{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() {CVE-2024-57798}\n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() {CVE-2022-49720}\n- drm: nv04: Fix out of bounds access {CVE-2024-27008}\n- parport: Proper fix for array out-of-bounds access {CVE-2024-50074}\n- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd {CVE-2025-21969}\n- media: uvcvideo: Fix double free in error path {CVE-2024-57980}\n- vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791}\n- geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858}\n- dm-crypt: don't modify the data when using authenticated encryption {CVE-2024-26763}\n- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702}\n- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993}\n- vlan: enforce underlying device type {CVE-2025-21920}\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928}\n- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices {CVE-2024-53197}\n- can: bcm: Fix UAF in bcm_proc_show() {CVE-2023-52922}\n- gso: do not skip outer ip header in case of ipip and net_failover {CVE-2022-48936}\n- cifs: fix potential double free during failed mount {CVE-2022-49541}\n- bpf: Fix out of bounds access for ringbuf helpers {CVE-2021-4204}\n- bpf: Generally fix helper register offset check {CVE-2021-4204}\n- bpf: Generalize check_ctx_reg for reuse with other types {CVE-2021-4204}\n- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701}\n- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() {CVE-2022-48702}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/advisories/2025/clsa-2025_1747688831.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747688831", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747688831" } ], "tracking": { "current_release_date": "2025-05-19T21:09:54Z", "generator": { "date": "2025-05-19T21:09:54Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1747688831", "initial_release_date": "2025-05-19T21:09:54Z", "revision_history": [ { "date": "2025-05-19T21:09:54Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 20 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-internal@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-cross-headers@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_id": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@4.18.0-348.7.1.el8_5.tuxcare.els27?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-48702", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()\n\nThe voice allocator sometimes begins allocating from near the end of the\narray and then wraps around, however snd_emu10k1_pcm_channel_alloc()\naccesses the newly allocated voices as if it never wrapped around.\n\nThis results in out of bounds access if the first voice has a high enough\nindex so that first_voice + requested_voice_count > NUM_G (64).\nThe more voices are requested, the more likely it is for this to occur.\n\nThis was initially discovered using PipeWire, however it can be reproduced\nby calling aplay multiple times with 16 channels:\naplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero\n\nUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40\nindex 65 is out of range for type 'snd_emu10k1_voice [64]'\nCPU: 1 PID: 31977 Comm: aplay Tainted: G W IOE 6.0.0-rc2-emu10k1+ #7\nHardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 07/22/2010\nCall Trace:\n\ndump_stack_lvl+0x49/0x63\ndump_stack+0x10/0x16\nubsan_epilogue+0x9/0x3f\n__ubsan_handle_out_of_bounds.cold+0x44/0x49\nsnd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]\nsnd_pcm_hw_params+0x29f/0x600 [snd_pcm]\nsnd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]\n? exit_to_user_mode_prepare+0x35/0x170\n? do_syscall_64+0x69/0x90\n? syscall_exit_to_user_mode+0x26/0x50\n? do_syscall_64+0x69/0x90\n? exit_to_user_mode_prepare+0x35/0x170\nsnd_pcm_ioctl+0x27/0x40 [snd_pcm]\n__x64_sys_ioctl+0x95/0xd0\ndo_syscall_64+0x5c/0x90\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48702" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c", "url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178", "url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2", "url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1", "url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa", "url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275", "url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7", "url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f", "url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f" } ], "release_date": "2024-05-03T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49541", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential double free during failed mount\n\nRHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49541" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8378a51e3f8140f60901fb27208cc7a6e47047b5", "url": "https://git.kernel.org/stable/c/8378a51e3f8140f60901fb27208cc7a6e47047b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9a167fc440e5693c1cdd7f07071e05658bd9d89d", "url": "https://git.kernel.org/stable/c/9a167fc440e5693c1cdd7f07071e05658bd9d89d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4", "url": "https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb", "url": "https://git.kernel.org/stable/c/ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21969", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21969" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28", "url": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d", "url": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d", "url": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9", "url": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49720", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n\nThis patch prevents that test nvme/004 triggers the following:\n\nUBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9\nindex 512 is out of range for type 'long unsigned int [512]'\nCall Trace:\n show_stack+0x52/0x58\n dump_stack_lvl+0x49/0x5e\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x3b\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n blk_mq_alloc_request_hctx+0x304/0x310\n __nvme_submit_sync_cmd+0x70/0x200 [nvme_core]\n nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics]\n nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop]\n nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop]\n nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics]\n nvmf_dev_write+0xae/0x111 [nvme_fabrics]\n vfs_write+0x144/0x560\n ksys_write+0xb7/0x140\n __x64_sys_write+0x42/0x50\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49720" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/14dc7a18abbe4176f5626c13c333670da8e06aa1", "url": "https://git.kernel.org/stable/c/14dc7a18abbe4176f5626c13c333670da8e06aa1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341b60927952f31c19", "url": "https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341b60927952f31c19" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c46d464152fafff73", "url": "https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c46d464152fafff73" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b5e65ef044d627effdc2599040b6d204e003f955", "url": "https://git.kernel.org/stable/c/b5e65ef044d627effdc2599040b6d204e003f955" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-48701", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()\n\nThere may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and\nthe number of it's interfaces less than 4, an out-of-bounds read bug occurs\nwhen parsing the interface descriptor for this device.\n\nFix this by checking the number of interfaces.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48701" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712", "url": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936", "url": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf", "url": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0", "url": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251", "url": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd", "url": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061", "url": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf", "url": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf" } ], "release_date": "2024-05-03T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-4204", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-4204" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-4204", "url": "https://access.redhat.com/security/cve/CVE-2021-4204" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2039178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039178" }, { "category": "external", "summary": "https://security-tracker.debian.org/tracker/CVE-2021-4204", "url": "https://security-tracker.debian.org/tracker/CVE-2021-4204" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20221228-0003/", "url": "https://security.netapp.com/advisory/ntap-20221228-0003/" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/11/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/11/4" } ], "release_date": "2022-08-24T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21920", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvlan: enforce underlying device type\n\nCurrently, VLAN devices can be created on top of non-ethernet devices.\n\nBesides the fact that it doesn't make much sense, this also causes a\nbug which leaks the address of a kernel function to usermode.\n\nWhen creating a VLAN device, we initialize GARP (garp_init_applicant)\nand MRP (mrp_init_applicant) for the underlying device.\n\nAs part of the initialization process, we add the multicast address of\neach applicant to the underlying device, by calling dev_mc_add.\n\n__dev_mc_add uses dev->addr_len to determine the length of the new\nmulticast address.\n\nThis causes an out-of-bounds read if dev->addr_len is greater than 6,\nsince the multicast addresses provided by GARP and MRP are only 6\nbytes long.\n\nThis behaviour can be reproduced using the following commands:\n\nip tunnel add gretest mode ip6gre local ::1 remote ::2 dev lo\nip l set up dev gretest\nip link add link gretest name vlantest type vlan id 100\n\nThen, the following command will display the address of garp_pdu_rcv:\n\nip maddr show | grep 01:80:c2:00:00:21\n\nFix the bug by enforcing the type of the underlying device during VLAN\ndevice initialization.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21920" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0fb7aa04c19eac4417f360a9f7611a60637bdacc", "url": "https://git.kernel.org/stable/c/0fb7aa04c19eac4417f360a9f7611a60637bdacc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/30e8aee77899173a82ae5ed89f536c096f20aaeb", "url": "https://git.kernel.org/stable/c/30e8aee77899173a82ae5ed89f536c096f20aaeb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3561442599804905c3defca241787cd4546e99a7", "url": "https://git.kernel.org/stable/c/3561442599804905c3defca241787cd4546e99a7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5a515d13e15536e82c5c7c83eb6cf5bc4827fee5", "url": "https://git.kernel.org/stable/c/5a515d13e15536e82c5c7c83eb6cf5bc4827fee5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7f1564b2b2072b7aa1ac75350e9560a07c7a44fd", "url": "https://git.kernel.org/stable/c/7f1564b2b2072b7aa1ac75350e9560a07c7a44fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b33a534610067ade2bdaf2052900aaad99701353", "url": "https://git.kernel.org/stable/c/b33a534610067ade2bdaf2052900aaad99701353" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b6c72479748b7ea09f53ed64b223cee6463dc278", "url": "https://git.kernel.org/stable/c/b6c72479748b7ea09f53ed64b223cee6463dc278" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fa40ebef69234e39ec2d26930d045f2fb9a8cb2b", "url": "https://git.kernel.org/stable/c/fa40ebef69234e39ec2d26930d045f2fb9a8cb2b" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21928", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21928" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60", "url": "https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f", "url": "https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d", "url": "https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada", "url": "https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394", "url": "https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625", "url": "https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e", "url": "https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9", "url": "https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21993", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21993" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5", "url": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d", "url": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c", "url": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70", "url": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb", "url": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f", "url": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab", "url": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940", "url": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940" } ], "release_date": "2025-04-02T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52922", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncan: bcm: Fix UAF in bcm_proc_show()\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0xd5/0x150\nprint_report+0xc1/0x5e0\nkasan_report+0xba/0xf0\nbcm_proc_show+0x969/0xa80\nseq_read_iter+0x4f6/0x1260\nseq_read+0x165/0x210\nproc_reg_read+0x227/0x300\nvfs_read+0x1d5/0x8d0\nksys_read+0x11e/0x240\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nAllocated by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\n__kasan_kmalloc+0x9e/0xa0\nbcm_sendmsg+0x264b/0x44e0\nsock_sendmsg+0xda/0x180\n____sys_sendmsg+0x735/0x920\n___sys_sendmsg+0x11d/0x1b0\n__sys_sendmsg+0xfa/0x1d0\ndo_syscall_64+0x35/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 7846:\nkasan_save_stack+0x1e/0x40\nkasan_set_track+0x21/0x30\nkasan_save_free_info+0x27/0x40\n____kasan_slab_free+0x161/0x1c0\nslab_free_freelist_hook+0x119/0x220\n__kmem_cache_free+0xb4/0x2e0\nrcu_core+0x809/0x1bd0\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52922" } ], "release_date": "2024-11-28T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }