{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352}\n- xfrm: state: fix out-of-bounds read during lookup {CVE-2024-57982}\n- nfsd: fix race between laundromat and free_stateid {CVE-2024-50106}\n- nfsd: split sc_status out of sc_type {CVE-2024-50106}\n- nfsd: avoid race after unhash_delegation_locked() {CVE-2024-50106}\n- nfsd: don't call functions with side-effecting inside WARN_ON() {CVE-2024-50106}\n- can: peak_usb: fix use after free bugs {CVE-2021-47670}\n- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds {CVE-2025-38159}\n- i2c/designware: Fix an initialization issue {CVE-2025-38380}\n- RDMA/rxe: Fix error unwind in rxe_create_qp() {CVE-2022-50127}\n- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200}\n- udp: Fix memory accounting leak. {CVE-2025-22058}\n- Bluetooth: hci_core: Fix use-after-free in vhci_flush() {CVE-2025-38250}\n- net_sched: ets: Fix double list add in class with netem as child qdisc {CVE-2025-38085}\n- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race {CVE-2025-38085}\n- mm/khugepaged: fix GUP-fast interaction by sending IPI {CVE-2025-38085}\n- padata: fix UAF in padata_reorder {CVE-2025-21727}\n- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}\n- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-38177}\n- sch_ets: make est_qlen_notify() idempotent {CVE-2025-38177}\n- sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38177}\n- sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177}\n- sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38177}\n- sch_htb: make htb_qlen_notify() idempotent {CVE-2025-38177}\n- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000}\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477}\n- tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211}\n- scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332}\n- netfilter: xtables: avoid NFPROTO_UNSPEC where needed {CVE-2024-50038}\n- netfilter: xtables: Add snapshot of hardidletimer target {CVE-2024-50038}\n- crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}\n- ext4: avoid resizing to a partial cluster size {CVE-2022-50020}\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890}\n- net: tipc: fix refcount warning in tipc_aead_encrypt {CVE-2025-38273}\n- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done {CVE-2025-38052}\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/advisories/2025/clsa-2025_1757961506.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757961506", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757961506" } ], "tracking": { "current_release_date": "2025-09-15T18:41:56Z", "generator": { "date": "2025-09-15T18:41:56Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1757961506", "initial_release_date": "2025-09-15T18:41:56Z", "revision_history": [ { "date": "2025-09-15T18:41:56Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 26 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-perf@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-modules@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-modules-internal@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-selftests-internal@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-modules@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-core@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-ipaclones-internal@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-core@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-cross-headers@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-modules-extra@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-modules-extra@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product": { "name": "kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_id": "kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-modules-internal@4.18.0-553.6.1.el8_10.tuxcare.els13?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" }, "product_reference": "kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-38177", "cwe": { "id": "CWE-459", "name": "Incomplete Cleanup" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsch_hfsc: make hfsc_qlen_notify() idempotent\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let's make it idempotent\nto ease qdisc_tree_reduce_backlog() callers' life:\n1. update_vf() decreases cl->cl_nactive, so we can check whether it is\nnon-zero before calling it.\n2. eltree_remove() always removes RB node cl->el_node, but we can use\nRB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38177" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38332", "cwe": { "id": "CWE-170", "name": "Improper Null Termination" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: lpfc: Use memcpy() for BIOS version\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38332" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38464", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntipc: Fix use-after-free in tipc_conn_close().\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\ntipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls\ntipc_conn_close() for each tipc_conn.\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast ->kref.\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\nLet's hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n__dump_stack lib/dump_stack.c:77 [inline]\ndump_stack+0x1fc/0x2ef lib/dump_stack.c:118\nprint_address_description.cold+0x54/0x219 mm/kasan/report.c:256\nkasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\nkasan_report mm/kasan/report.c:412 [inline]\n__asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\ntipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\ntipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\ntipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\nops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\ncleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nAllocated by task 23:\nkmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\nkmalloc include/linux/slab.h:515 [inline]\nkzalloc include/linux/slab.h:709 [inline]\ntipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\ntipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nFreed by task 23:\n__cache_free mm/slab.c:3503 [inline]\nkfree+0xcc/0x210 mm/slab.c:3822\ntipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\nkref_put include/linux/kref.h:70 [inline]\nconn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nThe buggy address belongs to the object at ffff888099305a00\nwhich belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\nffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n>ffff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n^\nffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38464" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38273", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: tipc: fix refcount warning in tipc_aead_encrypt\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38273" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2022-50127", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/rxe: Fix error unwind in rxe_create_qp()\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like the spin locks are not setup until\nrxe_qp_init_req().\nIf an error occures before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\nMove the spinlock initializations earlier before any failures.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50127" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38352", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won't be\nable to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\nAdd the tsk->exit_state check into run_posix_cpu_timers() to fix this.\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail\nanyway in this case.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38352" } ], "release_date": "2025-07-22T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38350", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: Always pass notifications when child class becomes empty\nCertain classful qdiscs may invoke their classes' dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent's parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\ntc qdisc add dev lo root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo parent 1: classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\ntc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\ntc qdisc add dev lo parent 2:1 handle 3: netem\ntc qdisc add dev lo parent 3:1 handle 4: blackhole\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\ntc class delete dev lo classid 1:1\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38350" } ], "release_date": "2025-07-19T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38000", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()\nWhen enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the\nchild qdisc's peek() operation before incrementing sch->q.qlen and\nsch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may\ntrigger an immediate dequeue and potential packet drop. In such cases,\nqdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog\nhave not yet been updated, leading to inconsistent queue accounting. This\ncan leave an empty HFSC class in the active list, causing further\nconsequences like use-after-free.\nThis patch fixes the bug by moving the increment of sch->q.qlen and\nsch->qstats.backlog before the call to the child qdisc's peek() operation.\nThis ensures that queue length and backlog are always accurate when packet\ndrops or dequeues are triggered during the peek.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38000" } ], "release_date": "2025-06-06T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38477", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\nA race condition can occur when 'agg' is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\nThis patch addresses the issue by:\n1. Moved qfq_destroy_class into the critical section.\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38477" } ], "release_date": "2025-07-28T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38211", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id's last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\nBUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\nRead of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\nCPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\nWorkqueue: 0x0 (iw_cm_wq)\nCall Trace:\n\ndump_stack_lvl+0x6a/0x90\nprint_report+0x174/0x554\n? __virt_addr_valid+0x208/0x430\n? __pwq_activate_work+0x1ff/0x250\nkasan_report+0xae/0x170\n? __pwq_activate_work+0x1ff/0x250\n__pwq_activate_work+0x1ff/0x250\npwq_dec_nr_in_flight+0x8c5/0xfb0\nprocess_one_work+0xc11/0x1460\n? __pfx_process_one_work+0x10/0x10\n? assign_work+0x16c/0x240\nworker_thread+0x5ef/0xfd0\n? __pfx_worker_thread+0x10/0x10\nkthread+0x3b0/0x770\n? __pfx_kthread+0x10/0x10\n? rcu_is_watching+0x11/0xb0\n? _raw_spin_unlock_irq+0x24/0x50\n? rcu_is_watching+0x11/0xb0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x30/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nAllocated by task 147416:\nkasan_save_stack+0x2c/0x50\nkasan_save_track+0x10/0x30\n__kasan_kmalloc+0xa6/0xb0\nalloc_work_entries+0xa9/0x260 [iw_cm]\niw_cm_connect+0x23/0x4a0 [iw_cm]\nrdma_connect_locked+0xbfd/0x1920 [rdma_cm]\nnvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\ncma_cm_event_handler+0xae/0x320 [rdma_cm]\ncma_work_handler+0x106/0x1b0 [rdma_cm]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nFreed by task 147091:\nkasan_save_stack+0x2c/0x50\nkasan_save_track+0x10/0x30\nkasan_save_free_info+0x37/0x60\n__kasan_slab_free+0x4b/0x70\nkfree+0x13a/0x4b0\ndealloc_work_entries+0x125/0x1f0 [iw_cm]\niwcm_deref_id+0x6f/0xa0 [iw_cm]\ncm_work_handler+0x136/0x1ba0 [iw_cm]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nLast potentially related work creation:\nkasan_save_stack+0x2c/0x50\nkasan_record_aux_stack+0xa3/0xb0\n__queue_work+0x2ff/0x1390\nqueue_work_on+0x67/0xc0\ncm_event_handler+0x46a/0x820 [iw_cm]\nsiw_cm_upcall+0x330/0x650 [siw]\nsiw_cm_work_handler+0x6b9/0x2b20 [siw]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38211" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38200", "cwe": { "id": "CWE-191", "name": "Integer Underflow (Wrap or Wraparound)" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\nPrevent the integer underflow by changing the type of related variables.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38200" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38380", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ni2c/designware: Fix an initialization issue\nThe i2c_dw_xfer_init() function requires msgs and msg_write_idx from the\ndev context to be initialized.\namd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx.\nThis could allow an out of bounds access (of msgs).\nInitialize msg_write_idx before calling i2c_dw_xfer_init().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38380" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38159", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds\nSet the size to 6 instead of 2, since 'para' array is passed to\n'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads\n5 bytes:\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n...\nSET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\nSET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n...\nSET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\nDetected using the static analysis tool - Svace.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38159" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38085", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don't see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38085" } ], "release_date": "2025-06-28T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47670", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncan: peak_usb: fix use after free bugs\nAfter calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe.\nEspecially, the can_frame cf which aliases skb memory is accessed\nafter the peak_usb_netif_rx_ni().\nReordering the lines solves the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47670" } ], "release_date": "2025-04-17T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38079", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: algif_hash - fix double free in hash_accept\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38079" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38052", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\nSyzbot reported a slab-use-after-free with the following call trace:\n==================================================================\nBUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\nRead of size 8 at addr ffff88807a733000 by task kworker/1:0/25\nCall Trace:\nkasan_report+0xd9/0x110 mm/kasan/report.c:601\ntipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\ncrypto_request_complete include/crypto/algapi.h:266\naead_request_complete include/crypto/internal/aead.h:85\ncryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\ncrypto_request_complete include/crypto/algapi.h:266\ncryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\nprocess_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\nAllocated by task 8355:\nkzalloc_noprof include/linux/slab.h:778\ntipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\ntipc_init_net+0x2dd/0x430 net/tipc/core.c:72\nops_init+0xb9/0x650 net/core/net_namespace.c:139\nsetup_net+0x435/0xb40 net/core/net_namespace.c:343\ncopy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\ncreate_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\nunshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\nksys_unshare+0x419/0x970 kernel/fork.c:3323\n__do_sys_unshare kernel/fork.c:3394\nFreed by task 63:\nkfree+0x12a/0x3b0 mm/slub.c:4557\ntipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\ntipc_exit_net+0x8c/0x110 net/tipc/core.c:119\nops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\ncleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\nprocess_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\nI reproduce this issue by:\nip netns add ns1\nip link add veth1 type veth peer name veth2\nip link set veth1 netns ns1\nip netns exec ns1 tipc bearer enable media eth dev veth1\nip netns exec ns1 tipc node set key this_is_a_master_key master\nip netns exec ns1 tipc bearer disable media eth dev veth1\nip netns del ns1\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\ntipc_disc_timeout\ntipc_bearer_xmit_skb\ntipc_crypto_xmit\ntipc_aead_encrypt\ncrypto_aead_encrypt\n// encrypt()\nsimd_aead_encrypt\n// crypto_simd_usable() is false\nchild = &ctx->cryptd_tfm->base;\nsimd_aead_encrypt\ncrypto_aead_encrypt\n// encrypt()\ncryptd_aead_encrypt_enqueue\ncryptd_aead_enqueue\ncryptd_enqueue_request\n// trigger cryptd_queue_worker\nqueue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work)\nFix this by holding net reference count before encrypt.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38052" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-57982", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: state: fix out-of-bounds read during lookup\n\nlookup and resize can run in parallel.\n\nThe xfrm_state_hash_generation seqlock ensures a retry, but the hash\nfunctions can observe a hmask value that is too large for the new hlist\narray.\n\nrehash does:\n rcu_assign_pointer(net->xfrm.state_bydst, ndst) [..]\n net->xfrm.state_hmask = nhashmask;\n\nWhile state lookup does:\n h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);\n hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h, bydst) {\n\nThis is only safe in case the update to state_bydst is larger than\nnet->xfrm.xfrm_state_hmask (or if the lookup function gets\nserialized via state spinlock again).\n\nFix this by prefetching state_hmask and the associated pointers.\nThe xfrm_state_hash_generation seqlock retry will ensure that the pointer\nand the hmask will be consistent.\n\nThe existing helpers, like xfrm_dst_hash(), are now unsafe for RCU side,\nadd lockdep assertions to document that they are only safe for insert\nside.\n\nxfrm_state_lookup_byaddr() uses the spinlock rather than RCU.\nAFAICS this is an oversight from back when state lookup was converted to\nRCU, this lock should be replaced with RCU in a future patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-57982" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc", "url": "https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dd4c2a174994238d55ab54da2545543d36f4e0d0", "url": "https://git.kernel.org/stable/c/dd4c2a174994238d55ab54da2545543d36f4e0d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e952837f3ddb0ff726d5b582aa1aad9aa38d024d", "url": "https://git.kernel.org/stable/c/e952837f3ddb0ff726d5b582aa1aad9aa38d024d" } ], "release_date": "2025-02-27T02:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38250", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev->dev->driver_data.\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\nWe can use SRCU for such synchronisation.\nLet's run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\nAnother option would be to restore hci_dev->destruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n\ndump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xd2/0x2b0 mm/kasan/report.c:521\nkasan_report+0x118/0x150 mm/kasan/report.c:634\nskb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nskb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nskb_queue_purge include/linux/skbuff.h:3368 [inline]\nvhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\nhci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\nhci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\nsock_do_ioctl+0xd9/0x300 net/socket.c:1190\nsock_ioctl+0x576/0x790 net/socket.c:1311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n\nAllocated by task 6535:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x3e/0x80 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\nkmalloc_noprof include/linux/slab.h:905 [inline]\nkzalloc_noprof include/linux/slab.h:1039 [inline]\nvhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\nmisc_open+0x2bc/0x330 drivers/char/misc.c:161\nchrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\ndo_dentry_open+0xdf0/0x1970 fs/open.c:964\nvfs_open+0x3b/0x340 fs/open.c:1094\ndo_open fs/namei.c:3887 [inline]\npath_openat+0x2ee5/0x3830 fs/name\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38250" } ], "release_date": "2025-07-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21727", "cwe": { "id": "CWE-820", "name": "Missing Synchronization" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npadata: fix UAF in padata_reorder\nA bug was found when run ltp test:\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\nIf 'mdelay(10)' is added before calling 'padata_find_next' in the\n'padata_reorder' function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\nThis can be explained as bellow:\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(&pd->refcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_workercrypto_del_alg\npadata_put_pd_cnt // sub refcnt\npadata_free_shell\npadata_put_pd(ps->pd);\n// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\nIn the padata_reorder function, when it loops in 'while', if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n'padata_find_next', which leads to UAF.\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in 'padata_free_shell' wait for all _do_serial calls\nto finish.\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21727" } ], "release_date": "2025-02-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50106", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn't empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that's based on adding 2 new additional\nstid's sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn't finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50106" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a", "url": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929", "url": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929" } ], "release_date": "2024-11-05T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-50020", "cwe": { "id": "CWE-1284", "name": "Improper Validation of Specified Quantity in Input" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\next4: avoid resizing to a partial cluster size\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary. An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50020" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37890", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\nAs described in Gerrard's report [1], we have a UAF case when an hfsc class\nhas a netem child qdisc. The crux of the issue is that hfsc is assuming\nthat checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted\nthe class in the vttree or eltree (which is not true for the netem\nduplicate case).\nThis patch checks the n_active class variable to make sure that the code\nwon't insert the class in the vttree or eltree twice, catering for the\nreentrant case.\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37890" } ], "release_date": "2025-05-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-22058", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nudp: Fix memory accounting leak.\nMatt Dowling reported a weird UDP memory usage issue.\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero. However, it occasionally spiked to 524,288 pages\nand never dropped. Moreover, the value doubled when the application was\nterminated. Finally, it caused intermittent packet drops.\nWe can reproduce the issue with the script below [0]:\n1. /proc/net/sockstat reports 0 pages\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 1 mem 0\n2. Run the script till the report reaches 524,288\n# python3 test.py & sleep 5\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT\n3. Kill the socket and confirm the number never drops\n# pkill python3 && sleep 5\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 1 mem 524288\n4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n# python3 test.py & sleep 1 && pkill python3\n5. The number doubles\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 1 mem 1048577\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb->truesize in the queue. This total is calculated\nand stored in a local unsigned integer variable.\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting. However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\nThen, the released amount is calculated as follows:\n1) Add size to sk->sk_forward_alloc.\n2) Round down sk->sk_forward_alloc to the nearest lower multiple of\nPAGE_SIZE and assign it to amount.\n3) Subtract amount from sk->sk_forward_alloc.\n4) Pass amount >> PAGE_SHIFT to __sk_mem_reduce_allocated().\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\nAt 1) sk->sk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount. 3) reverts the wraparound, so we don't\nsee a warning in inet_sock_destruct(). However, udp_memory_allocated\nends up doubling at 4).\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\nThis issue makes further memory allocation fail once the socket's\nsk->sk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\nTo prevent this issue, let's use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\nNote that first_packet_length() also potentially has the same problem.\n[0]:\nfrom socket import *\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind(('', 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\ndata = b'a' * 100\nwhile True:\nc.send(data)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22058" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-22020", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22020" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469", "url": "https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d", "url": "https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632", "url": "https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21", "url": "https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841", "url": "https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050", "url": "https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185", "url": "https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439", "url": "https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab", "url": "https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab" } ], "release_date": "2025-04-16T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:perf-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-ipaclones-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-core-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-cross-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-headers-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-debug-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-extra-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64", "CentOS-Stream-8:kernel-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }