{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.4els/vex/2025/cve-2025-38350-els_os-centos8_4els.json" } ], "title": "Security update on CVE-2025-38350", "tracking": { "current_release_date": "2025-12-23T22:15:38Z", "generator": { "date": "2025-12-23T22:15:38Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-38350-ELS_OS-CENTOS8.4ELS", "initial_release_date": "2025-07-19T00:00:00Z", "revision_history": [ { "date": "2025-07-19T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-09-15T18:48:31Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.4", "product": { "name": "Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.4:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python3-perf@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules-internal@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-core@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/bpftool@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-core@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules-extra@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-internal@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-selftests-internal@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-cross-headers@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-ipaclones-internal@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product": { "name": "perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_id": "perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/perf@4.18.0-305.25.1.el8_4.tuxcare.els31?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" }, "product_reference": "perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "relates_to_product_reference": "CentOS-8.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-38350", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: Always pass notifications when child class becomes empty\nCertain classful qdiscs may invoke their classes' dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent's parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\ntc qdisc add dev lo root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo parent 1: classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\ntc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\ntc qdisc add dev lo parent 2:1 handle 3: netem\ntc qdisc add dev lo parent 3:1 handle 4: blackhole\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\ntc class delete dev lo classid 1:1\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38350" } ], "release_date": "2025-07-19T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:kernel-debug-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:python3-perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-tools-libs-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:bpftool-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-modules-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-core-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-modules-extra-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-devel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-debug-modules-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-tools-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-tools-libs-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-selftests-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-cross-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-ipaclones-internal-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:kernel-headers-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64", "CentOS-8.4:perf-0:4.18.0-305.25.1.el8_4.tuxcare.els31.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }