n\nWhen an invalid stc_type is provided, the function allocates memory for\nshared_stc but jumps to unlock_and_out without freeing it, causing a\nmemory leak.\n\nFix by jumping to free_shared_stc label instead to ensure proper cleanup.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39834", "https://git.kernel.org/linus/a630f83592cdad1253523a1b760cfe78fef6cd9c (6.17-rc4)", "https://git.kernel.org/stable/c/051fd8576a2e4e95d5870c5c9f8679c5b16882e4", "https://git.kernel.org/stable/c/a630f83592cdad1253523a1b760cfe78fef6cd9c", "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39834-4d8f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39834", "https://www.cve.org/CVERecord?id=CVE-2025-39834" ], "PublishedDate": "2025-09-16T14:15:51.717Z", "LastModifiedDate": "2025-09-17T14:18:55.093Z" }, { "VulnerabilityID": "CVE-2025-39859", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39859", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog\n\nThe ptp_ocp_detach() only shuts down the watchdog timer if it is\npending. However, if the timer handler is already running, the\ntimer_delete_sync() is not called. This leads to race conditions\nwhere the devlink that contains the ptp_ocp is deallocated while\nthe timer handler is still accessing it, resulting in use-after-free\nbugs. The following details one of the race scenarios.\n\n(thread 1) | (thread 2)\nptp_ocp_remove() |\n ptp_ocp_detach() | ptp_ocp_watchdog()\n if (timer_pending(\u0026bp-\u003ewatchdog))| bp = timer_container_of()\n timer_delete_sync() |\n |\n devlink_free(devlink) //free |\n | bp-\u003e //use\n\nResolve this by unconditionally calling timer_delete_sync() to ensure\nthe timer is reliably deactivated, preventing any access after free.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39859", "https://git.kernel.org/linus/8bf935cf789872350b04c1a6468b0a509f67afb2 (6.17-rc5)", "https://git.kernel.org/stable/c/8bf935cf789872350b04c1a6468b0a509f67afb2", "https://git.kernel.org/stable/c/f10d3c7267ac7387a5129d5506c3c5f2460cfd9b", "https://lore.kernel.org/linux-cve-announce/2025091905-CVE-2025-39859-52d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39859", "https://www.cve.org/CVERecord?id=CVE-2025-39859" ], "PublishedDate": "2025-09-19T16:15:44.867Z", "LastModifiedDate": "2025-09-22T21:23:01.543Z" }, { "VulnerabilityID": "CVE-2025-39862", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39862", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: mt76: mt7915: fix list corruption after hardware restart", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix list corruption after hardware restart\n\nSince stations are recreated from scratch, all lists that wcids are added\nto must be cleared before calling ieee80211_restart_hw.\nSet wcid-\u003esta = 0 for each wcid entry in order to ensure that they are\nnot added again before they are ready.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39862", "https://git.kernel.org/linus/065c79df595af21d6d1b27d642860faa1d938774 (6.17-rc5)", "https://git.kernel.org/stable/c/065c79df595af21d6d1b27d642860faa1d938774", "https://git.kernel.org/stable/c/8fa8eb52bc2eb08d93202863b5fc478e0bebc00c", "https://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39862-5acb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39862", "https://www.cve.org/CVERecord?id=CVE-2025-39862" ], "PublishedDate": "2025-09-19T16:15:45.203Z", "LastModifiedDate": "2025-09-22T21:23:01.543Z" }, { "VulnerabilityID": "CVE-2025-39929", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39929", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path\n\nDuring tests of another unrelated patch I was able to trigger this\nerror: Objects remaining on __kmem_cache_shutdown()", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39929", "https://git.kernel.org/linus/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0 (6.17-rc7)", "https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e", "https://git.kernel.org/stable/c/3d7c075c878ac844e33c43e506c2fa27ac7e9689", "https://git.kernel.org/stable/c/922338efaad63cfe30d459dfc59f9d69ff93ded4", "https://git.kernel.org/stable/c/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0", "https://git.kernel.org/stable/c/e7b7a93879558e77d950f1ff9a6f3daa385b33df", "https://lore.kernel.org/linux-cve-announce/2025100414-CVE-2025-39929-4308@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39929", "https://www.cve.org/CVERecord?id=CVE-2025-39929" ], "PublishedDate": "2025-10-04T08:15:44.62Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39934", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39934", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39934", "https://git.kernel.org/linus/a10f910c77f280327b481e77eab909934ec508f0 (6.17-rc7)", "https://git.kernel.org/stable/c/0da73f7827691a5e2265b110d5fe12f29535ec92", "https://git.kernel.org/stable/c/15a77e1ab0a994d69b471c76b8d01117128dda26", "https://git.kernel.org/stable/c/1a7ea294d57fb61485d11b3f2241d631d73025cb", "https://git.kernel.org/stable/c/51a501e990a353a4f15da6bab295b28e5d118f64", "https://git.kernel.org/stable/c/a10f910c77f280327b481e77eab909934ec508f0", "https://git.kernel.org/stable/c/f9a089d0a6d537d0f2061c8a37a7de535ce0310e", "https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39934-4c48@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39934", "https://www.cve.org/CVERecord?id=CVE-2025-39934" ], "PublishedDate": "2025-10-04T08:15:46.21Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39937", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39937", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39937", "https://git.kernel.org/linus/b6f56a44e4c1014b08859dcf04ed246500e310e5 (6.17-rc7)", "https://git.kernel.org/stable/c/184f608a68f96794e8fe58cd5535014d53622cde", "https://git.kernel.org/stable/c/21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d", "https://git.kernel.org/stable/c/21ba85d9d508422ca9e6698463ff9357c928c22d", "https://git.kernel.org/stable/c/47ade5f9d70b23a119ec20b1c6504864b2543a79", "https://git.kernel.org/stable/c/689aee35ce671aab752f159e5c8e66d7685e6887", "https://git.kernel.org/stable/c/8793e7a8e1b60131a825457174ed6398111daeb7", "https://git.kernel.org/stable/c/ada2282259243387e6b6e89239aeb4897e62f051", "https://git.kernel.org/stable/c/b6f56a44e4c1014b08859dcf04ed246500e310e5", "https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2025-39937-c8f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39937", "https://www.cve.org/CVERecord?id=CVE-2025-39937" ], "PublishedDate": "2025-10-04T08:15:46.593Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39938", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39938", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39938", "https://git.kernel.org/linus/68f27f7c7708183e7873c585ded2f1b057ac5b97 (6.17-rc7)", "https://git.kernel.org/stable/c/01d1ba106c9e02a2e7d41e07be49031a0ff0ecaa", "https://git.kernel.org/stable/c/411f7d4f7038200cdf6d4f71ee31026ebf2dfedb", "https://git.kernel.org/stable/c/68f27f7c7708183e7873c585ded2f1b057ac5b97", "https://git.kernel.org/stable/c/9c534dbfd1726502abcf0bd393a04214f62c050b", "https://git.kernel.org/stable/c/cc336b242ea7e7a09b3ab9f885341455ca0a3bdb", "https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2025-39938-6508@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39938", "https://www.cve.org/CVERecord?id=CVE-2025-39938" ], "PublishedDate": "2025-10-04T08:15:46.73Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39940", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39940", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: dm-stripe: fix a possible integer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-stripe: fix a possible integer overflow\n\nThere's a possible integer overflow in stripe_io_hints if we have too\nlarge chunk size. Test if the overflow happened, and if it did, don't set\nlimits-\u003eio_min and limits-\u003eio_opt;", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39940", "https://git.kernel.org/linus/1071d560afb4c245c2076494226df47db5a35708 (6.17-rc7)", "https://git.kernel.org/stable/c/1071d560afb4c245c2076494226df47db5a35708", "https://git.kernel.org/stable/c/ee27658c239b27721397f3e4eb16370b5cce596e", "https://git.kernel.org/stable/c/f8f64254bca5ae58f3b679441962bda4c409f659", "https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2025-39940-6097@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39940", "https://www.cve.org/CVERecord?id=CVE-2025-39940" ], "PublishedDate": "2025-10-04T08:15:46.973Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39942", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39942", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size\n\nThis is inspired by the check for data_offset + data_length.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39942", "https://git.kernel.org/linus/e1868ba37fd27c6a68e31565402b154beaa65df0 (6.17-rc7)", "https://git.kernel.org/stable/c/196a3a7676d726ee67621ea2bf3b7815ac2685b4", "https://git.kernel.org/stable/c/9644798294c7287e65a7b26e35aa6d2ce3345bcc", "https://git.kernel.org/stable/c/c64b915bb3d9339adcae5db4be2c35ffbef5e615", "https://git.kernel.org/stable/c/d3cb3f209d35c44b7ee74f77ed27ebb28995b9ce", "https://git.kernel.org/stable/c/e1868ba37fd27c6a68e31565402b154beaa65df0", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39942-0297@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39942", "https://www.cve.org/CVERecord?id=CVE-2025-39942" ], "PublishedDate": "2025-10-04T08:15:47.23Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39943", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39943", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer\n\nIf data_offset and data_length of smb_direct_data_transfer struct are\ninvalid, out of bounds issue could happen.\nThis patch validate data_offset and data_length field in recv_done.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39943", "https://git.kernel.org/linus/5282491fc49d5614ac6ddcd012e5743eecb6a67c (6.17-rc7)", "https://git.kernel.org/stable/c/5282491fc49d5614ac6ddcd012e5743eecb6a67c", "https://git.kernel.org/stable/c/529b121b00a6ee3c88fb3c01b443b2b81f686d48", "https://git.kernel.org/stable/c/773fddf976d282ef059c36c575ddb81567acd6bc", "https://git.kernel.org/stable/c/8be498fcbd5b07272f560b45981d4b9e5a2ad885", "https://git.kernel.org/stable/c/bdaab5c6538e250a9654127e688ecbbeb6f771d5", "https://git.kernel.org/stable/c/eb0378dde086363046ed3d7db7f126fc3f76fd70", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39943-f5d8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39943", "https://www.cve.org/CVERecord?id=CVE-2025-39943" ], "PublishedDate": "2025-10-04T08:15:47.357Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39944", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39944", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()\n\nThe original code relies on cancel_delayed_work() in otx2_ptp_destroy(),\nwhich does not ensure that the delayed work item synctstamp_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere otx2_ptp is deallocated by otx2_ptp_destroy(), while synctstamp_work\nremains active and attempts to dereference otx2_ptp in otx2_sync_tstamp().\nFurthermore, the synctstamp_work is cyclic, the likelihood of triggering\nthe bug is nonnegligible.\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\notx2_remove() |\n otx2_ptp_destroy() | otx2_sync_tstamp()\n cancel_delayed_work() |\n kfree(ptp) |\n | ptp = container_of(...); //UAF\n | ptp-\u003e //UAF\n\nThis is confirmed by a KASAN report:\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800aa09a18 by task bash/136\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n otx2_ptp_init+0xb1/0x860\n otx2_probe+0x4eb/0xc30\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 136:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n otx2_ptp_destroy+0x38/0x80\n otx2_remove+0x10d/0x4c0\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled before the otx2_ptp is\ndeallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the OcteonTX2 PCI device in QEMU and introduced\nartificial delays within the otx2_sync_tstamp() function to increase the\nlikelihood of triggering the bug.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39944", "https://git.kernel.org/linus/f8b4687151021db61841af983f1cb7be6915d4ef (6.17-rc7)", "https://git.kernel.org/stable/c/2786879aebf363806a13d41e8d5f99202ddd23d9", "https://git.kernel.org/stable/c/5ca20bb7b4bde72110c3ae78423cbfdd0157aa36", "https://git.kernel.org/stable/c/d2cfefa14ce8137b17f99683f968bebf134b6a48", "https://git.kernel.org/stable/c/f8b4687151021db61841af983f1cb7be6915d4ef", "https://git.kernel.org/stable/c/ff27e23b311fed4d25e3852e27ba693416d4c7b3", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39944-0d67@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39944", "https://www.cve.org/CVERecord?id=CVE-2025-39944" ], "PublishedDate": "2025-10-04T08:15:47.48Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39945", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39945", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: cnic: Fix use-after-free bugs in cnic_delete_task", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item 'delete_task' has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays — such as inserting calls to ssleep()\nwithin the cnic_delete_task() function — to increase the likelihood\nof triggering the bug.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39945", "https://git.kernel.org/linus/cfa7d9b1e3a8604afc84e9e51d789c29574fb216 (6.17-rc7)", "https://git.kernel.org/stable/c/0405055930264ea8fd26f4131466fa7652e5e47d", "https://git.kernel.org/stable/c/0627e1481676669cae2df0d85b5ff13e7d24c390", "https://git.kernel.org/stable/c/6e33a7eed587062ca8161ad1f4584882a860d697", "https://git.kernel.org/stable/c/7b6a5b0a6b392263c3767fc945b311ea04b34bbd", "https://git.kernel.org/stable/c/8eeb2091e72d75df8ceaa2172638d61b4cf8929a", "https://git.kernel.org/stable/c/cfa7d9b1e3a8604afc84e9e51d789c29574fb216", "https://git.kernel.org/stable/c/e1fcd4a9c09feac0902a65615e866dbf22616125", "https://git.kernel.org/stable/c/fde6e73189f40ebcf0633aed2b68e731c25f3aa3", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39945-84d4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39945", "https://www.cve.org/CVERecord?id=CVE-2025-39945" ], "PublishedDate": "2025-10-04T08:15:47.613Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39946", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39946", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: tls: make sure to abort the stream if headers are bogus", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we're under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there's really no way to recover.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39946", "https://git.kernel.org/linus/0aeb54ac4cd5cf8f60131b4d9ec0b6dc9c27b20d (6.17-rc7)", "https://git.kernel.org/stable/c/0aeb54ac4cd5cf8f60131b4d9ec0b6dc9c27b20d", "https://git.kernel.org/stable/c/208640e6225cc929a05adbf79d1df558add3e231", "https://git.kernel.org/stable/c/4cefe5be73886f383639fe0850bb72d5b568a7b9", "https://git.kernel.org/stable/c/61ca2da5fb8f433ce8bbd1657c84a86272133e6b", "https://git.kernel.org/stable/c/b36462146d86b1f22e594fe4dae611dffacfb203", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39946-5f17@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39946", "https://www.cve.org/CVERecord?id=CVE-2025-39946" ], "PublishedDate": "2025-10-04T08:15:47.747Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39950", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39950", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "In the Linux kernel, the following vulnerability has been resolved: n ...", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR\n\nA NULL pointer dereference can occur in tcp_ao_finish_connect() during a\nconnect() system call on a socket with a TCP-AO key added and TCP_REPAIR\nenabled.\n\nThe function is called with skb being NULL and attempts to dereference it\non tcp_hdr(skb)-\u003eseq without a prior skb validation.\n\nFix this by checking if skb is NULL before dereferencing it.\n\nThe commentary is taken from bpf_skops_established(), which is also called\nin the same flow. Unlike the function being patched,\nbpf_skops_established() validates the skb before dereferencing it.\n\nint main(void){\n\tstruct sockaddr_in sockaddr;\n\tstruct tcp_ao_add tcp_ao;\n\tint sk;\n\tint one = 1;\n\n\tmemset(\u0026sockaddr,'\\0',sizeof(sockaddr));\n\tmemset(\u0026tcp_ao,'\\0',sizeof(tcp_ao));\n\n\tsk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);\n\n\tsockaddr.sin_family = AF_INET;\n\n\tmemcpy(tcp_ao.alg_name,\"cmac(aes128)\",12);\n\tmemcpy(tcp_ao.key,\"ABCDEFGHABCDEFGH\",16);\n\ttcp_ao.keylen = 16;\n\n\tmemcpy(\u0026tcp_ao.addr,\u0026sockaddr,sizeof(sockaddr));\n\n\tsetsockopt(sk, IPPROTO_TCP, TCP_AO_ADD_KEY, \u0026tcp_ao,\n\tsizeof(tcp_ao));\n\tsetsockopt(sk, IPPROTO_TCP, TCP_REPAIR, \u0026one, sizeof(one));\n\n\tsockaddr.sin_family = AF_INET;\n\tsockaddr.sin_port = htobe16(123);\n\n\tinet_aton(\"127.0.0.1\", \u0026sockaddr.sin_addr);\n\n\tconnect(sk,(struct sockaddr *)\u0026sockaddr,sizeof(sockaddr));\n\nreturn 0;\n}\n\n$ gcc tcp-ao-nullptr.c -o tcp-ao-nullptr -Wall\n$ unshare -Urn\n\nBUG: kernel NULL pointer dereference, address: 00000000000000b6\nPGD 1f648d067 P4D 1f648d067 PUD 1982e8067 PMD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop\nReference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:tcp_ao_finish_connect (net/ipv4/tcp_ao.c:1182)", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://git.kernel.org/linus/2e7bba08923ebc675b1f0e0e0959e68e53047838 (6.17-rc7)", "https://git.kernel.org/stable/c/2e7bba08923ebc675b1f0e0e0959e68e53047838", "https://git.kernel.org/stable/c/5f445eb259906b61a518487a790e11d07d31738c", "https://git.kernel.org/stable/c/993b734d31ab804747ac961b1ee664b023c3b5fa", "https://www.cve.org/CVERecord?id=CVE-2025-39950" ], "PublishedDate": "2025-10-04T08:15:48.253Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39951", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39951", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: um: virtio_uml: Fix use-after-free after put_device in probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: virtio_uml: Fix use-after-free after put_device in probe\n\nWhen register_virtio_device() fails in virtio_uml_probe(),\nthe code sets vu_dev-\u003eregistered = 1 even though\nthe device was not successfully registered.\nThis can lead to use-after-free or other issues.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39951", "https://git.kernel.org/linus/7ebf70cf181651fe3f2e44e95e7e5073d594c9c0 (6.17-rc7)", "https://git.kernel.org/stable/c/00e98b5a69034b251bb36dc6e7123d7648e218e4", "https://git.kernel.org/stable/c/14c231959a16ca41bfdcaede72483362a8c645d7", "https://git.kernel.org/stable/c/4f364023ddcfe83f7073b973a9cb98584b7f2a46", "https://git.kernel.org/stable/c/5e94e44c9cb30d7a383d8ac227f24a8c9326b770", "https://git.kernel.org/stable/c/7ebf70cf181651fe3f2e44e95e7e5073d594c9c0", "https://git.kernel.org/stable/c/aaf900a83508c8cd5cdf765e7749f9076196ec7f", "https://git.kernel.org/stable/c/c2ff91255e0157b356cff115d8dc3eeb5162edf2", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2025-39951-24b1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39951", "https://www.cve.org/CVERecord?id=CVE-2025-39951" ], "PublishedDate": "2025-10-04T08:15:48.38Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39952", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39952", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: wilc1000: avoid buffer overflow in WID string configuration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: '__memcpy()' 'cfg-\u003es[i]-\u003estr' copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in 'struct wilc_cfg_str_vals' that is maintained in 'len' field\nof 'struct wilc_cfg_str'.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39952", "https://git.kernel.org/linus/fe9e4d0c39311d0f97b024147a0d155333f388b5 (6.17-rc5)", "https://git.kernel.org/stable/c/2203ef417044b10a8563ade6a17c74183745d72e", "https://git.kernel.org/stable/c/6085291a1a5865d4ad70f0e5812d524ebd5d1711", "https://git.kernel.org/stable/c/ae50f8562306a7ea1cf3c9722f97ee244f974729", "https://git.kernel.org/stable/c/fe9e4d0c39311d0f97b024147a0d155333f388b5", "https://lore.kernel.org/linux-cve-announce/2025100421-CVE-2025-39952-e36c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39952", "https://www.cve.org/CVERecord?id=CVE-2025-39952" ], "PublishedDate": "2025-10-04T08:15:48.507Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39953", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39953", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: cgroup: split cgroup_destroy_wq into 3 workqueues", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: split cgroup_destroy_wq into 3 workqueues\n\nA hung task can occur during [1] LTP cgroup testing when repeatedly\nmounting/unmounting perf_event and net_prio controllers with\nsystemd.unified_cgroup_hierarchy=1. The hang manifests in\ncgroup_lock_and_drain_offline() during root destruction.\n\nRelated case:\ncgroup_fj_function_perf_event cgroup_fj_function.sh perf_event\ncgroup_fj_function_net_prio cgroup_fj_function.sh net_prio\n\nCall Trace:\n\tcgroup_lock_and_drain_offline+0x14c/0x1e8\n\tcgroup_destroy_root+0x3c/0x2c0\n\tcss_free_rwork_fn+0x248/0x338\n\tprocess_one_work+0x16c/0x3b8\n\tworker_thread+0x22c/0x3b0\n\tkthread+0xec/0x100\n\tret_from_fork+0x10/0x20\n\nRoot Cause:\n\nCPU0 CPU1\nmount perf_event umount net_prio\ncgroup1_get_tree cgroup_kill_sb\nrebind_subsystems // root destruction enqueues\n\t\t\t\t// cgroup_destroy_wq\n// kill all perf_event css\n // one perf_event css A is dying\n // css A offline enqueues cgroup_destroy_wq\n // root destruction will be executed first\n css_free_rwork_fn\n cgroup_destroy_root\n cgroup_lock_and_drain_offline\n // some perf descendants are dying\n // cgroup_destroy_wq max_active = 1\n // waiting for css A to die\n\nProblem scenario:\n1. CPU0 mounts perf_event (rebind_subsystems)\n2. CPU1 unmounts net_prio (cgroup_kill_sb), queuing root destruction work\n3. A dying perf_event CSS gets queued for offline after root destruction\n4. Root destruction waits for offline completion, but offline work is\n blocked behind root destruction in cgroup_destroy_wq (max_active=1)\n\nSolution:\nSplit cgroup_destroy_wq into three dedicated workqueues:\ncgroup_offline_wq – Handles CSS offline operations\ncgroup_release_wq – Manages resource release\ncgroup_free_wq – Performs final memory deallocation\n\nThis separation eliminates blocking in the CSS free path while waiting for\noffline operations to complete.\n\n[1] https://github.com/linux-test-project/ltp/blob/master/runtest/controllers", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39953", "https://git.kernel.org/linus/79f919a89c9d06816dbdbbd168fa41d27411a7f9 (6.17-rc7)", "https://git.kernel.org/stable/c/05e0b03447cf215ec384210441b34b7a3b16e8b0", "https://git.kernel.org/stable/c/4a1e3ec28e8062cd9f339aa6a942df9c5bcb6811", "https://git.kernel.org/stable/c/79f919a89c9d06816dbdbbd168fa41d27411a7f9", "https://git.kernel.org/stable/c/993049c9b1355c78918344a6403427d53f9ee700", "https://git.kernel.org/stable/c/a0c896bda7077aa5005473e2c5b3c27173313b4c", "https://git.kernel.org/stable/c/cabadd7fd15f97090f752fd22dd7f876a0dc3dc4", "https://git.kernel.org/stable/c/ded4d207a3209a834b6831ceec7f39b934c74802", "https://git.kernel.org/stable/c/f2795d1b92506e3adf52a298f7181032a1525e04", "https://lore.kernel.org/linux-cve-announce/2025100421-CVE-2025-39953-4ac6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39953", "https://www.cve.org/CVERecord?id=CVE-2025-39953" ], "PublishedDate": "2025-10-04T08:15:48.627Z", "LastModifiedDate": "2025-10-06T14:56:47.823Z" }, { "VulnerabilityID": "CVE-2025-39957", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39957", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: mac80211: increase scan_ies_len for S1G", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39957", "https://git.kernel.org/stable/c/0dbad5f5549e54ac269cc04ce89f212892a98cab", "https://git.kernel.org/stable/c/16c9244a62116fe148f6961753b68e7160799f97", "https://git.kernel.org/stable/c/32adb020b0c32939da1322dcc87fc0ae2bc935d1", "https://git.kernel.org/stable/c/7e2f3213e85eba00acb4cfe6d71647892d63c3a1", "https://git.kernel.org/stable/c/93e063f15e17acb8cd6ac90c8f0802c2624e1a74", "https://lore.kernel.org/linux-cve-announce/2025100943-CVE-2025-39957-33c1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39957", "https://www.cve.org/CVERecord?id=CVE-2025-39957" ], "PublishedDate": "2025-10-09T10:15:37.133Z", "LastModifiedDate": "2025-10-09T15:50:04.013Z" }, { "VulnerabilityID": "CVE-2025-39958", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39958", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: iommu/s390: Make attach succeed when the device was surprise removed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/s390: Make attach succeed when the device was surprise removed\n\nWhen a PCI device is removed with surprise hotplug, there may still be\nattempts to attach the device to the default domain as part of tear down\nvia (__iommu_release_dma_ownership()), or because the removal happens\nduring probe (__iommu_probe_device()). In both cases zpci_register_ioat()\nfails with a cc value indicating that the device handle is invalid. This\nis because the device is no longer part of the instance as far as the\nhypervisor is concerned.\n\nCurrently this leads to an error return and s390_iommu_attach_device()\nfails. This triggers the WARN_ON() in __iommu_group_set_domain_nofail()\nbecause attaching to the default domain must never fail.\n\nWith the device fenced by the hypervisor no DMAs to or from memory are\npossible and the IOMMU translations have no effect. Proceed as if the\nregistration was successful and let the hotplug event handling clean up\nthe device.\n\nThis is similar to how devices in the error state are handled since\ncommit 59bbf596791b (\"iommu/s390: Make attach succeed even if the device\nis in error state\") except that for removal the domain will not be\nregistered later. This approach was also previously discussed at the\nlink.\n\nHandle both cases, error state and removal, in a helper which checks if\nthe error needs to be propagated or ignored. Avoid magic number\ncondition codes by using the pre-existing, but never used, defines for\nPCI load/store condition codes and rename them to reflect that they\napply to all PCI instructions.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39958", "https://git.kernel.org/stable/c/359613f2fa009587154511e4842e8ab9532edd15", "https://git.kernel.org/stable/c/9ffaf5229055fcfbb3b3d6f1c7e58d63715c3f73", "https://lore.kernel.org/linux-cve-announce/2025100943-CVE-2025-39958-6e96@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39958", "https://www.cve.org/CVERecord?id=CVE-2025-39958" ], "PublishedDate": "2025-10-09T10:15:37.867Z", "LastModifiedDate": "2025-10-09T15:50:04.013Z" }, { "VulnerabilityID": "CVE-2025-39961", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39961", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: iommu/amd/pgtbl: Fix possible race while increase page table level", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd/pgtbl: Fix possible race while increase page table level\n\nThe AMD IOMMU host page table implementation supports dynamic page table levels\n(up to 6 levels), starting with a 3-level configuration that expands based on\nIOVA address. The kernel maintains a root pointer and current page table level\nto enable proper page table walks in alloc_pte()/fetch_pte() operations.\n\nThe IOMMU IOVA allocator initially starts with 32-bit address and onces its\nexhuasted it switches to 64-bit address (max address is determined based\non IOMMU and device DMA capability). To support larger IOVA, AMD IOMMU\ndriver increases page table level.\n\nBut in unmap path (iommu_v1_unmap_pages()), fetch_pte() reads\npgtable-\u003e[root/mode] without lock. So its possible that in exteme corner case,\nwhen increase_address_space() is updating pgtable-\u003e[root/mode], fetch_pte()\nreads wrong page table level (pgtable-\u003emode). It does compare the value with\nlevel encoded in page table and returns NULL. This will result is\niommu_unmap ops to fail and upper layer may retry/log WARN_ON.\n\nCPU 0 CPU 1\n------ ------\nmap pages unmap pages\nalloc_pte() -\u003e increase_address_space() iommu_v1_unmap_pages() -\u003e fetch_pte()\n pgtable-\u003eroot = pte (new root value)\n READ pgtable-\u003e[mode/root]\n\t\t\t\t\t Reads new root, old mode\n Updates mode (pgtable-\u003emode += 1)\n\nSince Page table level updates are infrequent and already synchronized with a\nspinlock, implement seqcount to enable lock-free read operations on the read path.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39961", "https://git.kernel.org/linus/1e56310b40fd2e7e0b9493da9ff488af145bdd0c (6.17-rc7)", "https://git.kernel.org/stable/c/075abf0b1a958acfbea2435003d228e738e90346", "https://git.kernel.org/stable/c/1e56310b40fd2e7e0b9493da9ff488af145bdd0c", "https://git.kernel.org/stable/c/7d462bdecb7d9c32934dab44aaeb7ea7d73a27a2", "https://git.kernel.org/stable/c/cd92c8ab336c3a633d46e6f35ebcd3509ae7db3b", "https://lore.kernel.org/linux-cve-announce/2025100916-CVE-2025-39961-09b1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39961", "https://www.cve.org/CVERecord?id=CVE-2025-39961" ], "PublishedDate": "2025-10-09T13:15:32.25Z", "LastModifiedDate": "2025-10-09T15:50:04.013Z" }, { "VulnerabilityID": "CVE-2025-39963", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39963", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "io_uring: fix incorrect io_kiocb reference in io_link_skb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix incorrect io_kiocb reference in io_link_skb\n\nIn io_link_skb function, there is a bug where prev_notif is incorrectly\nassigned using 'nd' instead of 'prev_nd'. This causes the context\nvalidation check to compare the current notification with itself instead\nof comparing it with the previous notification.\n\nFix by using the correct prev_nd parameter when obtaining prev_notif.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39963", "https://git.kernel.org/linus/2c139a47eff8de24e3350dadb4c9d5e3426db826 (6.17-rc7)", "https://git.kernel.org/stable/c/2c139a47eff8de24e3350dadb4c9d5e3426db826", "https://git.kernel.org/stable/c/50a98ce1ea694f1ff8e87bc2f8f84096d1736f6a", "https://git.kernel.org/stable/c/a89c34babc2e5834aa0905278f26f4dbe4b26b76", "https://lore.kernel.org/linux-cve-announce/2025100917-CVE-2025-39963-b0ff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39963", "https://www.cve.org/CVERecord?id=CVE-2025-39963" ], "PublishedDate": "2025-10-09T13:15:32.517Z", "LastModifiedDate": "2025-10-09T15:50:04.013Z" }, { "VulnerabilityID": "CVE-2025-39964", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39964", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Disallow concurrent writes in af_alg_sendmsg\n\nIssuing two writes to the same af_alg socket is bogus as the\ndata will be interleaved in an unpredictable fashion. Furthermore,\nconcurrent writes may create inconsistencies in the internal\nsocket state.\n\nDisallow this by adding a new ctx-\u003ewrite field that indiciates\nexclusive ownership for writing.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39964", "https://git.kernel.org/linus/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 (6.17-rc7)", "https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce", "https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285", "https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8", "https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042", "https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84", "https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d", "https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9", "https://lore.kernel.org/linux-cve-announce/2025101334-CVE-2025-39964-7964@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39964", "https://www.cve.org/CVERecord?id=CVE-2025-39964" ], "PublishedDate": "2025-10-13T14:15:34.737Z", "LastModifiedDate": "2025-10-14T19:36:29.24Z" }, { "VulnerabilityID": "CVE-2025-39965", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39965", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn't use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn't remove those states from the byspi list,\nsince they shouldn't be there, and this shows up as a UAF the next\ntime we go through the byspi list.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39965", "https://git.kernel.org/stable/c/0baf92d0b1590b903c1f4ead75e61715e50e8146", "https://git.kernel.org/stable/c/9fcedabaae0096f712bbb4ccca6a8538af1cd1c8", "https://git.kernel.org/stable/c/a78e55776522373c446f18d5002a8de4b09e6bf7", "https://git.kernel.org/stable/c/cd8ae32e4e4652db55bce6b9c79267d8946765a9", "https://lore.kernel.org/linux-cve-announce/2025101336-CVE-2025-39965-9772@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39965", "https://www.cve.org/CVERecord?id=CVE-2025-39965" ], "PublishedDate": "2025-10-13T14:15:34.91Z", "LastModifiedDate": "2025-10-14T19:36:29.24Z" }, { "VulnerabilityID": "CVE-2025-39967", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39967", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: fbcon: fix integer overflow in fbcon_do_set_font", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39967", "https://git.kernel.org/linus/1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe (6.17)", "https://git.kernel.org/stable/c/1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe", "https://git.kernel.org/stable/c/4a4bac869560f943edbe3c2b032062f6673b13d3", "https://git.kernel.org/stable/c/994bdc2d23c79087fbf7dcd9544454e8ebcef877", "https://git.kernel.org/stable/c/9c8ec14075c5317edd6b242f1be8167aa1e4e333", "https://git.kernel.org/stable/c/a6eb9f423b3db000aaedf83367b8539f6b72dcfc", "https://git.kernel.org/stable/c/adac90bb1aaf45ca66f9db8ac100be16750ace78", "https://git.kernel.org/stable/c/b8a6e85328aeb9881531dbe89bcd2637a06c3c95", "https://git.kernel.org/stable/c/c0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7", "https://lore.kernel.org/linux-cve-announce/2025101555-CVE-2025-39967-0fbf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39967", "https://www.cve.org/CVERecord?id=CVE-2025-39967" ], "PublishedDate": "2025-10-15T08:15:34.21Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39978", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39978", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don't think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39978", "https://git.kernel.org/linus/d9c70e93ec5988ab07ad2a92d9f9d12867f02c56 (6.17)", "https://git.kernel.org/stable/c/5723120423a753a220b8b2954b273838b9d7e74a", "https://git.kernel.org/stable/c/a8a63f27c3a8a3714210d32b12fd0f16d0337414", "https://git.kernel.org/stable/c/c41b2941a024d4ec7c768e16ffb10a74b188fced", "https://git.kernel.org/stable/c/d9c70e93ec5988ab07ad2a92d9f9d12867f02c56", "https://git.kernel.org/stable/c/df2c071061ed52d2225d97b212d27ecedf456b8a", "https://lore.kernel.org/linux-cve-announce/2025101558-CVE-2025-39978-d538@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39978", "https://www.cve.org/CVERecord?id=CVE-2025-39978" ], "PublishedDate": "2025-10-15T08:15:35.64Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39985", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39985", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39985", "https://git.kernel.org/linus/17c8d794527f01def0d1c8b7dc2d7b8d34fed0e6 (6.17)", "https://git.kernel.org/stable/c/0fa9303c4b9493727e0d3a6ac3729300e3013930", "https://git.kernel.org/stable/c/17c8d794527f01def0d1c8b7dc2d7b8d34fed0e6", "https://git.kernel.org/stable/c/3664ae91b26d1fd7e4cee9cde17301361f4c89d5", "https://git.kernel.org/stable/c/37aed407496bf6de8910e588edb04d2435fa7011", "https://git.kernel.org/stable/c/6b9fb82df8868dbe9ffea5874b8d35f951faedbb", "https://git.kernel.org/stable/c/6eec67bfb25637f9b51e584cf59ddace59925bc8", "https://git.kernel.org/stable/c/b638c3fb0f163e69785ceddb3b434a9437878bec", "https://git.kernel.org/stable/c/ca4e51359608e1f29bf1f2c33c3ddf775b6b7ed1", "https://lore.kernel.org/linux-cve-announce/2025101500-CVE-2025-39985-98c2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39985", "https://www.cve.org/CVERecord?id=CVE-2025-39985" ], "PublishedDate": "2025-10-15T08:15:36.523Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39986", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39986", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39986", "https://git.kernel.org/linus/61da0bd4102c459823fbe6b8b43b01fb6ace4a22 (6.17)", "https://git.kernel.org/stable/c/063539db42203b29d5aa2adf0cae3d68c646a6b6", "https://git.kernel.org/stable/c/2e423e1990f3972cbea779883fef52c2f2acb858", "https://git.kernel.org/stable/c/4f382cc887adca8478b9d3e6b81aa6698a95fff4", "https://git.kernel.org/stable/c/60463a1c138900494cb3adae41142a11cd8feb3c", "https://git.kernel.org/stable/c/61da0bd4102c459823fbe6b8b43b01fb6ace4a22", "https://git.kernel.org/stable/c/7f7b21026a6febdb749f6f6f950427245aa86cce", "https://git.kernel.org/stable/c/a61ff7ac93270d20ca426c027d6d01c8ac8e904c", "https://git.kernel.org/stable/c/de77841652e57afbc46e9e1dbf51ee364fc008e1", "https://lore.kernel.org/linux-cve-announce/2025101501-CVE-2025-39986-b33b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39986", "https://www.cve.org/CVERecord?id=CVE-2025-39986" ], "PublishedDate": "2025-10-15T08:15:36.653Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39987", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39987", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39987", "https://git.kernel.org/linus/ac1c7656fa717f29fac3ea073af63f0b9919ec9a (6.17)", "https://git.kernel.org/stable/c/57d332ce8c921d0e340650470bb0c1d707f216ee", "https://git.kernel.org/stable/c/7ab85762274c0fa997f0ef9a2307b2001aae43c4", "https://git.kernel.org/stable/c/8f351db6b2367991f0736b2cff082f5de4872113", "https://git.kernel.org/stable/c/ac1c7656fa717f29fac3ea073af63f0b9919ec9a", "https://git.kernel.org/stable/c/be1b25005fd0f9d4e78bec6695711ef87ee33398", "https://git.kernel.org/stable/c/def814b4ba31b563584061d6895d5ff447d5bc14", "https://git.kernel.org/stable/c/e77fdf9e33a83a08f04ab0cb68c19ddb365a622f", "https://git.kernel.org/stable/c/f2c247e9581024d8b3dd44cbe086bf2bebbef42c", "https://lore.kernel.org/linux-cve-announce/2025101501-CVE-2025-39987-9feb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39987", "https://www.cve.org/CVERecord?id=CVE-2025-39987" ], "PublishedDate": "2025-10-15T08:15:36.783Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39988", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39988", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39988", "https://git.kernel.org/linus/38c0abad45b190a30d8284a37264d2127a6ec303 (6.17)", "https://git.kernel.org/stable/c/38c0abad45b190a30d8284a37264d2127a6ec303", "https://git.kernel.org/stable/c/72de0facc50afdb101fb7197d880407f1abfc77f", "https://git.kernel.org/stable/c/b26cccd87dcddc47b450a40f3b1ac3fe346efcff", "https://git.kernel.org/stable/c/c4e582e686c4d683c87f2b4a316385b3d81d370f", "https://git.kernel.org/stable/c/cbc1de71766f326a44bb798aeae4a7ef4a081cc9", "https://git.kernel.org/stable/c/e587af2c89ecc6382c518febea52fa9ba81e47c0", "https://lore.kernel.org/linux-cve-announce/2025101501-CVE-2025-39988-bda0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39988", "https://www.cve.org/CVERecord?id=CVE-2025-39988" ], "PublishedDate": "2025-10-15T08:15:36.913Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39990", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39990", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: bpf: Check the helper function is valid in get_helper_proto", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check the helper function is valid in get_helper_proto\n\nkernel test robot reported verifier bug [1] where the helper func\npointer could be NULL due to disabled config option.\n\nAs Alexei suggested we could check on that in get_helper_proto\ndirectly. Marking tail_call helper func with BPF_PTR_POISON,\nbecause it is unused by design.\n\n [1] https://lore.kernel.org/oe-lkp/202507160818.68358831-lkp@intel.com", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39990", "https://git.kernel.org/linus/e4414b01c1cd9887bbde92f946c1ba94e40d6d64 (6.17-rc6)", "https://git.kernel.org/stable/c/3d429cb1278e995e22995ef117fa96d223a67e93", "https://git.kernel.org/stable/c/6233715b4b714068d6c831d214a4e8792109875a", "https://git.kernel.org/stable/c/e4414b01c1cd9887bbde92f946c1ba94e40d6d64", "https://lore.kernel.org/linux-cve-announce/2025101502-CVE-2025-39990-25bc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39990", "https://www.cve.org/CVERecord?id=CVE-2025-39990" ], "PublishedDate": "2025-10-15T08:15:37.06Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39995", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39995", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn't still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39995", "https://git.kernel.org/linus/79d10f4f21a92e459b2276a77be62c59c1502c9d (6.18-rc1)", "https://git.kernel.org/stable/c/228d06c4cbfc750f1216a3fd91b4693b0766d2f6", "https://git.kernel.org/stable/c/2610617effb4454d2f1c434c011ccb5cc7140711", "https://git.kernel.org/stable/c/3d17701c156579969470e58b3a906511f8bc018d", "https://git.kernel.org/stable/c/79d10f4f21a92e459b2276a77be62c59c1502c9d", "https://git.kernel.org/stable/c/f3f3f00bcabbd2ce0a77a2ac7a6797b8646bfd8b", "https://git.kernel.org/stable/c/f92181c0e13cad9671d07b15be695a97fc2534a3", "https://lore.kernel.org/linux-cve-announce/2025101528-CVE-2025-39995-80ab@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39995", "https://www.cve.org/CVERecord?id=CVE-2025-39995" ], "PublishedDate": "2025-10-15T08:15:37.69Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39996", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39996", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39996", "https://git.kernel.org/linus/01e03fb7db419d39e18d6090d4873c1bff103914 (6.18-rc1)", "https://git.kernel.org/stable/c/01e03fb7db419d39e18d6090d4873c1bff103914", "https://git.kernel.org/stable/c/3ffabc79388e68877d9c02f724a0b7a38d519daf", "https://git.kernel.org/stable/c/514a519baa9e2be7ddc2714bd730bc5a883e1244", "https://git.kernel.org/stable/c/6a92f5796880f5aa345f0fed53ef511e3fd6f706", "https://git.kernel.org/stable/c/bb10a9ddc8d6c5dbf098f21eb1055a652652e524", "https://git.kernel.org/stable/c/d502df8a716d993fa0f9d8c00684f1190750e28e", "https://lore.kernel.org/linux-cve-announce/2025101528-CVE-2025-39996-b297@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39996", "https://www.cve.org/CVERecord?id=CVE-2025-39996" ], "PublishedDate": "2025-10-15T08:15:37.817Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39997", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39997", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39997", "https://git.kernel.org/linus/9f2c0ac1423d5f267e7f1d1940780fc764b0fee3 (6.18-rc1)", "https://git.kernel.org/stable/c/353d8c715cc951a980728133c9dd64ca5a0a186c", "https://git.kernel.org/stable/c/647d6b8d22be12842fde6ed0c56859ebc615f21e", "https://git.kernel.org/stable/c/9f2c0ac1423d5f267e7f1d1940780fc764b0fee3", "https://git.kernel.org/stable/c/af600e7f5526d16146b3ae99f6ad57bfea79ca33", "https://git.kernel.org/stable/c/dc4874366cf6cf4a31d8fa4b7f0e2a5b2d7647ba", "https://lore.kernel.org/linux-cve-announce/2025101528-CVE-2025-39997-4384@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39997", "https://www.cve.org/CVERecord?id=CVE-2025-39997" ], "PublishedDate": "2025-10-15T08:15:37.947Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-40000", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40000", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40000", "https://git.kernel.org/linus/3e31a6bc07312b448fad3b45de578471f86f0e77 (6.18-rc1)", "https://git.kernel.org/stable/c/3e31a6bc07312b448fad3b45de578471f86f0e77", "https://git.kernel.org/stable/c/895cccf639ac015f3d5f993218cf098db82ac145", "https://git.kernel.org/stable/c/bdb3c41b358cf87d99e39d393e164f9e4a6088e6", "https://git.kernel.org/stable/c/f21f530b03b4b23448edb531a0cfea434cb76bb4", "https://lore.kernel.org/linux-cve-announce/2025101518-CVE-2025-40000-8817@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40000", "https://www.cve.org/CVERecord?id=CVE-2025-40000" ], "PublishedDate": "2025-10-15T08:15:38.33Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2004-0230", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2004-0230", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "TCP, when using a large Window Size, makes it easier for remote attack ...", "Description": "TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 5 } }, "References": [ "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt", "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt", "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc", "http://kb.juniper.net/JSA10638", "http://marc.info/?l=bugtraq\u0026m=108302060014745\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=108506952116653\u0026w=2", "http://secunia.com/advisories/11440", "http://secunia.com/advisories/11458", "http://secunia.com/advisories/22341", "http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml", "http://www.kb.cert.org/vuls/id/415294", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "http://www.osvdb.org/4030", "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "http://www.securityfocus.com/bid/10183", "http://www.uniras.gov.uk/vuls/2004/236929/index.htm", "http://www.us-cert.gov/cas/techalerts/TA04-111A.html", "http://www.vupen.com/english/advisories/2006/3983", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10053", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711" ], "PublishedDate": "2004-08-18T04:00:00Z", "LastModifiedDate": "2025-05-02T16:40:41.53Z" }, { "VulnerabilityID": "CVE-2005-3660", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-3660", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...", "Description": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V2Score": 4.9 } }, "References": [ "http://secunia.com/advisories/18205", "http://securityreason.com/securityalert/291", "http://securitytracker.com/id?1015402", "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=362", "http://www.securityfocus.com/bid/16041", "http://www.vupen.com/english/advisories/2005/3076", "https://exchange.xforce.ibmcloud.com/vulnerabilities/23835" ], "PublishedDate": "2005-12-22T23:03:00Z", "LastModifiedDate": "2025-04-03T01:03:51.193Z" }, { "VulnerabilityID": "CVE-2007-3719", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-3719", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: secretly Monopolizing the CPU Without Superuser Privileges", "Description": "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\"", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V2Score": 2.1 } }, "References": [ "http://osvdb.org/37127", "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf", "https://access.redhat.com/security/cve/CVE-2007-3719", "https://nvd.nist.gov/vuln/detail/CVE-2007-3719", "https://www.cve.org/CVERecord?id=CVE-2007-3719" ], "PublishedDate": "2007-07-12T16:30:00Z", "LastModifiedDate": "2024-11-21T00:33:54.23Z" }, { "VulnerabilityID": "CVE-2008-2544", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2008-2544", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw", "Description": "Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.", "Severity": "LOW", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V2Score": 2.1, "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2008-2544", "https://bugzilla.redhat.com/show_bug.cgi?id=213135", "https://nvd.nist.gov/vuln/detail/CVE-2008-2544", "https://www.cve.org/CVERecord?id=CVE-2008-2544" ], "PublishedDate": "2021-05-27T13:15:07.753Z", "LastModifiedDate": "2024-11-21T00:47:07.257Z" }, { "VulnerabilityID": "CVE-2008-4609", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2008-4609", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: TCP protocol vulnerabilities from Outpost24", "Description": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.", "Severity": "LOW", "CweIDs": [ "CWE-16" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V2Score": 7.1 } }, "References": [ "http://blog.robertlee.name/2008/10/conjecture-speculation.html", "http://insecure.org/stf/tcp-dos-attack-explained.html", "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html", "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2", "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked", "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml", "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html", "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "http://www.outpost24.com/news/news-2008-10-02.html", "http://www.us-cert.gov/cas/techalerts/TA09-251A.html", "https://access.redhat.com/security/cve/CVE-2008-4609", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048", "https://nvd.nist.gov/vuln/detail/CVE-2008-4609", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340", "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html", "https://www.cve.org/CVERecord?id=CVE-2008-4609" ], "PublishedDate": "2008-10-20T17:59:26.163Z", "LastModifiedDate": "2024-11-21T00:52:05.603Z" }, { "VulnerabilityID": "CVE-2010-4563", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ipv6: sniffer detection", "Description": "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V2Score": 5 }, "redhat": { "V2Vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "V2Score": 2.9 } }, "References": [ "http://seclists.org/dailydave/2011/q2/25", "http://seclists.org/fulldisclosure/2011/Apr/254", "https://access.redhat.com/security/cve/CVE-2010-4563", "https://nvd.nist.gov/vuln/detail/CVE-2010-4563", "https://www.cve.org/CVERecord?id=CVE-2010-4563" ], "PublishedDate": "2012-02-02T17:55:00.847Z", "LastModifiedDate": "2025-04-11T00:51:21.963Z" }, { "VulnerabilityID": "CVE-2010-5321", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-5321", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()", "Description": "Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.", "Severity": "LOW", "CweIDs": [ "CWE-772" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 4.3 }, "redhat": { "V2Vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "V2Score": 3.8 } }, "References": [ "http://linuxtv.org/irc/v4l/index.php?date=2010-07-29", "http://www.openwall.com/lists/oss-security/2015/02/08/4", "https://access.redhat.com/security/cve/CVE-2010-5321", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340", "https://bugzilla.kernel.org/show_bug.cgi?id=120571", "https://bugzilla.redhat.com/show_bug.cgi?id=620629", "https://nvd.nist.gov/vuln/detail/CVE-2010-5321", "https://www.cve.org/CVERecord?id=CVE-2010-5321" ], "PublishedDate": "2017-04-24T06:59:00.21Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2011-4915", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4915", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...", "Description": "fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 5.5 } }, "References": [ "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201", "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2ef990ab5a6705a356d146dd773a3b359787497", "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4915.html", "http://www.openwall.com/lists/oss-security/2011/11/07/9", "https://lkml.org/lkml/2011/11/7/340", "https://seclists.org/oss-sec/2011/q4/571", "https://security-tracker.debian.org/tracker/CVE-2011-4915", "https://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-about-keyboard-11131" ], "PublishedDate": "2020-02-20T18:15:11.137Z", "LastModifiedDate": "2024-11-21T01:33:17.547Z" }, { "VulnerabilityID": "CVE-2011-4916", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4916", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Linux kernel through 3.1 allows local users to obtain sensitive keystr ...", "Description": "Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 5.5 } }, "References": [ "https://lkml.org/lkml/2011/11/7/355", "https://www.openwall.com/lists/oss-security/2011/12/28/3" ], "PublishedDate": "2022-07-12T21:15:09.147Z", "LastModifiedDate": "2024-11-21T01:33:17.663Z" }, { "VulnerabilityID": "CVE-2011-4917", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4917", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "In the Linux kernel through 3.1 there is an information disclosure iss ...", "Description": "In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 5.5 } }, "References": [ "https://lkml.org/lkml/2011/11/7/340", "https://www.openwall.com/lists/oss-security/2011/12/28/4" ], "PublishedDate": "2022-04-18T17:15:11.937Z", "LastModifiedDate": "2024-11-21T01:33:17.797Z" }, { "VulnerabilityID": "CVE-2012-4542", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4542", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: block: default SCSI command filter does not accomodate commands overlap across device classes", "Description": "block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.", "Severity": "LOW", "CweIDs": [ "CWE-264" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V2Score": 4.6 }, "redhat": { "V2Vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "V2Score": 4.9 } }, "References": [ "http://marc.info/?l=linux-kernel\u0026m=135903967015813\u0026w=2", "http://marc.info/?l=linux-kernel\u0026m=135904012416042\u0026w=2", "http://rhn.redhat.com/errata/RHSA-2013-0496.html", "http://rhn.redhat.com/errata/RHSA-2013-0579.html", "http://rhn.redhat.com/errata/RHSA-2013-0882.html", "http://rhn.redhat.com/errata/RHSA-2013-0928.html", "https://access.redhat.com/security/cve/CVE-2012-4542", "https://bugzilla.redhat.com/show_bug.cgi?id=875360", "https://linux.oracle.com/cve/CVE-2012-4542.html", "https://linux.oracle.com/errata/ELSA-2013-2534.html", "https://nvd.nist.gov/vuln/detail/CVE-2012-4542", "https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=76a274e17114abf1a77de6b651424648ce9e10c8", "https://www.cve.org/CVERecord?id=CVE-2012-4542" ], "PublishedDate": "2013-02-28T19:55:01.107Z", "LastModifiedDate": "2025-04-11T00:51:21.963Z" }, { "VulnerabilityID": "CVE-2014-9892", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9892", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "The snd_compr_tstamp function in sound/core/compress_offload.c in the ...", "Description": "The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V2Score": 4.3, "V3Score": 5.5 } }, "References": [ "http://source.android.com/security/bulletin/2016-08-01.html", "http://www.securityfocus.com/bid/92222", "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e" ], "PublishedDate": "2016-08-06T10:59:35.717Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2014-9900", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9900", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Info leak in uninitialized structure ethtool_wolinfo in ethtool_get_wol()", "Description": "The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://source.android.com/security/bulletin/2016-08-01.html", "http://www.securityfocus.com/bid/92222", "https://access.redhat.com/security/cve/CVE-2014-9900", "https://nvd.nist.gov/vuln/detail/CVE-2014-9900", "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071", "https://ubuntu.com/security/notices/USN-3358-1", "https://ubuntu.com/security/notices/USN-3359-1", "https://ubuntu.com/security/notices/USN-3360-1", "https://ubuntu.com/security/notices/USN-3360-2", "https://ubuntu.com/security/notices/USN-3364-1", "https://ubuntu.com/security/notices/USN-3364-2", "https://ubuntu.com/security/notices/USN-3364-3", "https://ubuntu.com/security/notices/USN-3371-1", "https://www.cve.org/CVERecord?id=CVE-2014-9900" ], "PublishedDate": "2016-08-06T10:59:44.983Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2015-2877", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2877", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Kernel: Cross-VM ASL INtrospection (CAIN)", "Description": "Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states \"Basically if you care about this attack vector, disable deduplication.\" Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V2Score": 2.1, "V3Score": 3.3 }, "redhat": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V2Score": 2.1 } }, "References": [ "http://www.antoniobarresi.com/files/cain_advisory.txt", "http://www.kb.cert.org/vuls/id/935424", "http://www.securityfocus.com/bid/76256", "https://access.redhat.com/security/cve/CVE-2015-2877", "https://bugzilla.redhat.com/show_bug.cgi?id=1252096", "https://nvd.nist.gov/vuln/detail/CVE-2015-2877", "https://www.cve.org/CVERecord?id=CVE-2015-2877", "https://www.kb.cert.org/vuls/id/BGAR-A2CNKG", "https://www.kb.cert.org/vuls/id/BLUU-9ZAHZH", "https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf" ], "PublishedDate": "2017-03-03T11:59:00.147Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2016-10723", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10723", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in the Linux kernel through 4.17.2. Since the ...", "Description": "An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \"the underlying problem is non-trivial to handle.", "Severity": "LOW", "CweIDs": [ "CWE-399" ], "VendorSeverity": { "debian": 1, "nvd": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 } }, "References": [ "https://lore.kernel.org/lkml/195a512f-aecc-f8cf-f409-6c42ee924a8c@i-love.sakura.ne.jp/", "https://lore.kernel.org/lkml/cb2d635c-c14d-c2cc-868a-d4c447364f0d@i-love.sakura.ne.jp/", "https://patchwork.kernel.org/patch/10395909/", "https://patchwork.kernel.org/patch/9842889/", "https://www.cve.org/CVERecord?id=CVE-2016-10723", "https://www.spinics.net/lists/linux-mm/msg117896.html" ], "PublishedDate": "2018-06-21T13:29:00.21Z", "LastModifiedDate": "2024-11-21T02:44:35.807Z" }, { "VulnerabilityID": "CVE-2016-8660", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8660", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation", "Description": "The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"", "Severity": "LOW", "CweIDs": [ "CWE-19" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2016/10/13/8", "http://www.securityfocus.com/bid/93558", "https://access.redhat.com/security/cve/CVE-2016-8660", "https://bugzilla.redhat.com/show_bug.cgi?id=1384851", "https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/", "https://marc.info/?l=linux-fsdevel\u0026m=147639177409294\u0026w=2", "https://marc.info/?l=linux-xfs\u0026m=149498118228320\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2016-8660", "https://www.cve.org/CVERecord?id=CVE-2016-8660" ], "PublishedDate": "2016-10-16T21:59:14.333Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2017-0630", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0630", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Information disclosure vulnerability in kernel trace subsystem", "Description": "An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "V2Score": 2.6, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.4 } }, "References": [ "http://www.securityfocus.com/bid/98213", "https://access.redhat.com/security/cve/CVE-2017-0630", "https://nvd.nist.gov/vuln/detail/CVE-2017-0630", "https://source.android.com/security/bulletin/2017-05-01", "https://source.android.com/security/bulletin/2017-05-01#id-in-kernel-trace-subsystem", "https://www.cve.org/CVERecord?id=CVE-2017-0630" ], "PublishedDate": "2017-05-12T15:29:02.657Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2017-13693", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13693", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ACPI operand cache leak in dsutils.c", "Description": "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/100502", "https://access.redhat.com/security/cve/CVE-2017-13693", "https://github.com/acpica/acpica/pull/295", "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732", "https://nvd.nist.gov/vuln/detail/CVE-2017-13693", "https://patchwork.kernel.org/patch/9919053/", "https://www.cve.org/CVERecord?id=CVE-2017-13693" ], "PublishedDate": "2017-08-25T08:29:00.273Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2017-13694", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13694", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ACPI node and node_ext cache leak", "Description": "The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/100500", "https://access.redhat.com/security/cve/CVE-2017-13694", "https://github.com/acpica/acpica/pull/278", "https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0", "https://nvd.nist.gov/vuln/detail/CVE-2017-13694", "https://patchwork.kernel.org/patch/9806085/", "https://www.cve.org/CVERecord?id=CVE-2017-13694" ], "PublishedDate": "2017-08-25T08:29:00.32Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-1121", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "procps: process hiding through race condition enumerating /proc", "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", "Severity": "LOW", "CweIDs": [ "CWE-367", "CWE-362" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "V3Score": 3.9 } }, "References": [ "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://access.redhat.com/security/cve/CVE-2018-1121", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", "https://nvd.nist.gov/vuln/detail/CVE-2018-1121", "https://www.cve.org/CVERecord?id=CVE-2018-1121", "https://www.exploit-db.com/exploits/44806/", "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" ], "PublishedDate": "2018-06-13T20:29:00.337Z", "LastModifiedDate": "2024-11-21T03:59:13.5Z" }, { "VulnerabilityID": "CVE-2018-12928", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko", "Description": "In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5 } }, "References": [ "http://www.securityfocus.com/bid/104593", "https://access.redhat.com/security/cve/CVE-2018-12928", "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384", "https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ", "https://linux.oracle.com/cve/CVE-2018-12928.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/", "https://marc.info/?l=linux-fsdevel\u0026m=152407263325766\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2018-12928", "https://www.cve.org/CVERecord?id=CVE-2018-12928" ], "PublishedDate": "2018-06-28T14:29:00.353Z", "LastModifiedDate": "2024-11-21T03:46:07.97Z" }, { "VulnerabilityID": "CVE-2018-17977", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17977", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service", "Description": "The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.", "Severity": "LOW", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 } }, "References": [ "http://www.securityfocus.com/bid/105539", "https://access.redhat.com/security/cve/CVE-2018-17977", "https://bugzilla.suse.com/show_bug.cgi?id=1111609", "https://nvd.nist.gov/vuln/detail/CVE-2018-17977", "https://www.cve.org/CVERecord?id=CVE-2018-17977", "https://www.openwall.com/lists/oss-security/2018/10/05/5" ], "PublishedDate": "2018-10-08T17:29:00.653Z", "LastModifiedDate": "2024-11-21T03:55:19.193Z" }, { "VulnerabilityID": "CVE-2019-11191", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11191", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: race condition in load_aout_binary() allows local users to bypass ASLR on setuid a.out programs", "Description": "The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "debian": 1, "nvd": 1, "photon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "V2Score": 1.9, "V3Score": 2.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", "http://www.openwall.com/lists/oss-security/2019/04/18/5", "http://www.openwall.com/lists/oss-security/2019/05/22/7", "http://www.securityfocus.com/bid/107887", "https://access.redhat.com/security/cve/CVE-2019-11191", "https://nvd.nist.gov/vuln/detail/CVE-2019-11191", "https://ubuntu.com/security/notices/USN-4006-1", "https://ubuntu.com/security/notices/USN-4006-2", "https://ubuntu.com/security/notices/USN-4007-1", "https://ubuntu.com/security/notices/USN-4007-2", "https://ubuntu.com/security/notices/USN-4008-1", "https://ubuntu.com/security/notices/USN-4008-3", "https://usn.ubuntu.com/4006-1/", "https://usn.ubuntu.com/4006-2/", "https://usn.ubuntu.com/4007-1/", "https://usn.ubuntu.com/4007-2/", "https://usn.ubuntu.com/4008-1/", "https://usn.ubuntu.com/4008-3/", "https://www.cve.org/CVERecord?id=CVE-2019-11191", "https://www.openwall.com/lists/oss-security/2019/04/03/4", "https://www.openwall.com/lists/oss-security/2019/04/03/4/1" ], "PublishedDate": "2019-04-12T00:29:00.31Z", "LastModifiedDate": "2024-11-21T04:20:42.093Z" }, { "VulnerabilityID": "CVE-2019-12378", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12378", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: unchecked kmalloc of new_ra in ip6_ra_control leads to denial of service", "Description": "An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.7 } }, "References": [ "http://www.securityfocus.com/bid/108475", "https://access.redhat.com/security/cve/CVE-2019-12378", "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825", "https://linux.oracle.com/cve/CVE-2019-12378.html", "https://linux.oracle.com/errata/ELSA-2019-4746.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", "https://lkml.org/lkml/2019/5/25/229", "https://nvd.nist.gov/vuln/detail/CVE-2019-12378", "https://www.cve.org/CVERecord?id=CVE-2019-12378" ], "PublishedDate": "2019-05-28T03:29:00.247Z", "LastModifiedDate": "2024-11-21T04:22:42.387Z" }, { "VulnerabilityID": "CVE-2019-12379", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12379", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: memory leak in con_insert_unipair in drivers/tty/vt/consolemap.c", "Description": "An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.3 } }, "References": [ "http://www.securityfocus.com/bid/108478", "https://access.redhat.com/security/cve/CVE-2019-12379", "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-next\u0026id=84ecc2f6eb1cb12e6d44818f94fa49b50f06e6ac", "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing\u0026id=15b3cd8ef46ad1b100e0d3c7e38774f330726820", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", "https://nvd.nist.gov/vuln/detail/CVE-2019-12379", "https://security.netapp.com/advisory/ntap-20190710-0002/", "https://www.cve.org/CVERecord?id=CVE-2019-12379" ], "PublishedDate": "2019-05-28T03:29:00.293Z", "LastModifiedDate": "2024-11-21T04:22:42.56Z" }, { "VulnerabilityID": "CVE-2019-12380", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12380", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: memory allocation failure in the efi subsystem leads to denial of service", "Description": "**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.", "Severity": "LOW", "CweIDs": [ "CWE-388" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html", "http://www.securityfocus.com/bid/108477", "https://access.redhat.com/security/cve/CVE-2019-12380", "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e", "https://linux.oracle.com/cve/CVE-2019-12380.html", "https://linux.oracle.com/errata/ELSA-2020-5913.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", "https://nvd.nist.gov/vuln/detail/CVE-2019-12380", "https://security.netapp.com/advisory/ntap-20190710-0002/", "https://ubuntu.com/security/notices/USN-4414-1", "https://ubuntu.com/security/notices/USN-4427-1", "https://ubuntu.com/security/notices/USN-4439-1", "https://usn.ubuntu.com/4414-1/", "https://usn.ubuntu.com/4427-1/", "https://usn.ubuntu.com/4439-1/", "https://www.cve.org/CVERecord?id=CVE-2019-12380" ], "PublishedDate": "2019-05-28T03:29:00.357Z", "LastModifiedDate": "2024-11-21T04:22:42.717Z" }, { "VulnerabilityID": "CVE-2019-12381", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12381", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: unchecked kmalloc of new_ra in ip_ra_control leads to denial of service", "Description": "An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.securityfocus.com/bid/108473", "https://access.redhat.com/security/cve/CVE-2019-12381", "https://bugzilla.redhat.com/show_bug.cgi?id=1715501", "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=425aa0e1d01513437668fa3d4a971168bbaa8515", "https://linux.oracle.com/cve/CVE-2019-12381.html", "https://linux.oracle.com/errata/ELSA-2019-4746.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", "https://lkml.org/lkml/2019/5/25/230", "https://nvd.nist.gov/vuln/detail/CVE-2019-12381", "https://www.cve.org/CVERecord?id=CVE-2019-12381" ], "PublishedDate": "2019-05-28T03:29:00.403Z", "LastModifiedDate": "2024-11-21T04:22:42.883Z" }, { "VulnerabilityID": "CVE-2019-12382", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12382", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service", "Description": "An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html", "http://www.securityfocus.com/bid/108474", "https://access.redhat.com/security/cve/CVE-2019-12382", "https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f", "https://linux.oracle.com/cve/CVE-2019-12382.html", "https://linux.oracle.com/errata/ELSA-2020-1016.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/", "https://lkml.org/lkml/2019/5/24/843", "https://lore.kernel.org/lkml/87o93u7d3s.fsf%40intel.com/", "https://nvd.nist.gov/vuln/detail/CVE-2019-12382", "https://salsa.debian.org/kernel-team/kernel-sec/blob/master/retired/CVE-2019-12382", "https://www.cve.org/CVERecord?id=CVE-2019-12382" ], "PublishedDate": "2019-05-28T03:29:00.467Z", "LastModifiedDate": "2024-11-21T04:22:43.04Z" }, { "VulnerabilityID": "CVE-2019-12455", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12455", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: null pointer dereference in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c causing denial of service", "Description": "An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-12455", "https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3\u0026id=fcdf445ff42f036d22178b49cf64e92d527c1330", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "https://nvd.nist.gov/vuln/detail/CVE-2019-12455", "https://security.netapp.com/advisory/ntap-20190710-0002/", "https://www.cve.org/CVERecord?id=CVE-2019-12455", "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2010240.html" ], "PublishedDate": "2019-05-30T04:29:02.103Z", "LastModifiedDate": "2024-11-21T04:22:53.21Z" }, { "VulnerabilityID": "CVE-2019-12456", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: double fetch in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c", "Description": "An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \"double fetch\" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 3, "photon": 3, "redhat": 3 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.2, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html", "https://access.redhat.com/security/cve/CVE-2019-12456", "https://bugzilla.redhat.com/show_bug.cgi?id=1717182", "https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=5.3/scsi-queue\u0026id=86e5aca7fa2927060839f3e3b40c8bd65a7e8d1e", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/", "https://lkml.org/lkml/2019/5/29/1164", "https://nvd.nist.gov/vuln/detail/CVE-2019-12456", "https://support.f5.com/csp/article/K84310302", "https://support.f5.com/csp/article/K84310302?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://www.cve.org/CVERecord?id=CVE-2019-12456" ], "PublishedDate": "2019-05-30T14:29:01.89Z", "LastModifiedDate": "2024-11-21T04:22:53.367Z" }, { "VulnerabilityID": "CVE-2019-16229", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16229", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: null pointer dereference in drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c", "Description": "drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-16229", "https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3", "https://lkml.org/lkml/2019/9/9/487", "https://nvd.nist.gov/vuln/detail/CVE-2019-16229", "https://security.netapp.com/advisory/ntap-20191004-0001/", "https://ubuntu.com/security/notices/USN-4284-1", "https://ubuntu.com/security/notices/USN-4285-1", "https://ubuntu.com/security/notices/USN-4287-1", "https://ubuntu.com/security/notices/USN-4287-2", "https://usn.ubuntu.com/4284-1/", "https://usn.ubuntu.com/4285-1/", "https://usn.ubuntu.com/4287-1/", "https://usn.ubuntu.com/4287-2/", "https://www.cve.org/CVERecord?id=CVE-2019-16229" ], "PublishedDate": "2019-09-11T16:15:10.957Z", "LastModifiedDate": "2024-11-21T04:30:19.54Z" }, { "VulnerabilityID": "CVE-2019-16230", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16230", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: null pointer dereference in drivers/gpu/drm/radeon/radeon_display.c", "Description": "drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-16230", "https://bugzilla.suse.com/show_bug.cgi?id=1150468", "https://lkml.org/lkml/2019/9/9/487", "https://nvd.nist.gov/vuln/detail/CVE-2019-16230", "https://security.netapp.com/advisory/ntap-20191004-0001/", "https://www.cve.org/CVERecord?id=CVE-2019-16230" ], "PublishedDate": "2019-09-11T16:15:11.13Z", "LastModifiedDate": "2024-11-21T04:30:19.707Z" }, { "VulnerabilityID": "CVE-2019-16231", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16231", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c", "Description": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "debian": 1, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", "https://access.redhat.com/security/cve/CVE-2019-16231", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=85ac30fa2e24f628e9f4f9344460f4015d33fd7d", "https://linux.oracle.com/cve/CVE-2019-16231.html", "https://linux.oracle.com/errata/ELSA-2020-5533.html", "https://lkml.org/lkml/2019/9/9/487", "https://lore.kernel.org/lkml/CADJ_3a8WFrs5NouXNqS5WYe7rebFP+_A5CheeqAyD_p7DFJJcg@mail.gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2019-16231", "https://security.netapp.com/advisory/ntap-20191004-0001/", "https://ubuntu.com/security/notices/USN-4225-1", "https://ubuntu.com/security/notices/USN-4225-2", "https://ubuntu.com/security/notices/USN-4226-1", "https://ubuntu.com/security/notices/USN-4227-1", "https://ubuntu.com/security/notices/USN-4227-2", "https://ubuntu.com/security/notices/USN-4904-1", "https://usn.ubuntu.com/4225-1/", "https://usn.ubuntu.com/4225-2/", "https://usn.ubuntu.com/4226-1/", "https://usn.ubuntu.com/4227-1/", "https://usn.ubuntu.com/4227-2/", "https://www.cve.org/CVERecord?id=CVE-2019-16231" ], "PublishedDate": "2019-09-11T16:15:11.317Z", "LastModifiedDate": "2024-11-21T04:30:19.863Z" }, { "VulnerabilityID": "CVE-2019-16232", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16232", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: null-pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c", "Description": "drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html", "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html", "https://access.redhat.com/security/cve/CVE-2019-16232", "https://linux.oracle.com/cve/CVE-2019-16232.html", "https://linux.oracle.com/errata/ELSA-2020-5804.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/", "https://lkml.org/lkml/2019/9/9/487", "https://nvd.nist.gov/vuln/detail/CVE-2019-16232", "https://security.netapp.com/advisory/ntap-20191004-0001/", "https://ubuntu.com/security/notices/USN-4284-1", "https://ubuntu.com/security/notices/USN-4285-1", "https://ubuntu.com/security/notices/USN-4287-1", "https://ubuntu.com/security/notices/USN-4287-2", "https://ubuntu.com/security/notices/USN-4904-1", "https://usn.ubuntu.com/4284-1/", "https://usn.ubuntu.com/4285-1/", "https://usn.ubuntu.com/4287-1/", "https://usn.ubuntu.com/4287-2/", "https://www.cve.org/CVERecord?id=CVE-2019-16232" ], "PublishedDate": "2019-09-11T16:15:11.457Z", "LastModifiedDate": "2024-11-21T04:30:20.023Z" }, { "VulnerabilityID": "CVE-2019-16233", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16233", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c", "Description": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "debian": 1, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html", "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", "https://access.redhat.com/security/cve/CVE-2019-16233", "https://linux.oracle.com/cve/CVE-2019-16233.html", "https://linux.oracle.com/errata/ELSA-2020-5508.html", "https://lkml.org/lkml/2019/9/9/487", "https://nvd.nist.gov/vuln/detail/CVE-2019-16233", "https://security.netapp.com/advisory/ntap-20191004-0001/", "https://ubuntu.com/security/notices/USN-4226-1", "https://ubuntu.com/security/notices/USN-4227-1", "https://ubuntu.com/security/notices/USN-4227-2", "https://ubuntu.com/security/notices/USN-4346-1", "https://usn.ubuntu.com/4226-1/", "https://usn.ubuntu.com/4227-1/", "https://usn.ubuntu.com/4227-2/", "https://usn.ubuntu.com/4346-1/", "https://www.cve.org/CVERecord?id=CVE-2019-16233" ], "PublishedDate": "2019-09-11T16:15:11.647Z", "LastModifiedDate": "2024-11-21T04:30:20.19Z" }, { "VulnerabilityID": "CVE-2019-16234", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16234", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c", "Description": "drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html", "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html", "https://access.redhat.com/security/cve/CVE-2019-16234", "https://linux.oracle.com/cve/CVE-2019-16234.html", "https://linux.oracle.com/errata/ELSA-2020-5804.html", "https://lkml.org/lkml/2019/9/9/487", "https://lore.kernel.org/lkml/CADJ_3a8WFrs5NouXNqS5WYe7rebFP+_A5CheeqAyD_p7DFJJcg@mail.gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2019-16234", "https://security.netapp.com/advisory/ntap-20191004-0001/", "https://ubuntu.com/security/notices/USN-4342-1", "https://ubuntu.com/security/notices/USN-4344-1", "https://ubuntu.com/security/notices/USN-4345-1", "https://ubuntu.com/security/notices/USN-4346-1", "https://usn.ubuntu.com/4342-1/", "https://usn.ubuntu.com/4344-1/", "https://usn.ubuntu.com/4345-1/", "https://usn.ubuntu.com/4346-1/", "https://www.cve.org/CVERecord?id=CVE-2019-16234" ], "PublishedDate": "2019-09-11T16:15:11.77Z", "LastModifiedDate": "2024-11-21T04:30:20.35Z" }, { "VulnerabilityID": "CVE-2019-19070", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19070", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c allows for a DoS", "Description": "A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.8, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19070", "https://bugzilla.suse.com/show_bug.cgi?id=1157294", "https://github.com/torvalds/linux/commit/d3b0ffa1d75d5305ebe34735598993afbb8a869d", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", "https://nvd.nist.gov/vuln/detail/CVE-2019-19070", "https://www.cve.org/CVERecord?id=CVE-2019-19070" ], "PublishedDate": "2019-11-18T06:15:12.983Z", "LastModifiedDate": "2024-11-21T04:34:07.783Z" }, { "VulnerabilityID": "CVE-2019-19378", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19378", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c", "Description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19378", "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378", "https://nvd.nist.gov/vuln/detail/CVE-2019-19378", "https://security.netapp.com/advisory/ntap-20200103-0001/", "https://www.cve.org/CVERecord?id=CVE-2019-19378" ], "PublishedDate": "2019-11-29T17:15:11.84Z", "LastModifiedDate": "2024-11-21T04:34:40.707Z" }, { "VulnerabilityID": "CVE-2020-11725", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-11725", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: improper handling of private_size*count multiplication due to count=info-\u003eowner typo", "Description": "snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u003eowner line, which later affects a private_size*count multiplication for unspecified \"interesting side effects.\" NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u003eowner field to represent data unrelated to the \"owner\" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u003eowner field in a safe way", "Severity": "LOW", "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-11725", "https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474", "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai%40suse.de/", "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/", "https://nvd.nist.gov/vuln/detail/CVE-2020-11725", "https://twitter.com/yabbadabbadrew/status/1248632267028582400", "https://www.cve.org/CVERecord?id=CVE-2020-11725" ], "PublishedDate": "2020-04-12T22:15:11.9Z", "LastModifiedDate": "2024-11-21T04:58:29.453Z" }, { "VulnerabilityID": "CVE-2020-35501", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35501", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability", "Description": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem", "Severity": "LOW", "CweIDs": [ "CWE-863" ], "VendorSeverity": { "cbl-mariner": 1, "debian": 1, "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "V2Score": 3.6, "V3Score": 3.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "V3Score": 3.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-35501", "https://bugzilla.redhat.com/show_bug.cgi?id=1908577", "https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-35501", "https://www.cve.org/CVERecord?id=CVE-2020-35501", "https://www.openwall.com/lists/oss-security/2021/02/18/1" ], "PublishedDate": "2022-03-30T16:15:08.673Z", "LastModifiedDate": "2024-11-21T05:27:26.22Z" }, { "VulnerabilityID": "CVE-2021-26934", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-26934", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...", "Description": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", "Severity": "LOW", "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 } }, "References": [ "http://xenbits.xen.org/xsa/advisory-363.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/", "https://nvd.nist.gov/vuln/detail/CVE-2021-26934", "https://security.netapp.com/advisory/ntap-20210326-0001/", "https://www.cve.org/CVERecord?id=CVE-2021-26934", "https://www.openwall.com/lists/oss-security/2021/02/16/2", "https://xenbits.xen.org/xsa/advisory-363.html" ], "PublishedDate": "2021-02-17T02:15:13.143Z", "LastModifiedDate": "2024-11-21T05:57:04.8Z" }, { "VulnerabilityID": "CVE-2021-3714", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3714", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Remote Page Deduplication Attacks", "Description": "A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3714", "https://arxiv.org/abs/2111.08553", "https://arxiv.org/pdf/2111.08553.pdf", "https://bugzilla.redhat.com/show_bug.cgi?id=1931327", "https://nvd.nist.gov/vuln/detail/CVE-2021-3714", "https://www.cve.org/CVERecord?id=CVE-2021-3714" ], "PublishedDate": "2022-08-23T16:15:09.6Z", "LastModifiedDate": "2024-11-21T06:22:13.803Z" }, { "VulnerabilityID": "CVE-2022-0400", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0400", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Out of bounds read in the smc protocol stack", "Description": "An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0400", "https://bugzilla.redhat.com/show_bug.cgi?id=2040604", "https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)", "https://bugzilla.redhat.com/show_bug.cgi?id=2044575", "https://nvd.nist.gov/vuln/detail/CVE-2022-0400", "https://www.cve.org/CVERecord?id=CVE-2022-0400" ], "PublishedDate": "2022-08-29T15:15:09.423Z", "LastModifiedDate": "2024-11-21T06:38:32.81Z" }, { "VulnerabilityID": "CVE-2022-1247", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1247", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: A race condition bug in rose_connect()", "Description": "An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u003euse to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-1247", "https://bugzilla.redhat.com/show_bug.cgi?id=2066799", "https://lore.kernel.org/all/20220711013111.33183-1-duoming@zju.edu.cn/", "https://lore.kernel.org/all/cover.1656031586.git.duoming@zju.edu.cn/", "https://nvd.nist.gov/vuln/detail/CVE-2022-1247", "https://www.cve.org/CVERecord?id=CVE-2022-1247" ], "PublishedDate": "2022-08-31T16:15:09.177Z", "LastModifiedDate": "2024-11-21T06:40:20.19Z" }, { "VulnerabilityID": "CVE-2022-25265", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25265", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Executable Space Protection Bypass", "Description": "In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.", "Severity": "LOW", "CweIDs": [ "CWE-913" ], "VendorSeverity": { "alma": 3, "cbl-mariner": 3, "debian": 1, "nvd": 3, "oracle-oval": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.4, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2951", "https://access.redhat.com/security/cve/CVE-2022-25265", "https://bugzilla.redhat.com/2055499", "https://bugzilla.redhat.com/2061703", "https://bugzilla.redhat.com/2078466", "https://bugzilla.redhat.com/2084125", "https://bugzilla.redhat.com/2085300", "https://bugzilla.redhat.com/2090723", "https://bugzilla.redhat.com/2108691", "https://bugzilla.redhat.com/2108696", "https://bugzilla.redhat.com/2114937", "https://bugzilla.redhat.com/2122228", "https://bugzilla.redhat.com/2122960", "https://bugzilla.redhat.com/2123056", "https://bugzilla.redhat.com/2124788", "https://bugzilla.redhat.com/2127985", "https://bugzilla.redhat.com/2130141", "https://bugzilla.redhat.com/2133483", "https://bugzilla.redhat.com/2134377", "https://bugzilla.redhat.com/2134451", "https://bugzilla.redhat.com/2134506", "https://bugzilla.redhat.com/2134517", "https://bugzilla.redhat.com/2134528", "https://bugzilla.redhat.com/2137979", "https://bugzilla.redhat.com/2143893", "https://bugzilla.redhat.com/2143943", "https://bugzilla.redhat.com/2144720", "https://bugzilla.redhat.com/2150947", "https://bugzilla.redhat.com/2150960", "https://bugzilla.redhat.com/2150979", "https://bugzilla.redhat.com/2150999", "https://bugzilla.redhat.com/2151270", "https://bugzilla.redhat.com/2154171", "https://bugzilla.redhat.com/2154235", "https://bugzilla.redhat.com/2160023", "https://bugzilla.redhat.com/2162120", "https://bugzilla.redhat.com/2165721", "https://bugzilla.redhat.com/2168246", "https://bugzilla.redhat.com/2168297", "https://bugzilla.redhat.com/2176192", "https://bugzilla.redhat.com/2180936", "https://errata.almalinux.org/8/ALSA-2023-2951.html", "https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294", "https://github.com/x0reaxeax/exec-prot-bypass", "https://linux.oracle.com/cve/CVE-2022-25265.html", "https://linux.oracle.com/errata/ELSA-2023-2951.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-25265", "https://security.netapp.com/advisory/ntap-20220318-0005/", "https://www.cve.org/CVERecord?id=CVE-2022-25265" ], "PublishedDate": "2022-02-16T21:15:08.017Z", "LastModifiedDate": "2024-11-21T06:51:54.567Z" }, { "VulnerabilityID": "CVE-2022-2961", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2961", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: race condition in rose_bind()", "Description": "A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "Severity": "LOW", "CweIDs": [ "CWE-416", "CWE-362" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-2961", "https://nvd.nist.gov/vuln/detail/CVE-2022-2961", "https://security.netapp.com/advisory/ntap-20230214-0004/", "https://www.cve.org/CVERecord?id=CVE-2022-2961" ], "PublishedDate": "2022-08-29T15:15:10.81Z", "LastModifiedDate": "2024-11-21T07:01:59.55Z" }, { "VulnerabilityID": "CVE-2022-3238", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously", "Description": "A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "Severity": "LOW", "CweIDs": [ "CWE-459", "CWE-415" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3238", "https://bugzilla.redhat.com/show_bug.cgi?id=2127927", "https://nvd.nist.gov/vuln/detail/CVE-2022-3238", "https://www.cve.org/CVERecord?id=CVE-2022-3238" ], "PublishedDate": "2022-11-14T21:15:16.163Z", "LastModifiedDate": "2025-05-01T14:15:27.813Z" }, { "VulnerabilityID": "CVE-2022-41848", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41848", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: Race condition between mgslpc_ioctl and mgslpc_detach", "Description": "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.", "Severity": "LOW", "CweIDs": [ "CWE-362", "CWE-416" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41848", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c", "https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270", "https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270", "https://nvd.nist.gov/vuln/detail/CVE-2022-41848", "https://www.cve.org/CVERecord?id=CVE-2022-41848" ], "PublishedDate": "2022-09-30T06:15:11.58Z", "LastModifiedDate": "2025-05-20T20:15:27.49Z" }, { "VulnerabilityID": "CVE-2022-44032", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44032", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Kernel: Race between cmm_open() and cm4000_detach() result in UAF", "Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-44032", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", "https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/", "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/", "https://lore.kernel.org/lkml/20220919040701.GA302806%40ubuntu/", "https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/", "https://nvd.nist.gov/vuln/detail/CVE-2022-44032", "https://www.cve.org/CVERecord?id=CVE-2022-44032" ], "PublishedDate": "2022-10-30T01:15:08.823Z", "LastModifiedDate": "2024-11-21T07:27:34.457Z" }, { "VulnerabilityID": "CVE-2022-44033", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44033", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Kernel: A race condition between cm4040_open() and reader_detach() may result in UAF", "Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-44033", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", "https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/", "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/", "https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/", "https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/", "https://nvd.nist.gov/vuln/detail/CVE-2022-44033", "https://www.cve.org/CVERecord?id=CVE-2022-44033" ], "PublishedDate": "2022-10-30T01:15:08.88Z", "LastModifiedDate": "2024-11-21T07:27:34.69Z" }, { "VulnerabilityID": "CVE-2022-4543", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4543", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: KASLR Prefetch Bypass Breaks KPTI", "Description": "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.", "Severity": "LOW", "CweIDs": [ "CWE-200", "CWE-203" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-4543", "https://github.com/KSPP/linux/issues/361", "https://nvd.nist.gov/vuln/detail/CVE-2022-4543", "https://www.cve.org/CVERecord?id=CVE-2022-4543", "https://www.openwall.com/lists/oss-security/2022/12/16/3", "https://www.willsroot.io/2022/12/entrybleed.html" ], "PublishedDate": "2023-01-11T15:15:09.673Z", "LastModifiedDate": "2024-11-21T07:35:27.5Z" }, { "VulnerabilityID": "CVE-2022-45884", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45884", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: use-after-free due to race condition occurring in dvb_register_device()", "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.", "Severity": "LOW", "CweIDs": [ "CWE-362", "CWE-416" ], "VendorSeverity": { "alma": 3, "cbl-mariner": 3, "debian": 1, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7549", "https://access.redhat.com/security/cve/CVE-2022-45884", "https://bugzilla.redhat.com/2148510", "https://bugzilla.redhat.com/2148517", "https://bugzilla.redhat.com/2151956", "https://bugzilla.redhat.com/2154178", "https://bugzilla.redhat.com/2224048", "https://bugzilla.redhat.com/2240249", "https://bugzilla.redhat.com/2241924", "https://bugzilla.redhat.com/show_bug.cgi?id=2148510", "https://bugzilla.redhat.com/show_bug.cgi?id=2148517", "https://bugzilla.redhat.com/show_bug.cgi?id=2151956", "https://bugzilla.redhat.com/show_bug.cgi?id=2154178", "https://bugzilla.redhat.com/show_bug.cgi?id=2224048", "https://bugzilla.redhat.com/show_bug.cgi?id=2240249", "https://bugzilla.redhat.com/show_bug.cgi?id=2241924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178", "https://errata.almalinux.org/8/ALSA-2023-7549.html", "https://errata.rockylinux.org/RLSA-2023:7549", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3", "https://linux.oracle.com/cve/CVE-2022-45884.html", "https://linux.oracle.com/errata/ELSA-2023-7549.html", "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/", "https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2022-45884", "https://security.netapp.com/advisory/ntap-20230113-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-45884" ], "PublishedDate": "2022-11-25T04:15:09.18Z", "LastModifiedDate": "2024-11-21T07:29:53.337Z" }, { "VulnerabilityID": "CVE-2022-45885", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45885", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: use-after-free due to race condition occurring in dvb_frontend.c", "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.", "Severity": "LOW", "CweIDs": [ "CWE-362", "CWE-416" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-45885", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f", "https://linux.oracle.com/cve/CVE-2022-45885.html", "https://linux.oracle.com/errata/ELSA-2023-12207.html", "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/", "https://lore.kernel.org/linux-media/20221117045925.14297-2-imv4bel@gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2022-45885", "https://security.netapp.com/advisory/ntap-20230113-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-45885" ], "PublishedDate": "2022-11-25T04:15:09.23Z", "LastModifiedDate": "2025-04-29T14:15:28.103Z" }, { "VulnerabilityID": "CVE-2023-23039", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-23039", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: tty: vcc: race condition leading to use-after-free in vcc_open()", "Description": "An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "cbl-mariner": 2, "debian": 1, "nvd": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-23039", "https://lkml.org/lkml/2023/1/1/169", "https://nvd.nist.gov/vuln/detail/CVE-2023-23039", "https://www.cve.org/CVERecord?id=CVE-2023-23039" ], "PublishedDate": "2023-02-22T17:15:11.997Z", "LastModifiedDate": "2025-03-20T21:15:17.85Z" }, { "VulnerabilityID": "CVE-2023-26242", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26242", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...", "Description": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.", "Severity": "LOW", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "cbl-mariner": 3, "debian": 1, "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://bugzilla.suse.com/show_bug.cgi?id=1208518", "https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2023-26242", "https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com", "https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/", "https://security.netapp.com/advisory/ntap-20230406-0002/", "https://www.cve.org/CVERecord?id=CVE-2023-26242" ], "PublishedDate": "2023-02-21T01:15:11.423Z", "LastModifiedDate": "2025-05-05T16:15:31.123Z" }, { "VulnerabilityID": "CVE-2023-31081", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31081", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_brid ...", "Description": "An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb-\u003emux=NULL occurs, it executes vidtv_mux_stop_thread(dvb-\u003emux).", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://bugzilla.suse.com/show_bug.cgi?id=1210782", "https://lore.kernel.org/all/CA+UBctDXyiosaiR7YNKCs8k0aWu4gU+YutRcnC+TDJkXpHjQag%40mail.gmail.com/", "https://security.netapp.com/advisory/ntap-20230929-0003/" ], "PublishedDate": "2023-04-24T06:15:07.447Z", "LastModifiedDate": "2025-02-04T20:15:48.993Z" }, { "VulnerabilityID": "CVE-2023-31085", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31085", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: divide-by-zero error in ctrl_cdev_ioctl when do_div happens and erasesize is 0", "Description": "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd-\u003eerasesize), used indirectly by ctrl_cdev_ioctl, when mtd-\u003eerasesize is 0.", "Severity": "LOW", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "debian": 1, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-31085", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=017c73a34a661a861712f7cc1393a123e5b2208c", "https://lore.kernel.org/all/20230831111100.26862-1-jack@suse.cz/T/#u", "https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra%40nod.at/", "https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/", "https://nvd.nist.gov/vuln/detail/CVE-2023-31085", "https://patchwork.ozlabs.org/project/linux-mtd/patch/20230423111041.684297-1-chengzhihao1@huawei.com/", "https://security.netapp.com/advisory/ntap-20230929-0003/", "https://ubuntu.com/security/notices/USN-6461-1", "https://ubuntu.com/security/notices/USN-6494-1", "https://ubuntu.com/security/notices/USN-6494-2", "https://ubuntu.com/security/notices/USN-6495-1", "https://ubuntu.com/security/notices/USN-6495-2", "https://ubuntu.com/security/notices/USN-6496-1", "https://ubuntu.com/security/notices/USN-6496-2", "https://ubuntu.com/security/notices/USN-6502-1", "https://ubuntu.com/security/notices/USN-6502-2", "https://ubuntu.com/security/notices/USN-6502-3", "https://ubuntu.com/security/notices/USN-6502-4", "https://ubuntu.com/security/notices/USN-6503-1", "https://ubuntu.com/security/notices/USN-6516-1", "https://ubuntu.com/security/notices/USN-6520-1", "https://ubuntu.com/security/notices/USN-6532-1", "https://ubuntu.com/security/notices/USN-6537-1", "https://ubuntu.com/security/notices/USN-6572-1", "https://www.cve.org/CVERecord?id=CVE-2023-31085" ], "PublishedDate": "2023-04-24T06:15:08.093Z", "LastModifiedDate": "2024-11-21T08:01:23.17Z" }, { "VulnerabilityID": "CVE-2023-3640", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3640", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space", "Description": "A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.", "Severity": "LOW", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6583", "https://access.redhat.com/security/cve/CVE-2023-3640", "https://bugzilla.redhat.com/show_bug.cgi?id=2217523", "https://nvd.nist.gov/vuln/detail/CVE-2023-3640", "https://www.cve.org/CVERecord?id=CVE-2023-3640" ], "PublishedDate": "2023-07-24T16:15:13.063Z", "LastModifiedDate": "2025-04-15T12:15:17.84Z" }, { "VulnerabilityID": "CVE-2024-0564", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0564", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication", "Description": "A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is \"max page sharing=256\", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's \"max page share\". Through these operations, the attacker can leak the victim's page.", "Severity": "LOW", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "debian": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-0564", "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513", "https://bugzilla.redhat.com/show_bug.cgi?id=2258514", "https://link.springer.com/conference/wisa", "https://nvd.nist.gov/vuln/detail/CVE-2024-0564", "https://wisa.or.kr/accepted", "https://www.cve.org/CVERecord?id=CVE-2024-0564" ], "PublishedDate": "2024-01-30T15:15:08.687Z", "LastModifiedDate": "2024-11-25T09:15:05.7Z" }, { "VulnerabilityID": "CVE-2025-37880", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37880", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: um: work around sched_yield not yielding in time-travel mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: work around sched_yield not yielding in time-travel mode\n\nsched_yield by a userspace may not actually cause scheduling in\ntime-travel mode as no time has passed. In the case seen it appears to\nbe a badly implemented userspace spinlock in ASAN. Unfortunately, with\ntime-travel it causes an extreme slowdown or even deadlock depending on\nthe kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS).\n\nWork around it by accounting time to the process whenever it executes a\nsched_yield syscall.", "Severity": "LOW", "VendorSeverity": { "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37880", "https://git.kernel.org/linus/887c5c12e80c8424bd471122d2e8b6b462e12874 (6.15-rc1)", "https://git.kernel.org/stable/c/887c5c12e80c8424bd471122d2e8b6b462e12874", "https://git.kernel.org/stable/c/990ddc65173776f1e01e7135d8c1fd5f8fd4d5d2", "https://git.kernel.org/stable/c/da780c4a075ba2deb05ae29f0af4a990578c7901", "https://linux.oracle.com/cve/CVE-2025-37880.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050943-CVE-2025-37880-3f3c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37880", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37880" ], "PublishedDate": "2025-05-09T07:16:09.257Z", "LastModifiedDate": "2025-05-18T07:15:19.287Z" }, { "VulnerabilityID": "CVE-2025-40325", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40325", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "kernel: md/raid10: wait barrier before returning discard request with REQ_NOWAIT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: wait barrier before returning discard request with REQ_NOWAIT\n\nraid10_handle_discard should wait barrier before returning a discard bio\nwhich has REQ_NOWAIT. And there is no need to print warning calltrace\nif a discard bio has REQ_NOWAIT flag. Quality engineer usually checks\ndmesg and reports error if dmesg has warning/error calltrace.", "Severity": "LOW", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40325", "https://git.kernel.org/linus/3db4404435397a345431b45f57876a3df133f3b4 (6.15-rc1)", "https://git.kernel.org/stable/c/31d3156efe909b53ba174861a3da880c688f5edc", "https://git.kernel.org/stable/c/3db4404435397a345431b45f57876a3df133f3b4", "https://lore.kernel.org/linux-cve-announce/2025041822-CVE-2025-40325-3cc4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40325", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-40325" ], "PublishedDate": "2025-04-18T07:15:44.87Z", "LastModifiedDate": "2025-04-21T14:23:45.95Z" }, { "VulnerabilityID": "TEMP-0000000-F7A20F", "PkgID": "linux-libc-dev@6.12.48-1", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/debian/linux-libc-dev@6.12.48-1?arch=all\u0026distro=debian-13.1", "UID": "b3977698549e3dbb" }, "InstalledVersion": "6.12.48-1", "Status": "affected", "Layer": { "DiffID": "sha256:d4105f34d1926efb82629b2ee524dcb4ba7531bbed239fe7d74006d7cd89d5ad" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0000000-F7A20F", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[Kernel: Unprivileged user can freeze journald]", "Severity": "LOW", "VendorSeverity": { "debian": 1 } }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "9a6da06303db8b93" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2007-5686", "PkgID": "login.defs@1:4.17.4-2", "PkgName": "login.defs", "PkgIdentifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.1\u0026epoch=1", "UID": "b2ebc9108569350a" }, "InstalledVersion": "1:4.17.4-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "Severity": "LOW", "CweIDs": [ "CWE-264" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "V2Score": 4.9 } }, "References": [ "http://secunia.com/advisories/27215", "http://www.securityfocus.com/archive/1/482129/100/100/threaded", "http://www.securityfocus.com/archive/1/482857/100/0/threaded", "http://www.securityfocus.com/bid/26048", "http://www.vupen.com/english/advisories/2007/3474", "https://issues.rpath.com/browse/RPL-1825" ], "PublishedDate": "2007-10-28T17:08:00Z", "LastModifiedDate": "2024-11-21T00:38:27.587Z" }, { "VulnerabilityID": "CVE-2024-56433", "PkgID": "login.defs@1:4.17.4-2", "PkgName": "login.defs", "PkgIdentifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.1\u0026epoch=1", "UID": "b2ebc9108569350a" }, "InstalledVersion": "1:4.17.4-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", "Description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "Severity": "LOW", "CweIDs": [ "CWE-1188" ], "VendorSeverity": { "azure": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 3.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56433", "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", "https://github.com/shadow-maint/shadow/issues/1157", "https://github.com/shadow-maint/shadow/releases/tag/4.4", "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "https://www.cve.org/CVERecord?id=CVE-2024-56433" ], "PublishedDate": "2024-12-26T09:15:07.267Z", "LastModifiedDate": "2024-12-26T09:15:07.267Z" }, { "VulnerabilityID": "TEMP-0628843-DBAD28", "PkgID": "login.defs@1:4.17.4-2", "PkgName": "login.defs", "PkgIdentifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.1\u0026epoch=1", "UID": "b2ebc9108569350a" }, "InstalledVersion": "1:4.17.4-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[more related to CVE-2005-4890]", "Severity": "LOW", "VendorSeverity": { "debian": 1 } }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "c6fdc5cf989db569" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" }, { "VulnerabilityID": "CVE-2025-6141", "PkgID": "ncurses-base@6.5+20250216-2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.1", "UID": "76a1fb5936f344dc" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnu-ncurses: ncurses Stack Buffer Overflow", "Description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-121" ], "VendorSeverity": { "photon": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-6141", "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-6141", "https://vuldb.com/?ctiid.312610", "https://vuldb.com/?id.312610", "https://vuldb.com/?submit.593000", "https://www.cve.org/CVERecord?id=CVE-2025-6141", "https://www.gnu.org/" ], "PublishedDate": "2025-06-16T22:16:41.527Z", "LastModifiedDate": "2025-06-17T20:50:23.507Z" }, { "VulnerabilityID": "CVE-2025-6141", "PkgID": "ncurses-bin@6.5+20250216-2", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.1", "UID": "d03e89ad6a7a5243" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "gnu-ncurses: ncurses Stack Buffer Overflow", "Description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-121" ], "VendorSeverity": { "photon": 1, "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-6141", "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-6141", "https://vuldb.com/?ctiid.312610", "https://vuldb.com/?id.312610", "https://vuldb.com/?submit.593000", "https://www.cve.org/CVERecord?id=CVE-2025-6141", "https://www.gnu.org/" ], "PublishedDate": "2025-06-16T22:16:41.527Z", "LastModifiedDate": "2025-06-17T20:50:23.507Z" }, { "VulnerabilityID": "CVE-2007-5686", "PkgID": "passwd@1:4.17.4-2", "PkgName": "passwd", "PkgIdentifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "5e15080d1eeaf8e8" }, "InstalledVersion": "1:4.17.4-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "Severity": "LOW", "CweIDs": [ "CWE-264" ], "VendorSeverity": { "debian": 1, "nvd": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "V2Score": 4.9 } }, "References": [ "http://secunia.com/advisories/27215", "http://www.securityfocus.com/archive/1/482129/100/100/threaded", "http://www.securityfocus.com/archive/1/482857/100/0/threaded", "http://www.securityfocus.com/bid/26048", "http://www.vupen.com/english/advisories/2007/3474", "https://issues.rpath.com/browse/RPL-1825" ], "PublishedDate": "2007-10-28T17:08:00Z", "LastModifiedDate": "2024-11-21T00:38:27.587Z" }, { "VulnerabilityID": "CVE-2024-56433", "PkgID": "passwd@1:4.17.4-2", "PkgName": "passwd", "PkgIdentifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "5e15080d1eeaf8e8" }, "InstalledVersion": "1:4.17.4-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", "Description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "Severity": "LOW", "CweIDs": [ "CWE-1188" ], "VendorSeverity": { "azure": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 3.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56433", "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", "https://github.com/shadow-maint/shadow/issues/1157", "https://github.com/shadow-maint/shadow/releases/tag/4.4", "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "https://www.cve.org/CVERecord?id=CVE-2024-56433" ], "PublishedDate": "2024-12-26T09:15:07.267Z", "LastModifiedDate": "2024-12-26T09:15:07.267Z" }, { "VulnerabilityID": "TEMP-0628843-DBAD28", "PkgID": "passwd@1:4.17.4-2", "PkgName": "passwd", "PkgIdentifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.1\u0026epoch=1", "UID": "5e15080d1eeaf8e8" }, "InstalledVersion": "1:4.17.4-2", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[more related to CVE-2005-4890]", "Severity": "LOW", "VendorSeverity": { "debian": 1 } }, { "VulnerabilityID": "CVE-2011-4116", "PkgID": "perl-base@5.40.1-6", "PkgName": "perl-base", "PkgIdentifier": { "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.1", "UID": "17f06da2c02a11c6" }, "InstalledVersion": "5.40.1-6", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "perl: File:: Temp insecure temporary file handling", "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "Severity": "LOW", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "debian": 1, "nvd": 1, "redhat": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:S/C:N/I:P/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V2Score": 1.5, "V3Score": 3.3 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "V2Score": 1.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2011/11/04/2", "http://www.openwall.com/lists/oss-security/2011/11/04/4", "https://access.redhat.com/security/cve/CVE-2011-4116", "https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14", "https://nvd.nist.gov/vuln/detail/CVE-2011-4116", "https://rt.cpan.org/Public/Bug/Display.html?id=69106", "https://seclists.org/oss-sec/2011/q4/238", "https://www.cve.org/CVERecord?id=CVE-2011-4116" ], "PublishedDate": "2020-01-31T18:15:11.343Z", "LastModifiedDate": "2025-08-04T19:04:38.29Z" }, { "VulnerabilityID": "TEMP-0517018-A83CE6", "PkgID": "sysvinit-utils@3.14-4", "PkgName": "sysvinit-utils", "PkgIdentifier": { "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.1", "UID": "c7e8999242a896a1" }, "InstalledVersion": "3.14-4", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", "Severity": "LOW", "VendorSeverity": { "debian": 1 } }, { "VulnerabilityID": "CVE-2005-2541", "PkgID": "tar@1.35+dfsg-3.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.1", "UID": "50aee76d081ea925" }, "InstalledVersion": "1.35+dfsg-3.1", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "tar: does not properly warn the user when extracting setuid or setgid files", "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "Severity": "LOW", "VendorSeverity": { "debian": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "V2Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://marc.info/?l=bugtraq\u0026m=112327628230258\u0026w=2", "https://access.redhat.com/security/cve/CVE-2005-2541", "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2005-2541", "https://www.cve.org/CVERecord?id=CVE-2005-2541" ], "PublishedDate": "2005-08-10T04:00:00Z", "LastModifiedDate": "2025-04-03T01:03:51.193Z" }, { "VulnerabilityID": "TEMP-0290435-0B57B5", "PkgID": "tar@1.35+dfsg-3.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.1", "UID": "50aee76d081ea925" }, "InstalledVersion": "1.35+dfsg-3.1", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "[tar's rmt command may have undesired side effects]", "Severity": "LOW", "VendorSeverity": { "debian": 1 } }, { "VulnerabilityID": "CVE-2022-0563", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.1", "UID": "38be4846f19b7fa" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "DiffID": "sha256:1d46119d249f7719e1820e24a311aa7c453f166f714969cffe89504678eaa447" }, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "Severity": "LOW", "CweIDs": [ "CWE-209" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "debian": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0563", "https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u", "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", "https://security.gentoo.org/glsa/202401-08", "https://security.netapp.com/advisory/ntap-20220331-0002/", "https://www.cve.org/CVERecord?id=CVE-2022-0563" ], "PublishedDate": "2022-02-21T19:15:08.393Z", "LastModifiedDate": "2025-06-09T16:15:33.237Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "Name": "Flask", "Identifier": { "PURL": "pkg:pypi/flask@3.0.0", "UID": "792ab50b1202469a" }, "Version": "3.0.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/flask-3.0.0.dist-info/METADATA" }, { "Name": "Flask-Cors", "Identifier": { "PURL": "pkg:pypi/flask-cors@4.0.0", "UID": "910a4d7948ee87f4" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/Flask_Cors-4.0.0.dist-info/METADATA" }, { "Name": "Flask-Login", "Identifier": { "PURL": "pkg:pypi/flask-login@0.6.3", "UID": "8310ce677f23ee24" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/Flask_Login-0.6.3.dist-info/METADATA" }, { "Name": "Flask-Mail", "Identifier": { "PURL": "pkg:pypi/flask-mail@0.9.1", "UID": "a591e4353f70fe89" }, "Version": "0.9.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/flask_mail-0.9.1.dist-info/METADATA" }, { "Name": "Flask-SQLAlchemy", "Identifier": { "PURL": "pkg:pypi/flask-sqlalchemy@3.1.1", "UID": "5c71fef33da006b8" }, "Version": "3.1.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/flask_sqlalchemy-3.1.1.dist-info/METADATA" }, { "Name": "Jinja2", "Identifier": { "PURL": "pkg:pypi/jinja2@3.1.6", "UID": "edc3bf385467cef9" }, "Version": "3.1.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/jinja2-3.1.6.dist-info/METADATA" }, { "Name": "MarkupSafe", "Identifier": { "PURL": "pkg:pypi/markupsafe@3.0.3", "UID": "725e62e658c247b0" }, "Version": "3.0.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/markupsafe-3.0.3.dist-info/METADATA" }, { "Name": "Pillow", "Identifier": { "PURL": "pkg:pypi/pillow@10.1.0", "UID": "fa723dad57b6ca1" }, "Version": "10.1.0", "Licenses": [ "Historical Permission Notice and Disclaimer (HPND)" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/Pillow-10.1.0.dist-info/METADATA" }, { "Name": "SQLAlchemy", "Identifier": { "PURL": "pkg:pypi/sqlalchemy@2.0.44", "UID": "dc3050689801d345" }, "Version": "2.0.44", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/sqlalchemy-2.0.44.dist-info/METADATA" }, { "Name": "Werkzeug", "Identifier": { "PURL": "pkg:pypi/werkzeug@3.0.1", "UID": "c461a3807fa26ddd" }, "Version": "3.0.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/werkzeug-3.0.1.dist-info/METADATA" }, { "Name": "autocommand", "Identifier": { "PURL": "pkg:pypi/autocommand@2.2.2", "UID": "28fb792e4aae875" }, "Version": "2.2.2", "Licenses": [ "LGPL-3.0-only" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/METADATA" }, { "Name": "backports.tarfile", "Identifier": { "PURL": "pkg:pypi/backports.tarfile@1.2.0", "UID": "211f0dcf30dbe02b" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/backports.tarfile-1.2.0.dist-info/METADATA" }, { "Name": "blinker", "Identifier": { "PURL": "pkg:pypi/blinker@1.9.0", "UID": "90aa93a086471457" }, "Version": "1.9.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/blinker-1.9.0.dist-info/METADATA" }, { "Name": "click", "Identifier": { "PURL": "pkg:pypi/click@8.3.0", "UID": "d8383181ff36833e" }, "Version": "8.3.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/click-8.3.0.dist-info/METADATA" }, { "Name": "et_xmlfile", "Identifier": { "PURL": "pkg:pypi/et-xmlfile@2.0.0", "UID": "bc72db4c5369edfe" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/et_xmlfile-2.0.0.dist-info/METADATA" }, { "Name": "greenlet", "Identifier": { "PURL": "pkg:pypi/greenlet@3.2.4", "UID": "e34f50720a3aecb4" }, "Version": "3.2.4", "Licenses": [ "MIT AND Python-2.0" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/greenlet-3.2.4.dist-info/METADATA" }, { "Name": "gunicorn", "Identifier": { "PURL": "pkg:pypi/gunicorn@21.2.0", "UID": "fb59ed84f0030b85" }, "Version": "21.2.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/gunicorn-21.2.0.dist-info/METADATA" }, { "Name": "importlib_metadata", "Identifier": { "PURL": "pkg:pypi/importlib-metadata@8.0.0", "UID": "fccb22791796753" }, "Version": "8.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/METADATA" }, { "Name": "inflect", "Identifier": { "PURL": "pkg:pypi/inflect@7.3.1", "UID": "15225df3c2345864" }, "Version": "7.3.1", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/METADATA" }, { "Name": "itsdangerous", "Identifier": { "PURL": "pkg:pypi/itsdangerous@2.2.0", "UID": "cb16dba441774932" }, "Version": "2.2.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/itsdangerous-2.2.0.dist-info/METADATA" }, { "Name": "jaraco.collections", "Identifier": { "PURL": "pkg:pypi/jaraco.collections@5.1.0", "UID": "7404018bdb1dcddf" }, "Version": "5.1.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/METADATA" }, { "Name": "jaraco.context", "Identifier": { "PURL": "pkg:pypi/jaraco.context@5.3.0", "UID": "f7ada31fec6eb6e1" }, "Version": "5.3.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA" }, { "Name": "jaraco.functools", "Identifier": { "PURL": "pkg:pypi/jaraco.functools@4.0.1", "UID": "a8a927b0a51aa402" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/METADATA" }, { "Name": "jaraco.text", "Identifier": { "PURL": "pkg:pypi/jaraco.text@3.12.1", "UID": "8beda70dc6a5c90b" }, "Version": "3.12.1", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/METADATA" }, { "Name": "more-itertools", "Identifier": { "PURL": "pkg:pypi/more-itertools@10.3.0", "UID": "e3a4fae5bd9cb6ff" }, "Version": "10.3.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/METADATA" }, { "Name": "numpy", "Identifier": { "PURL": "pkg:pypi/numpy@1.26.4", "UID": "16e44d076c48356a" }, "Version": "1.26.4", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/numpy-1.26.4.dist-info/METADATA" }, { "Name": "openpyxl", "Identifier": { "PURL": "pkg:pypi/openpyxl@3.1.2", "UID": "8dfde653de8d870b" }, "Version": "3.1.2", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/openpyxl-3.1.2.dist-info/METADATA" }, { "Name": "packaging", "Identifier": { "PURL": "pkg:pypi/packaging@24.2", "UID": "1059c2064b713d74" }, "Version": "24.2", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/packaging-24.2.dist-info/METADATA" }, { "Name": "packaging", "Identifier": { "PURL": "pkg:pypi/packaging@25.0", "UID": "1b8002b98483fb72" }, "Version": "25.0", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/packaging-25.0.dist-info/METADATA" }, { "Name": "pandas", "Identifier": { "PURL": "pkg:pypi/pandas@2.1.4", "UID": "392833fc74d8f3b1" }, "Version": "2.1.4", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/pandas-2.1.4.dist-info/METADATA" }, { "Name": "pip", "Identifier": { "PURL": "pkg:pypi/pip@24.0", "UID": "55a4d9bee68c93ea" }, "Version": "24.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA" }, { "Name": "platformdirs", "Identifier": { "PURL": "pkg:pypi/platformdirs@4.2.2", "UID": "59bcbc2ec40e7908" }, "Version": "4.2.2", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/METADATA" }, { "Name": "pyotp", "Identifier": { "PURL": "pkg:pypi/pyotp@2.9.0", "UID": "9bde47e6bf4cc8a8" }, "Version": "2.9.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/pyotp-2.9.0.dist-info/METADATA" }, { "Name": "pypng", "Identifier": { "PURL": "pkg:pypi/pypng@0.20220715.0", "UID": "b59b971396b0e5bc" }, "Version": "0.20220715.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/pypng-0.20220715.0.dist-info/METADATA" }, { "Name": "python-dateutil", "Identifier": { "PURL": "pkg:pypi/python-dateutil@2.9.0.post0", "UID": "cae3bf4cc543aebe" }, "Version": "2.9.0.post0", "Licenses": [ "BSD-3-Clause", "Apache-2.0" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/python_dateutil-2.9.0.post0.dist-info/METADATA" }, { "Name": "python-dotenv", "Identifier": { "PURL": "pkg:pypi/python-dotenv@1.0.0", "UID": "d39b88ea1f20488e" }, "Version": "1.0.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/python_dotenv-1.0.0.dist-info/METADATA" }, { "Name": "pytz", "Identifier": { "PURL": "pkg:pypi/pytz@2025.2", "UID": "53a79fa96c5155fb" }, "Version": "2025.2", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/pytz-2025.2.dist-info/METADATA" }, { "Name": "qrcode", "Identifier": { "PURL": "pkg:pypi/qrcode@7.4.2", "UID": "6ec0d060c423502a" }, "Version": "7.4.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/qrcode-7.4.2.dist-info/METADATA" }, { "Name": "setuptools", "Identifier": { "PURL": "pkg:pypi/setuptools@79.0.1", "UID": "f6df67a218a98ed9" }, "Version": "79.0.1", "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools-79.0.1.dist-info/METADATA" }, { "Name": "six", "Identifier": { "PURL": "pkg:pypi/six@1.17.0", "UID": "a4d33ed3b69fa521" }, "Version": "1.17.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/six-1.17.0.dist-info/METADATA" }, { "Name": "tomli", "Identifier": { "PURL": "pkg:pypi/tomli@2.0.1", "UID": "bb20e17de4c2ec0" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/METADATA" }, { "Name": "typeguard", "Identifier": { "PURL": "pkg:pypi/typeguard@4.3.0", "UID": "5aaac91daf11c1dc" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/METADATA" }, { "Name": "typing_extensions", "Identifier": { "PURL": "pkg:pypi/typing-extensions@4.12.2", "UID": "4122d39a4c3fa9d8" }, "Version": "4.12.2", "Licenses": [ "Python Software Foundation License" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/METADATA" }, { "Name": "typing_extensions", "Identifier": { "PURL": "pkg:pypi/typing-extensions@4.15.0", "UID": "ed3cb95b41d84922" }, "Version": "4.15.0", "Licenses": [ "PSF-2.0" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/typing_extensions-4.15.0.dist-info/METADATA" }, { "Name": "tzdata", "Identifier": { "PURL": "pkg:pypi/tzdata@2025.2", "UID": "c9503e7211cb38f1" }, "Version": "2025.2", "Licenses": [ "Apache-2.0" ], "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "FilePath": "usr/local/lib/python3.11/site-packages/tzdata-2025.2.dist-info/METADATA" }, { "Name": "wheel", "Identifier": { "PURL": "pkg:pypi/wheel@0.45.1", "UID": "b90c17bff082400" }, "Version": "0.45.1", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/METADATA" }, { "Name": "wheel", "Identifier": { "PURL": "pkg:pypi/wheel@0.45.1", "UID": "ad0c7b655481c4c" }, "Version": "0.45.1", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/wheel-0.45.1.dist-info/METADATA" }, { "Name": "zipp", "Identifier": { "PURL": "pkg:pypi/zipp@3.19.2", "UID": "59961a8f13dd03f0" }, "Version": "3.19.2", "Licenses": [ "MIT" ], "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/METADATA" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-6221", "PkgName": "Flask-Cors", "PkgPath": "usr/local/lib/python3.11/site-packages/Flask_Cors-4.0.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/flask-cors@4.0.0", "UID": "910a4d7948ee87f4" }, "InstalledVersion": "4.0.0", "FixedVersion": "4.0.2", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6221", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ...", "Description": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.", "Severity": "HIGH", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://github.com/corydolphin/flask-cors", "https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf", "https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec", "https://github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548", "https://github.com/corydolphin/flask-cors/issues/362", "https://github.com/corydolphin/flask-cors/pull/363", "https://github.com/corydolphin/flask-cors/pull/368", "https://github.com/corydolphin/flask-cors/releases", "https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-71.yaml", "https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d", "https://nvd.nist.gov/vuln/detail/CVE-2024-6221", "https://ubuntu.com/security/notices/USN-7612-1", "https://www.cve.org/CVERecord?id=CVE-2024-6221" ], "PublishedDate": "2024-08-18T19:15:04.73Z", "LastModifiedDate": "2025-04-07T15:15:42.06Z" }, { "VulnerabilityID": "CVE-2024-1681", "PkgName": "Flask-Cors", "PkgPath": "usr/local/lib/python3.11/site-packages/Flask_Cors-4.0.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/flask-cors@4.0.0", "UID": "910a4d7948ee87f4" }, "InstalledVersion": "4.0.0", "FixedVersion": "4.0.1", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-1681", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "corydolphin/flask-cors is vulnerable to log injection when the log lev ...", "Description": "corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-117" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/corydolphin/flask-cors", "https://github.com/corydolphin/flask-cors/blob/40acc8092332dfed4bb54d7a4f89a6d479466de7/flask_cors/extension.py#L194", "https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644", "https://nvd.nist.gov/vuln/detail/CVE-2024-1681", "https://ubuntu.com/security/notices/USN-7612-1", "https://www.cve.org/CVERecord?id=CVE-2024-1681" ], "PublishedDate": "2024-04-19T20:15:09.273Z", "LastModifiedDate": "2025-07-30T14:44:19.44Z" }, { "VulnerabilityID": "CVE-2024-6839", "PkgName": "Flask-Cors", "PkgPath": "usr/local/lib/python3.11/site-packages/Flask_Cors-4.0.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/flask-cors@4.0.0", "UID": "910a4d7948ee87f4" }, "InstalledVersion": "4.0.0", "FixedVersion": "6.0.0", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6839", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...", "Description": "corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors.", "Severity": "MEDIUM", "CweIDs": [ "CWE-41" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/corydolphin/flask-cors", "https://github.com/corydolphin/flask-cors/blob/4.0.1/flask_cors/core.py#L73", "https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f", "https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4", "https://nvd.nist.gov/vuln/detail/CVE-2024-6839", "https://ubuntu.com/security/notices/USN-7612-1", "https://www.cve.org/CVERecord?id=CVE-2024-6839" ], "PublishedDate": "2025-03-20T10:15:33.743Z", "LastModifiedDate": "2025-08-01T12:26:41.76Z" }, { "VulnerabilityID": "CVE-2024-6844", "PkgName": "Flask-Cors", "PkgPath": "usr/local/lib/python3.11/site-packages/Flask_Cors-4.0.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/flask-cors@4.0.0", "UID": "910a4d7948ee87f4" }, "InstalledVersion": "4.0.0", "FixedVersion": "6.0.0", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6844", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...", "Description": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues.", "Severity": "MEDIUM", "CweIDs": [ "CWE-346" ], "VendorSeverity": { "ghsa": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://github.com/corydolphin/flask-cors", "https://github.com/corydolphin/flask-cors/blob/main/flask_cors/extension.py#L193", "https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536", "https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0", "https://nvd.nist.gov/vuln/detail/CVE-2024-6844", "https://ubuntu.com/security/notices/USN-7612-1", "https://www.cve.org/CVERecord?id=CVE-2024-6844" ], "PublishedDate": "2025-03-20T10:15:34.12Z", "LastModifiedDate": "2025-10-15T13:15:50.34Z" }, { "VulnerabilityID": "CVE-2024-6866", "PkgName": "Flask-Cors", "PkgPath": "usr/local/lib/python3.11/site-packages/Flask_Cors-4.0.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/flask-cors@4.0.0", "UID": "910a4d7948ee87f4" }, "InstalledVersion": "4.0.0", "FixedVersion": "6.0.0", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6866", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "corydolphin/flask-cors version 4.01 contains a vulnerability where the ...", "Description": "corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-178" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://github.com/corydolphin/flask-cors", "https://github.com/corydolphin/flask-cors/blob/4.0.1/flask_cors/extension.py#L195", "https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358", "https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6", "https://nvd.nist.gov/vuln/detail/CVE-2024-6866", "https://ubuntu.com/security/notices/USN-7612-1", "https://www.cve.org/CVERecord?id=CVE-2024-6866" ], "PublishedDate": "2025-03-20T10:15:34.62Z", "LastModifiedDate": "2025-08-01T01:36:17.26Z" }, { "VulnerabilityID": "CVE-2023-50447", "PkgName": "Pillow", "PkgPath": "usr/local/lib/python3.11/site-packages/Pillow-10.1.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pillow@10.1.0", "UID": "fa723dad57b6ca1" }, "InstalledVersion": "10.1.0", "FixedVersion": "10.2.0", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50447", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "pillow: Arbitrary Code Execution via the environment parameter", "Description": "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).", "Severity": "CRITICAL", "CweIDs": [ "CWE-94", "CWE-95" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "ghsa": 4, "nvd": 3, "oracle-oval": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/20/1", "https://access.redhat.com/errata/RHSA-2024:0893", "https://access.redhat.com/security/cve/CVE-2023-50447", "https://bugzilla.redhat.com/2259479", "https://devhub.checkmarx.com/cve-details/CVE-2023-50447", "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/", "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447", "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/", "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447", "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/", "https://errata.almalinux.org/8/ALSA-2024-0893.html", "https://github.com/python-pillow/Pillow", "https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a", "https://github.com/python-pillow/Pillow/releases", "https://linux.oracle.com/cve/CVE-2023-50447.html", "https://linux.oracle.com/errata/ELSA-2024-0893.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50447", "https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys", "https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security", "https://ubuntu.com/security/notices/USN-6618-1", "https://www.cve.org/CVERecord?id=CVE-2023-50447" ], "PublishedDate": "2024-01-19T20:15:11.87Z", "LastModifiedDate": "2024-11-21T08:37:00.967Z" }, { "VulnerabilityID": "CVE-2024-28219", "PkgName": "Pillow", "PkgPath": "usr/local/lib/python3.11/site-packages/Pillow-10.1.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pillow@10.1.0", "UID": "fa723dad57b6ca1" }, "InstalledVersion": "10.1.0", "FixedVersion": "10.3.0", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28219", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "python-pillow: buffer overflow in _imagingcms.c", "Description": "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.", "Severity": "HIGH", "CweIDs": [ "CWE-680" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "ghsa": 3, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4227", "https://access.redhat.com/security/cve/CVE-2024-28219", "https://bugzilla.redhat.com/2272563", "https://bugzilla.redhat.com/show_bug.cgi?id=2272563", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219", "https://errata.almalinux.org/8/ALSA-2024-4227.html", "https://errata.rockylinux.org/RLSA-2024:4227", "https://github.com/python-pillow/Pillow", "https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061", "https://linux.oracle.com/cve/CVE-2024-28219.html", "https://linux.oracle.com/errata/ELSA-2024-4227.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28219", "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security", "https://ubuntu.com/security/notices/USN-6744-1", "https://ubuntu.com/security/notices/USN-6744-2", "https://ubuntu.com/security/notices/USN-6744-3", "https://www.cve.org/CVERecord?id=CVE-2024-28219" ], "PublishedDate": "2024-04-03T03:15:09.71Z", "LastModifiedDate": "2025-10-15T15:20:23.397Z" }, { "VulnerabilityID": "CVE-2024-34069", "PkgName": "Werkzeug", "PkgPath": "usr/local/lib/python3.11/site-packages/werkzeug-3.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/werkzeug@3.0.1", "UID": "c461a3807fa26ddd" }, "InstalledVersion": "3.0.1", "FixedVersion": "3.0.3", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34069", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "python-werkzeug: user may execute code on a developer's machine", "Description": "Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.", "Severity": "HIGH", "CweIDs": [ "CWE-352" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-34069", "https://github.com/pallets/werkzeug", "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692", "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985", "https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/", "https://nvd.nist.gov/vuln/detail/CVE-2024-34069", "https://security.netapp.com/advisory/ntap-20240614-0004", "https://security.netapp.com/advisory/ntap-20240614-0004/", "https://ubuntu.com/security/notices/USN-6799-1", "https://www.cve.org/CVERecord?id=CVE-2024-34069" ], "PublishedDate": "2024-05-06T15:15:23.99Z", "LastModifiedDate": "2025-02-21T18:15:16.663Z" }, { "VulnerabilityID": "CVE-2024-49766", "PkgName": "Werkzeug", "PkgPath": "usr/local/lib/python3.11/site-packages/werkzeug-3.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/werkzeug@3.0.1", "UID": "c461a3807fa26ddd" }, "InstalledVersion": "3.0.1", "FixedVersion": "3.0.6", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49766", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows", "Description": "Werkzeug is a Web Server Gateway Interface web application library. On Python \u003c 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python \u003e= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49766", "https://github.com/pallets/werkzeug", "https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092", "https://github.com/pallets/werkzeug/releases/tag/3.0.6", "https://github.com/pallets/werkzeug/security/advisories/GHSA-f9vj-2wh5-fj8j", "https://nvd.nist.gov/vuln/detail/CVE-2024-49766", "https://security.netapp.com/advisory/ntap-20250131-0005", "https://security.netapp.com/advisory/ntap-20250131-0005/", "https://www.cve.org/CVERecord?id=CVE-2024-49766" ], "PublishedDate": "2024-10-25T20:15:04.41Z", "LastModifiedDate": "2025-01-31T15:15:13.69Z" }, { "VulnerabilityID": "CVE-2024-49767", "PkgName": "Werkzeug", "PkgPath": "usr/local/lib/python3.11/site-packages/werkzeug-3.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/werkzeug@3.0.1", "UID": "c461a3807fa26ddd" }, "InstalledVersion": "3.0.1", "FixedVersion": "3.0.6", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49767", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms", "Description": "Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-770" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49767", "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee", "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f", "https://github.com/pallets/werkzeug", "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b", "https://github.com/pallets/werkzeug/releases/tag/3.0.6", "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2", "https://nvd.nist.gov/vuln/detail/CVE-2024-49767", "https://security.netapp.com/advisory/ntap-20250103-0007", "https://security.netapp.com/advisory/ntap-20250103-0007/", "https://ubuntu.com/security/notices/USN-7093-1", "https://www.cve.org/CVERecord?id=CVE-2024-49767" ], "PublishedDate": "2024-10-25T20:15:04.53Z", "LastModifiedDate": "2025-01-03T12:15:26.257Z" }, { "VulnerabilityID": "CVE-2024-1135", "PkgName": "gunicorn", "PkgPath": "usr/local/lib/python3.11/site-packages/gunicorn-21.2.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/gunicorn@21.2.0", "UID": "fb59ed84f0030b85" }, "InstalledVersion": "21.2.0", "FixedVersion": "22.0.0", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-1135", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers", "Description": "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.", "Severity": "HIGH", "CweIDs": [ "CWE-444" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-1135", "https://github.com/advisories/GHSA-w3h3-4rj7-4ph4", "https://github.com/benoitc/gunicorn", "https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d", "https://github.com/benoitc/gunicorn/issues/3091", "https://github.com/benoitc/gunicorn/pull/3113", "https://github.com/benoitc/gunicorn/releases/tag/22.0.0", "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1", "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-1135", "https://www.cve.org/CVERecord?id=CVE-2024-1135" ], "PublishedDate": "2024-04-16T00:15:07.797Z", "LastModifiedDate": "2024-12-20T07:15:12.59Z" }, { "VulnerabilityID": "CVE-2024-6827", "PkgName": "gunicorn", "PkgPath": "usr/local/lib/python3.11/site-packages/gunicorn-21.2.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/gunicorn@21.2.0", "UID": "fb59ed84f0030b85" }, "InstalledVersion": "21.2.0", "FixedVersion": "22.0.0", "Status": "fixed", "Layer": { "DiffID": "sha256:5c8ead10eec416fa51de9ecda574cbf74f51f6ba634cc93fe86b7f5aa6b24bbe" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6827", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "gunicorn: HTTP Request Smuggling in benoitc/gunicorn", "Description": "Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.", "Severity": "HIGH", "CweIDs": [ "CWE-444" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-6827", "https://github.com/benoitc/gunicorn", "https://github.com/benoitc/gunicorn/issues/3087", "https://github.com/benoitc/gunicorn/issues/3278", "https://github.com/benoitc/gunicorn/pull/3113", "https://github.com/benoitc/gunicorn/releases/tag/22.0.0", "https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7", "https://nvd.nist.gov/vuln/detail/CVE-2024-6827", "https://www.cve.org/CVERecord?id=CVE-2024-6827" ], "PublishedDate": "2025-03-20T10:15:33.357Z", "LastModifiedDate": "2025-03-20T10:15:33.357Z" }, { "VulnerabilityID": "CVE-2025-8869", "PkgName": "pip", "PkgPath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@24.0", "UID": "55a4d9bee68c93ea" }, "InstalledVersion": "24.0", "Status": "affected", "Layer": { "DiffID": "sha256:dba5cbed1e08d00224b28b2e9ae8a59c121de39c36085ed722890ef0af8fee69" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Title": "pip: pip missing checks on symbolic link extraction", "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8869", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", "https://github.com/pypa/pip/pull/13550", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", "https://pip.pypa.io/en/stable/news/#v25-2", "https://www.cve.org/CVERecord?id=CVE-2025-8869" ], "PublishedDate": "2025-09-24T15:15:41.293Z", "LastModifiedDate": "2025-09-24T18:11:24.52Z" } ] } ] }