{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Bluetooth: Fix use after free in hci_send_acl {CVE-2022-49111}\n- drm/amd/display: clear optc underflow before turn off odm clock {CVE-2022-49969}\n- NFSv4/pnfs: Fix a use-after-free bug in open {CVE-2022-50072}\n- NFSv4: Don't hold the layoutget locks across multiple RPC calls {CVE-2022-50072}\n- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() {CVE-2022-49940}\n- net: atlantic: fix aq_vec index out of range error {CVE-2022-50066}\n- ndisc: use RCU protection in ndisc_alloc_skb() {CVE-2025-21764}\n- udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803}\n- mptcp: fix race on unaccepted mptcp sockets {CVE-2022-49669}\n- net: introduce and use lock_sock_fast_nested() {CVE-2022-49669}\n- net: add annotation for sock_{lock,unlock}_fast {CVE-2022-49669}\n- net/mlx5: Always stop health timer during driver removal {CVE-2024-40906}\n- nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open {CVE-2024-46682}\n- nfsd: fix possible badness in FREE_STATEID {CVE-2024-50043}\n- nfsd: fix race between laundromat and free_stateid {CVE-2024-50106}\n- nfsd: split sc_status out of sc_type {CVE-2024-50106}\n- nfsd: avoid race after unhash_delegation_locked() {CVE-2024-50106}\n- nfsd: remove fault injection code {CVE-2024-50106}\n- nfsd: don't call functions with side-effecting inside WARN_ON() {CVE-2024-50106}\n- ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 {CVE-2022-49238}\n- cifs: Fix UAF in cifs_demultiplex_thread() {CVE-2023-52572}\n- cifs: fix potential double free during failed mount {CVE-2022-49541}\n- xfrm: state: fix out-of-bounds read during lookup {CVE-2024-57982}\n- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() {CVE-2024-50282}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.4els/advisories/2025/clsa-2025_1753297988.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753297988", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753297988" } ], "tracking": { "current_release_date": "2025-07-23T19:15:07Z", "generator": { "date": "2025-07-23T19:15:07Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1753297988", "initial_release_date": "2025-07-23T19:15:07Z", "revision_history": [ { "date": "2025-07-23T19:15:07Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 17 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.4", "product": { "name": "Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.4:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python3-perf@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules-internal@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-core@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/bpftool@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product": { "name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_id": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-core@4.18.0-305.25.1.el8_4.tuxcare.els29?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" }, "product_reference": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-50043", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix possible badness in FREE_STATEID\n\nWhen multiple FREE_STATEIDs are sent for the same delegation stateid,\nit can lead to a possible either use-after-free or counter refcount\nunderflow errors.\n\nIn nfsd4_free_stateid() under the client lock we find a delegation\nstateid, however the code drops the lock before calling nfs4_put_stid(),\nthat allows another FREE_STATE to find the stateid again. The first one\nwill proceed to then free the stateid which leads to either\nuse-after-free or decrementing already zeroed counter.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50043" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ca9e472ce5c67daa3188a348ece8c02a0765039", "url": "https://git.kernel.org/stable/c/7ca9e472ce5c67daa3188a348ece8c02a0765039" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c88c150a467fcb670a1608e2272beeee3e86df6e", "url": "https://git.kernel.org/stable/c/c88c150a467fcb670a1608e2272beeee3e86df6e" } ], "release_date": "2024-10-21T20:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-46682", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open\n\nPrior to commit 3f29cc82a84c (\"nfsd: split sc_status out of\nsc_type\") states_show() relied on sc_type field to be of valid\ntype before calling into a subfunction to show content of a\nparticular stateid. From that commit, we split the validity of\nthe stateid into sc_status and no longer changed sc_type to 0\nwhile unhashing the stateid. This resulted in kernel oopsing\nfor nfsv4.0 opens that stay around and in nfs4_show_open()\nwould derefence sc_file which was NULL.\n\nInstead, for closed open stateids forgo displaying information\nthat relies of having a valid sc_file.\n\nTo reproduce: mount the server with 4.0, read and close\na file and then on the server cat /proc/fs/nfsd/clients/2/states\n\n[ 513.590804] Call trace:\n[ 513.590925] _raw_spin_lock+0xcc/0x160\n[ 513.591119] nfs4_show_open+0x78/0x2c0 [nfsd]\n[ 513.591412] states_show+0x44c/0x488 [nfsd]\n[ 513.591681] seq_read_iter+0x5d8/0x760\n[ 513.591896] seq_read+0x188/0x208\n[ 513.592075] vfs_read+0x148/0x470\n[ 513.592241] ksys_read+0xcc/0x178", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-46682" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a204501e1743d695ca2930ed25a2be9f8ced96d3", "url": "https://git.kernel.org/stable/c/a204501e1743d695ca2930ed25a2be9f8ced96d3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ba0b697de298285301c71c258598226e06494236", "url": "https://git.kernel.org/stable/c/ba0b697de298285301c71c258598226e06494236" } ], "release_date": "2024-09-13T06:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2022-50072", "cwe": { "id": "CWE-763", "name": "Release of Invalid Pointer or Reference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nNFSv4/pnfs: Fix a use-after-free bug in open\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50072" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49969", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: clear optc underflow before turn off odm clock\n[Why]\nAfter ODM clock off, optc underflow bit will be kept there always and clear not work.\nWe need to clear that before clock off.\n[How]\nClear that if have when clock off.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49969" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49940", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()\nA null pointer dereference can happen when attempting to access the\n\"gsm->receive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm->recieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm->receive() function will not be set and a\nNULL pointer dereference will occur.\nFix this by avoiding the call to \"gsm->receive()\" in case the function is\nnot initialized by adding a sanity check.\nCall Trace:\n\ngsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\ntiocsti drivers/tty/tty_io.c:2293 [inline]\ntty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:870 [inline]\n__se_sys_ioctl fs/ioctl.c:856 [inline]\n__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49940" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-50066", "cwe": { "id": "CWE-823", "name": "Use of Out-of-range Pointer Offset" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atlantic: fix aq_vec index out of range error\nThe final update statement of the for loop exceeds the array range, the\ndereference of self->aq_vec[i] is not checked and then leads to the\nindex out of range error.\nAlso fixed this kind of coding style in other for loop.\n[ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48\n[ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]'\n[ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2\n[ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022\n[ 97.937611] Workqueue: events_unbound async_run_entry_fn\n[ 97.937616] Call Trace:\n[ 97.937617] \n[ 97.937619] dump_stack_lvl+0x49/0x63\n[ 97.937624] dump_stack+0x10/0x16\n[ 97.937626] ubsan_epilogue+0x9/0x3f\n[ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[ 97.937629] ? __scm_send+0x348/0x440\n[ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic]\n[ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic]\n[ 97.937644] aq_suspend_common+0x88/0x90 [atlantic]\n[ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic]\n[ 97.937653] pci_pm_suspend+0x7e/0x1a0\n[ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0\n[ 97.937657] dpm_run_callback+0x54/0x190\n[ 97.937660] __device_suspend+0x14c/0x4d0\n[ 97.937661] async_suspend+0x23/0x70\n[ 97.937663] async_run_entry_fn+0x33/0x120\n[ 97.937664] process_one_work+0x21f/0x3f0\n[ 97.937666] worker_thread+0x4a/0x3c0\n[ 97.937668] ? process_one_work+0x3f0/0x3f0\n[ 97.937669] kthread+0xf0/0x120\n[ 97.937671] ? kthread_complete_and_exit+0x20/0x20\n[ 97.937672] ret_from_fork+0x22/0x30\n[ 97.937676] \nv2. fixed \"warning: variable 'aq_vec' set but not used\"\nv3. simplified a for loop", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50066" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21764", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nndisc: use RCU protection in ndisc_alloc_skb()\nndisc_alloc_skb() can be called without RTNL or RCU being held.\nAdd RCU protection to avoid possible UAF.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21764" } ], "release_date": "2025-02-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37803", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64 when calculate pglimit.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37803" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f", "url": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9", "url": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a", "url": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33", "url": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe", "url": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2", "url": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f", "url": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f" } ], "release_date": "2025-05-08T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49669", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmptcp: fix race on unaccepted mptcp sockets\nWhen the listener socket owning the relevant request is closed,\nit frees the unaccepted subflows and that causes later deletion\nof the paired MPTCP sockets.\nThe mptcp socket's worker can run in the time interval between such delete\noperations. When that happens, any access to msk->first will cause an UaF\naccess, as the subflow cleanup did not cleared such field in the mptcp\nsocket.\nAddress the issue explicitly traversing the listener socket accept\nqueue at close time and performing the needed cleanup on the pending\nmsk.\nNote that the locking is a bit tricky, as we need to acquire the msk\nsocket lock, while still owning the subflow socket one.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49669" } ], "release_date": "2025-02-26T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52572", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix UAF in cifs_demultiplex_thread()\n\nThere is a UAF when xfstests on cifs:\n\n BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160\n Read of size 4 at addr ffff88810103fc08 by task cifsd/923\n\n CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45\n ...\n Call Trace:\n \n dump_stack_lvl+0x34/0x44\n print_report+0x171/0x472\n kasan_report+0xad/0x130\n kasan_check_range+0x145/0x1a0\n smb2_is_network_name_deleted+0x27/0x160\n cifs_demultiplex_thread.cold+0x172/0x5a4\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n \n\n Allocated by task 923:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_slab_alloc+0x54/0x60\n kmem_cache_alloc+0x147/0x320\n mempool_alloc+0xe1/0x260\n cifs_small_buf_get+0x24/0x60\n allocate_buffers+0xa1/0x1c0\n cifs_demultiplex_thread+0x199/0x10d0\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n\n Freed by task 921:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x143/0x1b0\n kmem_cache_free+0xe3/0x4d0\n cifs_small_buf_release+0x29/0x90\n SMB2_negotiate+0x8b7/0x1c60\n smb2_negotiate+0x51/0x70\n cifs_negotiate_protocol+0xf0/0x160\n cifs_get_smb_ses+0x5fa/0x13c0\n mount_get_conns+0x7a/0x750\n cifs_mount+0x103/0xd00\n cifs_smb3_do_mount+0x1dd/0xcb0\n smb3_get_tree+0x1d5/0x300\n vfs_get_tree+0x41/0xf0\n path_mount+0x9b3/0xdd0\n __x64_sys_mount+0x190/0x1d0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe UAF is because:\n\n mount(pid: 921) | cifsd(pid: 923)\n-------------------------------|-------------------------------\n | cifs_demultiplex_thread\nSMB2_negotiate |\n cifs_send_recv |\n compound_send_recv |\n smb_send_rqst |\n wait_for_response |\n wait_event_state [1] |\n | standard_receive3\n | cifs_handle_standard\n | handle_mid\n | mid->resp_buf = buf; [2]\n | dequeue_mid [3]\n KILL the process [4] |\n resp_iov[i].iov_base = buf |\n free_rsp_buf [5] |\n | is_network_name_deleted [6]\n | callback\n\n1. After send request to server, wait the response until\n mid->mid_state != SUBMITTED;\n2. Receive response from server, and set it to mid;\n3. Set the mid state to RECEIVED;\n4. Kill the process, the mid state already RECEIVED, get 0;\n5. Handle and release the negotiate response;\n6. UAF.\n\nIt can be easily reproduce with add some delay in [3] - [6].\n\nOnly sync call has the problem since async call's callback is\nexecuted in cifsd process.\n\nAdd an extra state to mark the mid state to READY before wakeup the\nwaitter, then it can get the resp safely.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52572" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a", "url": "https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3", "url": "https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/99960d282fba6634fa758df4124cb73ef8a77d8a", "url": "https://git.kernel.org/stable/c/99960d282fba6634fa758df4124cb73ef8a77d8a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f", "url": "https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ed3b36f351d97dacb62cd0f399e8cf79f73bd30a", "url": "https://git.kernel.org/stable/c/ed3b36f351d97dacb62cd0f399e8cf79f73bd30a" } ], "release_date": "2024-03-02T22:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }