{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos7els/vex/2024/cve-2024-53214-els_os-centos7els.json" } ], "title": "Security update on CVE-2024-53214", "tracking": { "current_release_date": "2025-12-23T20:55:41Z", "generator": { "date": "2025-12-23T20:55:41Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-53214-ELS_OS-CENTOS7ELS", "initial_release_date": "2024-12-27T14:15:00Z", "revision_history": [ { "date": "2024-12-27T14:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-10-15T16:27:14Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T20:55:41Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 7", "product": { "name": "Community Enterprise Operating System 7", "product_id": "CentOS-7", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product": { "name": "bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_id": "bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@3.10.0-1160.119.1.el7.tuxcare.els25?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" }, "product_reference": "bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "CentOS-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-53214", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Properly hide first-in-list PCIe extended capability\n\nThere are cases where a PCIe extended capability should be hidden from\nthe user. For example, an unknown capability (i.e., capability with ID\ngreater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally\nchosen to be hidden from the user.\n\nHiding a capability is done by virtualizing and modifying the 'Next\nCapability Offset' field of the previous capability so it points to the\ncapability after the one that should be hidden.\n\nThe special case where the first capability in the list should be hidden\nis handled differently because there is no previous capability that can\nbe modified. In this case, the capability ID and version are zeroed\nwhile leaving the next pointer intact. This hides the capability and\nleaves an anchor for the rest of the capability list.\n\nHowever, today, hiding the first capability in the list is not done\nproperly if the capability is unknown, as struct\nvfio_pci_core_device->pci_config_map is set to the capability ID during\ninitialization but the capability ID is not properly checked later when\nused in vfio_config_do_rw(). This leads to the following warning [1] and\nto an out-of-bounds access to ecap_perms array.\n\nFix it by checking cap_id in vfio_config_do_rw(), and if it is greater\nthan PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct\nread only access instead of the ecap_perms array.\n\nNote that this is safe since the above is the only case where cap_id can\nexceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which\nare already checked before).\n\n[1]\n\nWARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\nCPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1\n(snip)\nCall Trace:\n \n ? show_regs+0x69/0x80\n ? __warn+0x8d/0x140\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? report_bug+0x18f/0x1a0\n ? handle_bug+0x63/0xa0\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core]\n vfio_pci_rw+0x101/0x1b0 [vfio_pci_core]\n vfio_pci_core_read+0x1d/0x30 [vfio_pci_core]\n vfio_device_fops_read+0x27/0x40 [vfio]\n vfs_read+0xbd/0x340\n ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio]\n ? __rseq_handle_notify_resume+0xa4/0x4b0\n __x64_sys_pread64+0x96/0xc0\n x64_sys_call+0x1c3d/0x20d0\n do_syscall_64+0x4d/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53214" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/06f2fcf49854ad05a09d09e0dbee6544fff04695", "url": "https://git.kernel.org/stable/c/06f2fcf49854ad05a09d09e0dbee6544fff04695" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0918f5643fc6c3f7801f4a22397d2cc09ba99207", "url": "https://git.kernel.org/stable/c/0918f5643fc6c3f7801f4a22397d2cc09ba99207" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1ef195178fb552478eb2587df4ad3be14ef76507", "url": "https://git.kernel.org/stable/c/1ef195178fb552478eb2587df4ad3be14ef76507" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4464e5aa3aa4574063640f1082f7d7e323af8eb4", "url": "https://git.kernel.org/stable/c/4464e5aa3aa4574063640f1082f7d7e323af8eb4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c6502d944168cbd7e03a4a08ad6488f78d73485", "url": "https://git.kernel.org/stable/c/6c6502d944168cbd7e03a4a08ad6488f78d73485" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7d121f66b67921fb3b95e0ea9856bfba53733e91", "url": "https://git.kernel.org/stable/c/7d121f66b67921fb3b95e0ea9856bfba53733e91" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/949bee8065a85a5c6607c624dc05b5bc17119699", "url": "https://git.kernel.org/stable/c/949bee8065a85a5c6607c624dc05b5bc17119699" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9567bd34aa3b986736c290c5bcba47e0182ac47a", "url": "https://git.kernel.org/stable/c/9567bd34aa3b986736c290c5bcba47e0182ac47a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fe4bf8d0b6716a423b16495d55b35d3fe515905d", "url": "https://git.kernel.org/stable/c/fe4bf8d0b6716a423b16495d55b35d3fe515905d" } ], "release_date": "2024-12-27T14:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-7:bpftool-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64", "CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }