{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "block: Fix handling of offline queues in blk_mq_alloc_request_hctx() {CVE-2022-49720}\n- drm: nv04: Fix out of bounds access {CVE-2024-27008}\n- parport: Proper fix for array out-of-bounds access {CVE-2024-50074}\n- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() {CVE-2024-57798}\n- media: uvcvideo: Fix double free in error path {CVE-2024-57980}\n- vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791}\n- geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858}\n- dm-crypt: don't modify the data when using authenticated encryption {CVE-2024-26763}\n- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702}\n- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993}\n- vlan: enforce underlying device type {CVE-2025-21920}\n- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd {CVE-2025-21969}\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928}\n- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices {CVE-2024-53197}\n- can: bcm: Fix UAF in bcm_proc_show() {CVE-2023-52922}\n- bpf: Fix out of bounds access for ringbuf helpers {CVE-2021-4204}\n- bpf: Generally fix helper register offset check {CVE-2021-4204}\n- bpf: Generalize check_ctx_reg for reuse with other types {CVE-2021-4204}\n- bpf: Make context access check generic {CVE-2021-4204}\n- gso: do not skip outer ip header in case of ipip and net_failover {CVE-2022-48936}\n- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701}\n- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() {CVE-2022-48702}",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.4els/advisories/2025/clsa-2025_1747688514.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747688514",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747688514"
}
],
"tracking": {
"current_release_date": "2025-05-19T21:04:40Z",
"generator": {
"date": "2025-05-19T21:04:40Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1747688514",
"initial_release_date": "2025-05-19T21:04:40Z",
"revision_history": [
{
"date": "2025-05-19T21:04:40Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
},
"title": "kernel: Fix of 19 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Community Enterprise Operating System 8.4",
"product": {
"name": "Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4",
"product_identification_helper": {
"cpe": "cpe:2.3:o:centos:centos:8.4:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Community Enterprise Operating System"
}
],
"category": "vendor",
"name": "Red Hat, Inc."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/python3-perf@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-modules-internal@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-core@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/bpftool@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-modules@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product": {
"name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_id": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-core@4.18.0-305.25.1.el8_4.tuxcare.els27?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "CloudLinux"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.4",
"product_id": "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
},
"product_reference": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"relates_to_product_reference": "CentOS-8.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48936",
"notes": [
{
"category": "description",
"text": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "Vulnerability description"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-48936"
}
],
"release_date": "2024-08-22T04:15:00",
"threats": [
{
"category": "impact",
"details": "Important"
}
]
},
{
"cve": "CVE-2025-21858",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)->geneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet's call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3ce92ca990cfac88a87c61df3cc0b5880e688ecf",
"url": "https://git.kernel.org/stable/c/3ce92ca990cfac88a87c61df3cc0b5880e688ecf"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5a0538ac6826807d6919f6aecbb8996c2865af2c",
"url": "https://git.kernel.org/stable/c/5a0538ac6826807d6919f6aecbb8996c2865af2c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/788dbca056a8783ec063da3c9d49a3a71c76c283",
"url": "https://git.kernel.org/stable/c/788dbca056a8783ec063da3c9d49a3a71c76c283"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/904e746b2e7fa952ab8801b303ce826a63153d78",
"url": "https://git.kernel.org/stable/c/904e746b2e7fa952ab8801b303ce826a63153d78"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9593172d93b9f91c362baec4643003dc29802929",
"url": "https://git.kernel.org/stable/c/9593172d93b9f91c362baec4643003dc29802929"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d5e86e27de0936f3cb0a299ce519d993e9cf3886",
"url": "https://git.kernel.org/stable/c/d5e86e27de0936f3cb0a299ce519d993e9cf3886"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/da9b0ae47f084014b1e4b3f31f70a0defd047ff3",
"url": "https://git.kernel.org/stable/c/da9b0ae47f084014b1e4b3f31f70a0defd047ff3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f74f6560146714241c6e167b03165ee77a86e316",
"url": "https://git.kernel.org/stable/c/f74f6560146714241c6e167b03165ee77a86e316"
}
],
"release_date": "2025-03-12T10:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21969",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28",
"url": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d",
"url": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d",
"url": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9",
"url": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2021-4204",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-4204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-4204",
"url": "https://access.redhat.com/security/cve/CVE-2021-4204"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2039178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039178"
},
{
"category": "external",
"summary": "https://security-tracker.debian.org/tracker/CVE-2021-4204",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4204"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20221228-0003/",
"url": "https://security.netapp.com/advisory/ntap-20221228-0003/"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/11/4",
"url": "https://www.openwall.com/lists/oss-security/2022/01/11/4"
}
],
"release_date": "2022-08-24T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60",
"url": "https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f",
"url": "https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d",
"url": "https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada",
"url": "https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394",
"url": "https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625",
"url": "https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e",
"url": "https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9",
"url": "https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21920",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvlan: enforce underlying device type\n\nCurrently, VLAN devices can be created on top of non-ethernet devices.\n\nBesides the fact that it doesn't make much sense, this also causes a\nbug which leaks the address of a kernel function to usermode.\n\nWhen creating a VLAN device, we initialize GARP (garp_init_applicant)\nand MRP (mrp_init_applicant) for the underlying device.\n\nAs part of the initialization process, we add the multicast address of\neach applicant to the underlying device, by calling dev_mc_add.\n\n__dev_mc_add uses dev->addr_len to determine the length of the new\nmulticast address.\n\nThis causes an out-of-bounds read if dev->addr_len is greater than 6,\nsince the multicast addresses provided by GARP and MRP are only 6\nbytes long.\n\nThis behaviour can be reproduced using the following commands:\n\nip tunnel add gretest mode ip6gre local ::1 remote ::2 dev lo\nip l set up dev gretest\nip link add link gretest name vlantest type vlan id 100\n\nThen, the following command will display the address of garp_pdu_rcv:\n\nip maddr show | grep 01:80:c2:00:00:21\n\nFix the bug by enforcing the type of the underlying device during VLAN\ndevice initialization.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21920"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0fb7aa04c19eac4417f360a9f7611a60637bdacc",
"url": "https://git.kernel.org/stable/c/0fb7aa04c19eac4417f360a9f7611a60637bdacc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/30e8aee77899173a82ae5ed89f536c096f20aaeb",
"url": "https://git.kernel.org/stable/c/30e8aee77899173a82ae5ed89f536c096f20aaeb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3561442599804905c3defca241787cd4546e99a7",
"url": "https://git.kernel.org/stable/c/3561442599804905c3defca241787cd4546e99a7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5a515d13e15536e82c5c7c83eb6cf5bc4827fee5",
"url": "https://git.kernel.org/stable/c/5a515d13e15536e82c5c7c83eb6cf5bc4827fee5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7f1564b2b2072b7aa1ac75350e9560a07c7a44fd",
"url": "https://git.kernel.org/stable/c/7f1564b2b2072b7aa1ac75350e9560a07c7a44fd"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b33a534610067ade2bdaf2052900aaad99701353",
"url": "https://git.kernel.org/stable/c/b33a534610067ade2bdaf2052900aaad99701353"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b6c72479748b7ea09f53ed64b223cee6463dc278",
"url": "https://git.kernel.org/stable/c/b6c72479748b7ea09f53ed64b223cee6463dc278"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/fa40ebef69234e39ec2d26930d045f2fb9a8cb2b",
"url": "https://git.kernel.org/stable/c/fa40ebef69234e39ec2d26930d045f2fb9a8cb2b"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21993",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5",
"url": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d",
"url": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c",
"url": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70",
"url": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb",
"url": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f",
"url": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab",
"url": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940",
"url": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940"
}
],
"release_date": "2025-04-02T13:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21702",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\npfifo_tail_enqueue: Drop new packet when sch->limit == 0\nExpected behaviour:\nIn case we reach scheduler's limit, pfifo_tail_enqueue() will drop a\npacket in scheduler's queue and decrease scheduler's qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler's qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\nWeird behaviour:\nIn case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the 'drop a packet' step will do nothing.\nThis means the scheduler's qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler's qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\nThe problem is:\nLet's say we have two qdiscs: Qdisc_A and Qdisc_B.\n- Qdisc_A's type must have '->graft()' function to create parent/child relationship.\nLet's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n- Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n- Qdisc_B is configured to have `sch->limit == 0`.\n- Qdisc_A is configured to route the enqueued's packet to Qdisc_B.\nEnqueue packet through Qdisc_A will lead to:\n- hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B)\n- Qdisc_B->q.qlen += 1\n- pfifo_tail_enqueue() return `NET_XMIT_CN`\n- hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A.\nThe whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1.\nReplace 'hfsc' with other type (for example: 'drr') still lead to the same problem.\nThis violate the design where parent's qlen should equal to the sum of its childrens'qlen.\nBug impact: This issue can be used for user->kernel privilege escalation when it is reachable.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21702"
}
],
"release_date": "2025-02-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-57980",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev->status pointer but doesn't reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev->status pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda ",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277",
"url": "https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49",
"url": "https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c",
"url": "https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d",
"url": "https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac",
"url": "https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22",
"url": "https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d6e5ba2516c5bef87c1fcb8189b6f3cad7c64b2d",
"url": "https://git.kernel.org/stable/c/d6e5ba2516c5bef87c1fcb8189b6f3cad7c64b2d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4",
"url": "https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4"
}
],
"release_date": "2025-02-27T02:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-27008",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb->or) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb->or is zero because ffs(dcb->or) is\nused as index there.\nThe 'or' argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from 'enum nouveau_or' in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-27008"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062",
"url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5",
"url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1",
"url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face",
"url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042",
"url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb",
"url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e",
"url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04",
"url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"
},
{
"category": "external",
"summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"category": "external",
"summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"release_date": "2024-05-01T06:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64",
"CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els27.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
}
]
}