{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702}\n- xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014}\n- netfilter: validate user input for expected length {CVE-2024-35896}\n- nfs: fix UAF in direct writes {CVE-2024-26958}\n- Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982}\n- RDMA/srpt: Do not register event handler until srpt device is fully setup {CVE-2024-26872}",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/centos7els/advisories/2025/clsa-2025_1750176020.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1750176020",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1750176020"
}
],
"tracking": {
"current_release_date": "2025-07-03T16:29:40Z",
"generator": {
"date": "2025-07-03T16:29:40Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1750176020",
"initial_release_date": "2025-06-17T16:00:22Z",
"revision_history": [
{
"date": "2025-06-17T16:00:22Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-03T16:29:40Z",
"number": "2",
"summary": "Official Publication"
}
],
"status": "final",
"version": "2"
},
"title": "kernel: Fix of 6 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Community Enterprise Operating System 7",
"product": {
"name": "Community Enterprise Operating System 7",
"product_id": "CentOS-7",
"product_identification_helper": {
"cpe": "cpe:2.3:o:centos:centos:7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Community Enterprise Operating System"
}
],
"category": "vendor",
"name": "Red Hat, Inc."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product": {
"name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_id": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "TuxCare"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7",
"product_id": "CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
},
"product_reference": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"relates_to_product_reference": "CentOS-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21702",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\npfifo_tail_enqueue: Drop new packet when sch->limit == 0\nExpected behaviour:\nIn case we reach scheduler's limit, pfifo_tail_enqueue() will drop a\npacket in scheduler's queue and decrease scheduler's qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler's qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\nWeird behaviour:\nIn case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the 'drop a packet' step will do nothing.\nThis means the scheduler's qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler's qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\nThe problem is:\nLet's say we have two qdiscs: Qdisc_A and Qdisc_B.\n- Qdisc_A's type must have '->graft()' function to create parent/child relationship.\nLet's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n- Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n- Qdisc_B is configured to have `sch->limit == 0`.\n- Qdisc_A is configured to route the enqueued's packet to Qdisc_B.\nEnqueue packet through Qdisc_A will lead to:\n- hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B)\n- Qdisc_B->q.qlen += 1\n- pfifo_tail_enqueue() return `NET_XMIT_CN`\n- hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A.\nThe whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1.\nReplace 'hfsc' with other type (for example: 'drr') still lead to the same problem.\nThis violate the design where parent's qlen should equal to the sum of its childrens'qlen.\nBug impact: This issue can be used for user->kernel privilege escalation when it is reachable.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21702"
}
],
"release_date": "2025-02-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-41014",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header->h_size\n 5) xlog_rec_header->h_num_logops++\n 6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-41014"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1",
"url": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143",
"url": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196",
"url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196"
}
],
"release_date": "2024-07-29T07:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-26982",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check the inode number is not the invalid value of zero\n\nSyskiller has produced an out of bounds access in fill_meta_index().\n\nThat out of bounds access is ultimately caused because the inode\nhas an inode number with the invalid value of zero, which was not checked.\n\nThe reason this causes the out of bounds access is due to following\nsequence of events:\n\n1. Fill_meta_index() is called to allocate (via empty_meta_index())\n and fill a metadata index. It however suffers a data read error\n and aborts, invalidating the newly returned empty metadata index.\n It does this by setting the inode number of the index to zero,\n which means unused (zero is not a valid inode number).\n\n2. When fill_meta_index() is subsequently called again on another\n read operation, locate_meta_index() returns the previous index\n because it matches the inode number of 0. Because this index\n has been returned it is expected to have been filled, and because\n it hasn't been, an out of bounds access is performed.\n\nThis patch adds a sanity check which checks that the inode number\nis not zero when the inode is created and returns -EINVAL if it is.\n\n[phillip@squashfs.org.uk: whitespace fix]",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-26982"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/32c114a58236fe67141634774559f21f1dc96fd7",
"url": "https://git.kernel.org/stable/c/32c114a58236fe67141634774559f21f1dc96fd7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4a1b6f89825e267e156ccaeba3d235edcac77f94",
"url": "https://git.kernel.org/stable/c/4a1b6f89825e267e156ccaeba3d235edcac77f94"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5b99dea79650b50909c50aba24fbae00f203f013",
"url": "https://git.kernel.org/stable/c/5b99dea79650b50909c50aba24fbae00f203f013"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7def00ebc9f2d6a581ddf46ce4541f84a10680e5",
"url": "https://git.kernel.org/stable/c/7def00ebc9f2d6a581ddf46ce4541f84a10680e5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9253c54e01b6505d348afbc02abaa4d9f8a01395",
"url": "https://git.kernel.org/stable/c/9253c54e01b6505d348afbc02abaa4d9f8a01395"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/be383effaee3d89034f0828038f95065b518772e",
"url": "https://git.kernel.org/stable/c/be383effaee3d89034f0828038f95065b518772e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cf46f88b92cfc0e32bd8a21ba1273cff13b8745f",
"url": "https://git.kernel.org/stable/c/cf46f88b92cfc0e32bd8a21ba1273cff13b8745f"
}
],
"release_date": "2024-05-01T06:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-35896",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: validate user input for expected length\n\nI got multiple syzbot reports showing old bugs exposed\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\nin cgroup/{s,g}etsockopt\")\n\nsetsockopt() @optlen argument should be taken into account\nbefore copying data.\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\nRead of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238\n\nCPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\n nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\nRIP: 0033:0x7fd22067dde9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8\n \n\nAllocated by task 7238:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:4069 [inline]\n __kmalloc_noprof+0x200/0x410 mm/slub.c:4082\n kmalloc_noprof include/linux/slab.h:664 [inline]\n __cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869\n do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\n\nThe buggy address belongs to the object at ffff88802cd73da0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73\nflags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)\npage_type: 0xffffefff(slab)\nraw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122\nraw: ffff88802cd73020 000000008080007f 00000001ffffefff 00\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-35896"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc",
"url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6",
"url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5",
"url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b",
"url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018",
"url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525",
"url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525"
},
{
"category": "external",
"summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20250321-0004/",
"url": "https://security.netapp.com/advisory/ntap-20250321-0004/"
}
],
"release_date": "2024-05-19T09:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-26958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix UAF in direct writes\n\nIn production we have been hitting the following warning consistently\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0\nWorkqueue: nfsiod nfs_direct_write_schedule_work [nfs]\nRIP: 0010:refcount_warn_saturate+0x9c/0xe0\nPKRU: 55555554\nCall Trace:\n \n ? __warn+0x9f/0x130\n ? refcount_warn_saturate+0x9c/0xe0\n ? report_bug+0xcc/0x150\n ? handle_bug+0x3d/0x70\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? refcount_warn_saturate+0x9c/0xe0\n nfs_direct_write_schedule_work+0x237/0x250 [nfs]\n process_one_work+0x12f/0x4a0\n worker_thread+0x14e/0x3b0\n ? ZSTD_getCParams_internal+0x220/0x220\n kthread+0xdc/0x120\n ? __btf_name_valid+0xa0/0xa0\n ret_from_fork+0x1f/0x30\n\nThis is because we're completing the nfs_direct_request twice in a row.\n\nThe source of this is when we have our commit requests to submit, we\nprocess them and send them off, and then in the completion path for the\ncommit requests we have\n\nif (nfs_commit_end(cinfo.mds))\n\tnfs_direct_write_complete(dreq);\n\nHowever since we're submitting asynchronous requests we sometimes have\none that completes before we submit the next one, so we end up calling\ncomplete on the nfs_direct_request twice.\n\nThe only other place we use nfs_generic_commit_list() is in\n__nfs_commit_inode, which wraps this call in a\n\nnfs_commit_begin();\nnfs_commit_end();\n\nWhich is a common pattern for this style of completion handling, one\nthat is also repeated in the direct code with get_dreq()/put_dreq()\ncalls around where we process events as well as in the completion paths.\n\nFix this by using the same pattern for the commit requests.\n\nBefore with my 200 node rocksdb stress running this warning would pop\nevery 10ish minutes. With my patch the stress test has been running for\nseveral hours without popping.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-26958"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af",
"url": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab",
"url": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3",
"url": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5",
"url": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f",
"url": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95",
"url": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605",
"url": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605"
},
{
"category": "external",
"summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"release_date": "2024-05-01T06:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-26872",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Do not register event handler until srpt device is fully setup\n\nUpon rare occasions, KASAN reports a use-after-free Write\nin srpt_refresh_port().\n\nThis seems to be because an event handler is registered before the\nsrpt device is fully setup and a race condition upon error may leave a\npartially setup event handler in place.\n\nInstead, only register the event handler after srpt device initialization\nis complete.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-26872"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6413e78086caf7bf15639923740da0d91fdfd090",
"url": "https://git.kernel.org/stable/c/6413e78086caf7bf15639923740da0d91fdfd090"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7104a00fa37ae898a827381f1161fa3286c8b346",
"url": "https://git.kernel.org/stable/c/7104a00fa37ae898a827381f1161fa3286c8b346"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/85570b91e4820a0db9d9432098778cafafa7d217",
"url": "https://git.kernel.org/stable/c/85570b91e4820a0db9d9432098778cafafa7d217"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/bdd895e0190c464f54f84579e7535d80276f0fc5",
"url": "https://git.kernel.org/stable/c/bdd895e0190c464f54f84579e7535d80276f0fc5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c21a8870c98611e8f892511825c9607f1e2cd456",
"url": "https://git.kernel.org/stable/c/c21a8870c98611e8f892511825c9607f1e2cd456"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e362d007294955a4fb929e1c8978154a64efdcb6",
"url": "https://git.kernel.org/stable/c/e362d007294955a4fb929e1c8978154a64efdcb6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ec77fa12da41260c6bf9e060b89234b980c5130f",
"url": "https://git.kernel.org/stable/c/ec77fa12da41260c6bf9e060b89234b980c5130f"
},
{
"category": "external",
"summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"release_date": "2024-04-17T11:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64",
"CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
}
]
}