{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos7els/vex/2025/cve-2025-21702-els_os-centos7els.json" } ], "title": "Security update on CVE-2025-21702", "tracking": { "current_release_date": "2025-12-23T20:55:41Z", "generator": { "date": "2025-12-23T20:55:41Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-21702-ELS_OS-CENTOS7ELS", "initial_release_date": "2025-02-18T00:00:00Z", "revision_history": [ { "date": "2025-02-18T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-07-03T16:29:40Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T20:55:41Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 7", "product": { "name": "Community Enterprise Operating System 7", "product_id": "CentOS-7", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product": { "name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_id": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.119.1.el7.tuxcare.els21?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" }, "product_reference": "python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "relates_to_product_reference": "CentOS-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-21702", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npfifo_tail_enqueue: Drop new packet when sch->limit == 0\nExpected behaviour:\nIn case we reach scheduler's limit, pfifo_tail_enqueue() will drop a\npacket in scheduler's queue and decrease scheduler's qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler's qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\nWeird behaviour:\nIn case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the 'drop a packet' step will do nothing.\nThis means the scheduler's qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler's qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\nThe problem is:\nLet's say we have two qdiscs: Qdisc_A and Qdisc_B.\n- Qdisc_A's type must have '->graft()' function to create parent/child relationship.\nLet's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n- Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n- Qdisc_B is configured to have `sch->limit == 0`.\n- Qdisc_A is configured to route the enqueued's packet to Qdisc_B.\nEnqueue packet through Qdisc_A will lead to:\n- hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B)\n- Qdisc_B->q.qlen += 1\n- pfifo_tail_enqueue() return `NET_XMIT_CN`\n- hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A.\nThe whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1.\nReplace 'hfsc' with other type (for example: 'drr') still lead to the same problem.\nThis violate the design where parent's qlen should equal to the sum of its childrens'qlen.\nBug impact: This issue can be used for user->kernel privilege escalation when it is reachable.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21702" } ], "release_date": "2025-02-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-7:kernel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-debug-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-debug-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-tools-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-tools-libs-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-devel-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:kernel-headers-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64", "CentOS-7:python-perf-0:3.10.0-1160.119.1.el7.tuxcare.els21.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }