{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "media: uvcvideo: Fix double free in error path {CVE-2024-57980}\n- vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791}\n- geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858}\n- ibmvnic: Don't reference skb after sending to VIOS {CVE-2025-21855}\n- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702}\n- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993}\n- vlan: enforce underlying device type {CVE-2025-21920}\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928}\n- can: bcm: Fix UAF in bcm_proc_show() {CVE-2023-52922}\n- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices {CVE-2024-53197}\n- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg {CVE-2023-31436}\n- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). {CVE-2024-50154}\n- net: defer final 'struct net' free in netns dismantle {CVE-2024-56658}\n- smb: client: fix use-after-free of signing key {CVE-2024-53179}\n- gso: do not skip outer ip header in case of ipip and net_failover {CVE-2022-48936}",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/advisories/2025/clsa-2025_1747688581.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747688581",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747688581"
}
],
"tracking": {
"current_release_date": "2025-05-19T21:05:15Z",
"generator": {
"date": "2025-05-19T21:05:15Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1747688581",
"initial_release_date": "2025-05-19T21:05:15Z",
"revision_history": [
{
"date": "2025-05-19T21:05:15Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
},
"title": "kernel: Fix of 15 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Community Enterprise Operating System 8",
"product": {
"name": "Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8",
"product_identification_helper": {
"cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Community Enterprise Operating System"
}
],
"category": "vendor",
"name": "Red Hat, Inc."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/python3-perf@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-modules@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-devel@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-debug-modules-internal@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools-libs@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-selftests-internal@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/bpftool@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_id": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-debug-modules@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "TuxCare"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21858",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)->geneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet's call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3ce92ca990cfac88a87c61df3cc0b5880e688ecf",
"url": "https://git.kernel.org/stable/c/3ce92ca990cfac88a87c61df3cc0b5880e688ecf"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5a0538ac6826807d6919f6aecbb8996c2865af2c",
"url": "https://git.kernel.org/stable/c/5a0538ac6826807d6919f6aecbb8996c2865af2c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/788dbca056a8783ec063da3c9d49a3a71c76c283",
"url": "https://git.kernel.org/stable/c/788dbca056a8783ec063da3c9d49a3a71c76c283"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/904e746b2e7fa952ab8801b303ce826a63153d78",
"url": "https://git.kernel.org/stable/c/904e746b2e7fa952ab8801b303ce826a63153d78"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9593172d93b9f91c362baec4643003dc29802929",
"url": "https://git.kernel.org/stable/c/9593172d93b9f91c362baec4643003dc29802929"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d5e86e27de0936f3cb0a299ce519d993e9cf3886",
"url": "https://git.kernel.org/stable/c/d5e86e27de0936f3cb0a299ce519d993e9cf3886"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/da9b0ae47f084014b1e4b3f31f70a0defd047ff3",
"url": "https://git.kernel.org/stable/c/da9b0ae47f084014b1e4b3f31f70a0defd047ff3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f74f6560146714241c6e167b03165ee77a86e316",
"url": "https://git.kernel.org/stable/c/f74f6560146714241c6e167b03165ee77a86e316"
}
],
"release_date": "2025-03-12T10:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-56658",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final 'struct net' free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net->xfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst->ops->destroy)\n dst->ops->destroy(dst);\n\ndst->ops points to the old net->xfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the 'struct net' to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \n \nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45",
"url": "https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3267b254dc0a04dfa362a2be24573cfa6d2d78f5",
"url": "https://git.kernel.org/stable/c/3267b254dc0a04dfa362a2be24573cfa6d2d78f5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6610c7f8a8d47fd1123eed55ba8c11c2444d8842",
"url": "https://git.kernel.org/stable/c/6610c7f8a8d47fd1123eed55ba8c11c2444d8842"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b7a79e51297f7b82adb687086f5cb2da446f1e40",
"url": "https://git.kernel.org/stable/c/b7a79e51297f7b82adb687086f5cb2da446f1e40"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c261dcd61c9e88a8f1a66654354d32295a975230",
"url": "https://git.kernel.org/stable/c/c261dcd61c9e88a8f1a66654354d32295a975230"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dac465986a4a38cd2f13e934f562b6ca344e5720",
"url": "https://git.kernel.org/stable/c/dac465986a4a38cd2f13e934f562b6ca344e5720"
}
],
"release_date": "2024-12-27T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2023-31436",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2023-31436"
},
{
"category": "external",
"summary": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html",
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"category": "external",
"summary": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html",
"url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
},
{
"category": "external",
"summary": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html",
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"category": "external",
"summary": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13",
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13"
},
{
"category": "external",
"summary": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d",
"url": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d"
},
{
"category": "external",
"summary": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20230609-0001/",
"url": "https://security.netapp.com/advisory/ntap-20230609-0001/"
},
{
"category": "external",
"summary": "https://www.debian.org/security/2023/dsa-5402",
"url": "https://www.debian.org/security/2023/dsa-5402"
},
{
"category": "external",
"summary": "https://www.spinics.net/lists/stable-commits/msg294885.html",
"url": "https://www.spinics.net/lists/stable-commits/msg294885.html"
}
],
"release_date": "2023-04-28T02:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-48936",
"notes": [
{
"category": "description",
"text": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "Vulnerability description"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-48936"
}
],
"release_date": "2024-08-22T04:15:00",
"threats": [
{
"category": "impact",
"details": "Important"
}
]
},
{
"cve": "CVE-2024-50154",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req->sk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer->entry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req->sk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req->sk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req->sk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req->sk\n\nLet's not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/106e457953315e476b3642ef24be25ed862aaba3",
"url": "https://git.kernel.org/stable/c/106e457953315e476b3642ef24be25ed862aaba3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1",
"url": "https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d",
"url": "https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17",
"url": "https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3",
"url": "https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c964bf65f80a14288d767023a1b300b30f5b9cd0",
"url": "https://git.kernel.org/stable/c/c964bf65f80a14288d767023a1b300b30f5b9cd0"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f",
"url": "https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f"
}
],
"release_date": "2024-11-07T10:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21993",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5",
"url": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d",
"url": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c",
"url": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70",
"url": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb",
"url": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f",
"url": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab",
"url": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940",
"url": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940"
}
],
"release_date": "2025-04-02T13:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2023-52922",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\ncan: bcm: Fix UAF in bcm_proc_show()\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0xd5/0x150\nprint_report+0xc1/0x5e0\nkasan_report+0xba/0xf0\nbcm_proc_show+0x969/0xa80\nseq_read_iter+0x4f6/0x1260\nseq_read+0x165/0x210\nproc_reg_read+0x227/0x300\nvfs_read+0x1d5/0x8d0\nksys_read+0x11e/0x240\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nAllocated by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\n__kasan_kmalloc+0x9e/0xa0\nbcm_sendmsg+0x264b/0x44e0\nsock_sendmsg+0xda/0x180\n____sys_sendmsg+0x735/0x920\n___sys_sendmsg+0x11d/0x1b0\n__sys_sendmsg+0xfa/0x1d0\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\nkasan_save_free_info+0x27/0x40\n____kasan_slab_free+0x161/0x1c0\nslab_free_freelist_hook+0x119/0x220\n__kmem_cache_free+0xb4/0x2e0\nrcu_core+0x809/0x1bd0\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2023-52922"
}
],
"release_date": "2024-11-28T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-53197",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices\nA bogus device can provide a bNumConfigurations value that exceeds the\ninitial value used in usb_get_configuration for allocating dev->config.\nThis can lead to out-of-bounds accesses later, e.g. in\nusb_destroy_configuration.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-53197"
}
],
"release_date": "2024-12-27T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21702",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\npfifo_tail_enqueue: Drop new packet when sch->limit == 0\nExpected behaviour:\nIn case we reach scheduler's limit, pfifo_tail_enqueue() will drop a\npacket in scheduler's queue and decrease scheduler's qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler's qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\nWeird behaviour:\nIn case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the 'drop a packet' step will do nothing.\nThis means the scheduler's qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler's qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\nThe problem is:\nLet's say we have two qdiscs: Qdisc_A and Qdisc_B.\n- Qdisc_A's type must have '->graft()' function to create parent/child relationship.\nLet's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n- Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n- Qdisc_B is configured to have `sch->limit == 0`.\n- Qdisc_A is configured to route the enqueued's packet to Qdisc_B.\nEnqueue packet through Qdisc_A will lead to:\n- hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B)\n- Qdisc_B->q.qlen += 1\n- pfifo_tail_enqueue() return `NET_XMIT_CN`\n- hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A.\nThe whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1.\nReplace 'hfsc' with other type (for example: 'drr') still lead to the same problem.\nThis violate the design where parent's qlen should equal to the sum of its childrens'qlen.\nBug impact: This issue can be used for user->kernel privilege escalation when it is reachable.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21702"
}
],
"release_date": "2025-02-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60",
"url": "https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f",
"url": "https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d",
"url": "https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada",
"url": "https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394",
"url": "https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625",
"url": "https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e",
"url": "https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9",
"url": "https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
}
]
}