{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "udf: Fix a slab-out-of-bounds write bug in udf_find_entry() {CVE-2022-49846}\n- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set {CVE-2022-49136}\n- Bluetooth: Fix use after free in hci_send_acl {CVE-2022-49111}\n- NFSv4/pnfs: Fix a use-after-free bug in open {CVE-2022-50072}\n- NFSv4: Don't hold the layoutget locks across multiple RPC calls {CVE-2022-50072}\n- ndisc: use RCU protection in ndisc_alloc_skb() {CVE-2025-21764}\n- cifs: fix double free race when mount fails in cifs_get_root() {CVE-2022-48919}\n- udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803}\n- um: Fix out-of-bounds read in LDT setup {CVE-2022-49395}\n- rtw89: cfo: check mac_id to avoid out-of-bounds {CVE-2022-49471}\n- vsock: Keep the binding until socket destruction {CVE-2025-21756}\n- net/mlx5: Always stop health timer during driver removal {CVE-2024-40906}\n- ext4: fix OOB read when checking dotdot dir {CVE-2025-37785}\n- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd {CVE-2025-21969}\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() {CVE-2025-21780}\n- drm: nv04: Fix out of bounds access {CVE-2024-27008}\n- parport: Proper fix for array out-of-bounds access {CVE-2024-50074}\n- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket {CVE-2024-53168}\n- net: make sock_inuse_add() available {CVE-2024-53168}\n- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() {CVE-2023-52921}",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/advisories/2025/clsa-2025_1753298759.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753298759",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753298759"
}
],
"tracking": {
"current_release_date": "2025-07-23T19:29:46Z",
"generator": {
"date": "2025-07-23T19:29:46Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1753298759",
"initial_release_date": "2025-07-23T19:29:46Z",
"revision_history": [
{
"date": "2025-07-23T19:29:46Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
},
"title": "kernel: Fix of 18 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Community Enterprise Operating System 8",
"product": {
"name": "Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8",
"product_identification_helper": {
"cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Community Enterprise Operating System"
}
],
"category": "vendor",
"name": "Red Hat, Inc."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/python3-perf@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-modules@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-devel@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-debug-modules-internal@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools-libs@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-selftests-internal@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/bpftool@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_id": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-debug-modules@4.18.0-553.6.1.el8_10.tuxcare.els11?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "TuxCare"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 8",
"product_id": "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"relates_to_product_reference": "CentOS-Stream-8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52921",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2023-52921"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/90e065677e0362a777b9db97ea21d43a39211399",
"url": "https://git.kernel.org/stable/c/90e065677e0362a777b9db97ea21d43a39211399"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e08e9dd09809b16f8f8cee8c466841b33d24ed96",
"url": "https://git.kernel.org/stable/c/e08e9dd09809b16f8f8cee8c466841b33d24ed96"
}
],
"release_date": "2024-11-19T02:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-49846",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix a slab-out-of-bounds write bug in udf_find_entry()\n\nSyzbot reported a slab-out-of-bounds Write bug:\n\nloop0: detected capacity change from 0 to 2048\n==================================================================\nBUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0\nfs/udf/namei.c:253\nWrite of size 105 at addr ffff8880123ff896 by task syz-executor323/3610\n\nCPU: 0 PID: 3610 Comm: syz-executor323 Not tainted\n6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/11/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189\n memcpy+0x3c/0x60 mm/kasan/shadow.c:66\n udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ffab0d164d9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe1a7e6bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffab0d164d9\nRDX: 00007ffab0d164d9 RSI: 0000000000000000 RDI: 0000000020000180\nRBP: 00007ffab0cd5a10 R08: 0000000000000000 R09: 0000000000000000\nR10: 00005555573552c0 R11: 0000000000000246 R12: 00007ffab0cd5aa0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \n\nAllocated by task 3610:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\n kmalloc include/linux/slab.h:576 [inline]\n udf_find_entry+0x7b6/0x14f0 fs/udf/namei.c:243\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe buggy address belongs to the object at ffff8880123ff800\n which belongs to the cache kmalloc-256 of size 256\nThe buggy address is located 150 bytes inside of\n 256-byte region [ffff8880123ff800, ffff8880123ff900)\n\nThe buggy address belongs to the physical page:\npage:ffffea000048ff80 refcount:1 mapcount:0 mapping:0000000000000000\nindex:0x0 pfn:0x123fe\nhead:ffffea000048ff80 order:1 compound_mapcount:0 compound_pincount:0\nflags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000010200 ffffea00004b8500 dead000000000003 ffff888012041b40\nraw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as allocated\npage last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(),\npid 1, tgid 1 (swapper/0), ts 1841222404, free_ts 0\n create_dummy_stack mm/page_owner.c:\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49846"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/03f9582a6a2ebd25a440896475c968428c4b63e7",
"url": "https://git.kernel.org/stable/c/03f9582a6a2ebd25a440896475c968428c4b63e7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/583fdd98d94acba1e7225e5cc29063aef0741030",
"url": "https://git.kernel.org/stable/c/583fdd98d94acba1e7225e5cc29063aef0741030"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7a6051d734f1ed0031e2216f9a538621235c11a4",
"url": "https://git.kernel.org/stable/c/7a6051d734f1ed0031e2216f9a538621235c11a4"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ac79001b8e603226fab17240a79cb9ef679d3cd9",
"url": "https://git.kernel.org/stable/c/ac79001b8e603226fab17240a79cb9ef679d3cd9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c736ed8541605e3a25075bb1cbf8f38cb3083238",
"url": "https://git.kernel.org/stable/c/c736ed8541605e3a25075bb1cbf8f38cb3083238"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c8af247de385ce49afabc3bf1cf4fd455c94bfe8",
"url": "https://git.kernel.org/stable/c/c8af247de385ce49afabc3bf1cf4fd455c94bfe8"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d8971f410739a864c537e0ac29344a7b6c450232",
"url": "https://git.kernel.org/stable/c/d8971f410739a864c537e0ac29344a7b6c450232"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f1517721c408631f09d54c743aa70cb07fd3eebd",
"url": "https://git.kernel.org/stable/c/f1517721c408631f09d54c743aa70cb07fd3eebd"
}
],
"release_date": "2025-05-01T15:16:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-49136",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set\nhci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has\nbeen set as that means hci_unregister_dev has been called so it will\nlikely cause a uaf after the timeout as the hdev will be freed.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49136"
}
],
"release_date": "2025-02-26T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-49111",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: Fix use after free in hci_send_acl\nThis fixes the following trace caused by receiving\nHCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without\nfirst checking if conn->type is in fact AMP_LINK and in case it is\ndo properly cleanup upper layers with hci_disconn_cfm:\n==================================================================\nBUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50\nRead of size 8 at addr ffff88800e404818 by task bluetoothd/142\nCPU: 0 PID: 142 Comm: bluetoothd Not tainted\n5.17.0-rc5-00006-gda4022eeac1a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0x45/0x59\nprint_address_description.constprop.0+0x1f/0x150\nkasan_report.cold+0x7f/0x11b\nhci_send_acl+0xaba/0xc50\nl2cap_do_send+0x23f/0x3d0\nl2cap_chan_send+0xc06/0x2cc0\nl2cap_sock_sendmsg+0x201/0x2b0\nsock_sendmsg+0xdc/0x110\nsock_write_iter+0x20f/0x370\ndo_iter_readv_writev+0x343/0x690\ndo_iter_write+0x132/0x640\nvfs_writev+0x198/0x570\ndo_writev+0x202/0x280\ndo_syscall_64+0x38/0x90\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRSP: 002b:00007ffce8a099b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nCode: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3\n0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 14 00 00 00 0f 05\n<48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10\nRDX: 0000000000000001 RSI: 00007ffce8a099e0 RDI: 0000000000000015\nRAX: ffffffffffffffda RBX: 00007ffce8a099e0 RCX: 00007f788fc3cf77\nR10: 00007ffce8af7080 R11: 0000000000000246 R12: 000055e4ccf75580\nRBP: 0000000000000015 R08: 0000000000000002 R09: 0000000000000001\n\nR13: 000055e4ccf754a0 R14: 000055e4ccf75cd0 R15: 000055e4ccf4a6b0\nAllocated by task 45:\nkasan_save_stack+0x1e/0x40\n__kasan_kmalloc+0x81/0xa0\nhci_chan_create+0x9a/0x2f0\nl2cap_conn_add.part.0+0x1a/0xdc0\nl2cap_connect_cfm+0x236/0x1000\nle_conn_complete_evt+0x15a7/0x1db0\nhci_le_conn_complete_evt+0x226/0x2c0\nhci_le_meta_evt+0x247/0x450\nhci_event_packet+0x61b/0xe90\nhci_rx_work+0x4d5/0xc50\nprocess_one_work+0x8fb/0x15a0\nworker_thread+0x576/0x1240\nkthread+0x29d/0x340\nret_from_fork+0x1f/0x30\nFreed by task 45:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\nkasan_set_free_info+0x20/0x30\n__kasan_slab_free+0xfb/0x130\nkfree+0xac/0x350\nhci_conn_cleanup+0x101/0x6a0\nhci_conn_del+0x27e/0x6c0\nhci_disconn_phylink_complete_evt+0xe0/0x120\nhci_event_packet+0x812/0xe90\nhci_rx_work+0x4d5/0xc50\nprocess_one_work+0x8fb/0x15a0\nworker_thread+0x576/0x1240\nkthread+0x29d/0x340\nret_from_fork+0x1f/0x30\nThe buggy address belongs to the object at ffff88800c0f0500\nThe buggy address is located 24 bytes inside of\nwhich belongs to the cache kmalloc-128 of size 128\nThe buggy address belongs to the page:\n128-byte region [ffff88800c0f0500, ffff88800c0f0580)\nflags: 0x100000000000200(slab|node=0|zone=1)\npage:00000000fe45cd86 refcount:1 mapcount:0\nmapping:0000000000000000 index:0x0 pfn:0xc0f0\nraw: 0000000000000000 0000000080100010 00000001ffffffff\n0000000000000000\nraw: 0100000000000200 ffffea00003a2c80 dead000000000004\nffff8880078418c0\npage dumped because: kasan: bad access detected\nffff88800c0f0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc\nMemory state around the buggy address:\n>ffff88800c0f0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff88800c0f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\nffff88800c0f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49111"
}
],
"release_date": "2025-02-26T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21764",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nndisc: use RCU protection in ndisc_alloc_skb()\nndisc_alloc_skb() can be called without RTNL or RCU being held.\nAdd RCU protection to avoid possible UAF.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21764"
}
],
"release_date": "2025-02-27T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-37803",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64 when calculate pglimit.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-37803"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f",
"url": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9",
"url": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a",
"url": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33",
"url": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe",
"url": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2",
"url": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f",
"url": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f"
}
],
"release_date": "2025-05-08T07:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-49395",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\num: Fix out-of-bounds read in LDT setup\n\nsyscall_stub_data() expects the data_count parameter to be the number of\nlongs, not bytes.\n\n ==================================================================\n BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0\n Read of size 128 at addr 000000006411f6f0 by task swapper/1\n\n CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18\n Call Trace:\n show_stack.cold+0x166/0x2a7\n __dump_stack+0x3a/0x43\n dump_stack_lvl+0x1f/0x27\n print_report.cold+0xdb/0xf81\n kasan_report+0x119/0x1f0\n kasan_check_range+0x3a3/0x440\n memcpy+0x52/0x140\n syscall_stub_data+0x70/0xe0\n write_ldt_entry+0xac/0x190\n init_new_ldt+0x515/0x960\n init_new_context+0x2c4/0x4d0\n mm_init.constprop.0+0x5ed/0x760\n mm_alloc+0x118/0x170\n 0x60033f48\n do_one_initcall+0x1d7/0x860\n 0x60003e7b\n kernel_init+0x6e/0x3d4\n new_thread_handler+0x1e7/0x2c0\n\n The buggy address belongs to stack of task swapper/1\n and is located at offset 64 in frame:\n init_new_ldt+0x0/0x960\n\n This frame has 2 objects:\n [32, 40) 'addr'\n [64, 80) 'desc'\n ==================================================================",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49395"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/10995a382271254bd276627ec74136da4a23c4a6",
"url": "https://git.kernel.org/stable/c/10995a382271254bd276627ec74136da4a23c4a6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/24ca648bf5f72ed8878cf09b5d4431935779681e",
"url": "https://git.kernel.org/stable/c/24ca648bf5f72ed8878cf09b5d4431935779681e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2a4a62a14be1947fa945c5c11ebf67326381a568",
"url": "https://git.kernel.org/stable/c/2a4a62a14be1947fa945c5c11ebf67326381a568"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3549ab4b962cf619e8c55484a0d870a34b3f845f",
"url": "https://git.kernel.org/stable/c/3549ab4b962cf619e8c55484a0d870a34b3f845f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/668ca34a428d6ffc0f99a1a6a9b661a288d4183b",
"url": "https://git.kernel.org/stable/c/668ca34a428d6ffc0f99a1a6a9b661a288d4183b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/91e5ba2af2d729d5126aefd5aa3eadc69b8426e5",
"url": "https://git.kernel.org/stable/c/91e5ba2af2d729d5126aefd5aa3eadc69b8426e5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9caad70819aef3431abaf73ba5163b55b161aba0",
"url": "https://git.kernel.org/stable/c/9caad70819aef3431abaf73ba5163b55b161aba0"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cf0dabc37446c5ee538ae7b4c467ab0e53fa5463",
"url": "https://git.kernel.org/stable/c/cf0dabc37446c5ee538ae7b4c467ab0e53fa5463"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ef1dc929a1e5fa1b2d842256db9fb8710d3be910",
"url": "https://git.kernel.org/stable/c/ef1dc929a1e5fa1b2d842256db9fb8710d3be910"
}
],
"release_date": "2025-02-26T07:01:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-49471",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw89: cfo: check mac_id to avoid out-of-bounds\n\nSomehow, hardware reports incorrect mac_id and pollute memory. Check index\nbefore we access the array.\n\n UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23\n index 188 is out of range for type 's32 [64]'\n CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE\n Call Trace:\n \n show_stack+0x52/0x58\n dump_stack_lvl+0x4c/0x63\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x45\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n ? __alloc_skb+0x92/0x1d0\n rtw89_phy_cfo_parse+0x44/0x7f [rtw89_core]\n rtw89_core_rx+0x261/0x871 [rtw89_core]\n ? __alloc_skb+0xee/0x1d0\n rtw89_pci_napi_poll+0x3fa/0x4ea [rtw89_pci]\n __napi_poll+0x33/0x1a0\n net_rx_action+0x126/0x260\n ? __queue_work+0x217/0x4c0\n __do_softirq+0xd9/0x315\n ? disable_irq_nosync+0x10/0x10\n do_softirq.part.0+0x6d/0x90\n \n \n __local_bh_enable_ip+0x62/0x70\n rtw89_pci_interrupt_threadfn+0x182/0x1a6 [rtw89_pci]\n irq_thread_fn+0x28/0x60\n irq_thread+0xc8/0x190\n ? irq_thread_fn+0x60/0x60\n kthread+0x16b/0x190\n ? irq_thread_check_affinity+0xe0/0xe0\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x22/0x30\n ",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49471"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/03ed236480aeec8c2fd327a1ea6d711364c495e3",
"url": "https://git.kernel.org/stable/c/03ed236480aeec8c2fd327a1ea6d711364c495e3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/97df85871a5b187609d30fca6d85b912d9e02f29",
"url": "https://git.kernel.org/stable/c/97df85871a5b187609d30fca6d85b912d9e02f29"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c32fafe68298bb599e825c298e1d0ba30186f0a5",
"url": "https://git.kernel.org/stable/c/c32fafe68298bb599e825c298e1d0ba30186f0a5"
}
],
"release_date": "2025-02-26T07:01:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21756",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nvsock: Keep the binding until socket destruction\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n2. transport->release() calls vsock_remove_bound() without checking if\nsk was bound and moved to bound list (refcnt=1)\n3. vsock_bind() assumes sk is in unbound list and before\n__vsock_insert_bound(vsock_bound_sockets()) calls\n__vsock_remove_bound() which does:\nlist_del_init(&vsk->bound_table); // nop\nsock_put(&vsk->sk); // refcnt=0\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\ndump_stack_lvl+0x68/0x90\nprint_report+0x174/0x4f6\nkasan_report+0xb9/0x190\n__vsock_bind+0x62e/0x730\nvsock_bind+0x97/0xe0\n__sys_bind+0x154/0x1f0\n__x64_sys_bind+0x6e/0xb0\ndo_syscall_64+0x93/0x1b0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nAllocated by task 2057:\nkasan_save_stack+0x1e/0x40\nkasan_save_track+0x10/0x30\n__kasan_slab_alloc+0x85/0x90\nkmem_cache_alloc_noprof+0x131/0x450\nsk_prot_alloc+0x5b/0x220\nsk_alloc+0x2c/0x870\n__vsock_create.constprop.0+0x2e/0xb60\nvsock_create+0xe4/0x420\n__sock_create+0x241/0x650\n__sys_socket+0xf2/0x1a0\n__x64_sys_socket+0x6e/0xb0\ndo_syscall_64+0x93/0x1b0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nFreed by task 2057:\nkasan_save_stack+0x1e/0x40\nkasan_save_track+0x10/0x30\nkasan_save_free_info+0x37/0x60\n__kasan_slab_free+0x4b/0x70\nkmem_cache_free+0x1a1/0x590\n__sk_destruct+0x388/0x5a0\n__vsock_bind+0x5e1/0x730\nvsock_bind+0x97/0xe0\n__sys_bind+0x154/0x1f0\n__x64_sys_bind+0x6e/0xb0\ndo_syscall_64+0x93/0x1b0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n__vsock_bind+0x66d/0x730\nvsock_bind+0x97/0xe0\n__sys_bind+0x154/0x1f0\n__x64_sys_bind+0x6e/0xb0\ndo_syscall_64+0x93/0x1b0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\nvsock_remove_bound+0x187/0x1e0\n__vsock_release+0x383/0x4a0\nvsock_release+0x90/0x120\n__sock_release+0xa3/0x250\nsock_close+0x14/0x20\n__fput+0x359/0xa80\ntask_work_run+0x107/0x1d0\ndo_exit+0x847/0x2560\ndo_group_exit+0xb8/0x250\n__x64_sys_exit_group+0x3a/0x50\nx64_sys_call+0xfec/0x14f0\ndo_syscall_64+0x93/0x1b0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21756"
}
],
"release_date": "2025-02-27T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-37785",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains '.' dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least '.'\nand '..' as directory entries in the first data block. It first loads\nthe '.' dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of '..' dir\nentry (in ext4_next_entry). It assumes the '..' dir entry fits into the\nsame data block.\n\nIf the rec_len of '.' is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for '.' dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[ 38.595158]\n[ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 38.595304] Call Trace:\n[ 38.595308] \n[ 38.595311] dump_stack_lvl+0xa7/0xd0\n[ 38.595325] print_address_description.constprop.0+0x2c/0x3f0\n[ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595349] print_report+0xaa/0x250\n[ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595368] ? kasan_addr_to_slab+0x9/0x90\n[ 38.595378] kasan_report+0xab/0xe0\n[ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595400] __ext4_check_dir_entry+0x67e/0x710\n[ 38.595410] ext4_empty_dir+0x465/0x990\n[ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10\n[ 38.595432] ext4_rmdir.part.0+0x29a/0xd10\n[ 38.595441] ? __dquot_initialize+0x2a7/0xbf0\n[ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[ 38.595464] ? __pfx___dquot_initialize+0x10/0x10\n[ 38.595478] ? down_write+0xdb/0x140\n[ 38.595487] ? __pfx_down_write+0x10/0x10\n[ 38.595497] ext4_rmdir+0xee/0x140\n[ 38.595506] vfs_rmdir+0x209/0x670\n[ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190\n[ 38.595529] do_rmdir+0x363/0x3c0\n[ 38.595537] ? __pfx_do_rmdir+0x10/0x10\n[ 38.595544] ? strncpy_from_user+0x1ff/0x2e0\n[ 38.595561] __x64_sys_unlinkat+0xf0/0x130\n[ 38.595570] do_syscall_64+0x5b/0x180\n[ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-37785"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351",
"url": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842",
"url": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00",
"url": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93",
"url": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b",
"url": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78",
"url": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b",
"url": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353",
"url": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4",
"url": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4"
}
],
"release_date": "2025-04-18T07:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64",
"CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
}
]
}