{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "vsock: Keep the binding until socket destruction {CVE-2025-21756}\n- mt76: fix use-after-free by removing a non-RCU wcid pointer {CVE-2022-49328}\n- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() {CVE-2022-49840}\n- ASoC: core: Fix use-after-free in snd_soc_exit() {CVE-2022-49842}\n- net: sched: Fix use after free in red_enqueue() {CVE-2022-49921}\n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() {CVE-2022-49846}\n- ftrace: Fix use-after-free for dynamic ftrace_ops {CVE-2022-49892}\n- dm ioctl: prevent potential spectre v1 gadget {CVE-2022-49122}\n- scsi: libfc: Fix use after free in fc_exch_abts_resp() {CVE-2022-49114}\n- mac80211: fix potential double free on mesh join {CVE-2022-49290}\n- wifi: mac80211: fix use-after-free in chanctx code {CVE-2022-49416}\n- ext4: fix OOB read when checking dotdot dir {CVE-2025-37785}\n- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() {CVE-2023-52988}\n- tracing: Fix potential double free in create_var_ref() {CVE-2022-49410}\n- wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads {CVE-2022-49740}\n- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths {CVE-2022-48991}\n- cifs: potential buffer overflow in handling symlinks {CVE-2022-49058}\n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init {CVE-2022-49478}\n- HID: elan: Fix potential double free in elan_input_configured {CVE-2022-49508}\n- bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers {CVE-2023-52621}\n- drm/amd/pm: fix double free in si_parse_power_table() {CVE-2022-49530}\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() {CVE-2025-21780}\n- crypto: scomp - fix req->dst buffer overflow {CVE-2023-52612}\n- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket {CVE-2024-53168}\n- net: make sock_inuse_add() available {CVE-2024-53168}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/advisories/2025/clsa-2025_1749562017.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749562017", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749562017" } ], "tracking": { "current_release_date": "2025-06-10T13:30:14Z", "generator": { "date": "2025-06-10T13:30:14Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1749562017", "initial_release_date": "2025-06-10T13:30:14Z", "revision_history": [ { "date": "2025-06-10T13:30:14Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 24 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-internal@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-cross-headers@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_id": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@4.18.0-348.7.1.el8_5.tuxcare.els28?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-52988", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()\n\nsnd_hda_get_connections() can return a negative error code.\nIt may lead to accessing 'conn' array at a negative index.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52988" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1b9256c96220bcdba287eeeb90e7c910c77f8c46", "url": "https://git.kernel.org/stable/c/1b9256c96220bcdba287eeeb90e7c910c77f8c46" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2b557fa635e7487f638c0f030c305870839eeda2", "url": "https://git.kernel.org/stable/c/2b557fa635e7487f638c0f030c305870839eeda2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/437e50ef6290ac835d526d0e45f466a0aa69ba1b", "url": "https://git.kernel.org/stable/c/437e50ef6290ac835d526d0e45f466a0aa69ba1b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6e1f586ddec48d71016b81acf68ba9f49ca54db8", "url": "https://git.kernel.org/stable/c/6e1f586ddec48d71016b81acf68ba9f49ca54db8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b9cee506da2b7920b5ea02ccd8e78a907d0ee7aa", "url": "https://git.kernel.org/stable/c/b9cee506da2b7920b5ea02ccd8e78a907d0ee7aa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d6870f3800dbb212ae8433183ee82f566d067c6c", "url": "https://git.kernel.org/stable/c/d6870f3800dbb212ae8433183ee82f566d067c6c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f011360ad234a07cb6fbcc720fff646a93a9f0d6", "url": "https://git.kernel.org/stable/c/f011360ad234a07cb6fbcc720fff646a93a9f0d6" } ], "release_date": "2025-03-27T17:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49410", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix potential double free in create_var_ref()\n\nIn create_var_ref(), init_var_ref() is called to initialize the fields\nof variable ref_field, which is allocated in the previous function call\nto create_hist_field(). Function init_var_ref() allocates the\ncorresponding fields such as ref_field->system, but frees these fields\nwhen the function encounters an error. The caller later calls\ndestroy_hist_field() to conduct error handling, which frees the fields\nand the variable itself. This results in double free of the fields which\nare already freed in the previous function.\n\nFix this by storing NULL to the corresponding fields when they are freed\nin init_var_ref().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49410" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/058cb6d86b9789377216c936506b346aaa1eb581", "url": "https://git.kernel.org/stable/c/058cb6d86b9789377216c936506b346aaa1eb581" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/37443b3508b8cce6832f8d25cb4550b2f7801f50", "url": "https://git.kernel.org/stable/c/37443b3508b8cce6832f8d25cb4550b2f7801f50" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4fdfb15e08598711dbf50daf56a33965232daf0e", "url": "https://git.kernel.org/stable/c/4fdfb15e08598711dbf50daf56a33965232daf0e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/99696a2592bca641eb88cc9a80c90e591afebd0f", "url": "https://git.kernel.org/stable/c/99696a2592bca641eb88cc9a80c90e591afebd0f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bd83ff3bbfb003832481c9bff999d12385f396ae", "url": "https://git.kernel.org/stable/c/bd83ff3bbfb003832481c9bff999d12385f396ae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c27f744ceefadc7bbeb14233b6abc150ced617d2", "url": "https://git.kernel.org/stable/c/c27f744ceefadc7bbeb14233b6abc150ced617d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f8b383f83cb573152c577eca1ef101e89995b72a", "url": "https://git.kernel.org/stable/c/f8b383f83cb573152c577eca1ef101e89995b72a" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49478", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init\n\nSyzbot reported that -1 is used as array index. The problem was in\nmissing validation check.\n\nhdw->unit_number is initialized with -1 and then if init table walk fails\nthis value remains unchanged. Since code blindly uses this member for\narray indexing adding sanity check is the easiest fix for that.\n\nhdw->workpoll initialization moved upper to prevent warning in\n__flush_work.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49478" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827", "url": "https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e", "url": "https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e", "url": "https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a", "url": "https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67", "url": "https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059", "url": "https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9", "url": "https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7", "url": "https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511", "url": "https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49508", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: elan: Fix potential double free in elan_input_configured\n\n'input' is a managed resource allocated with devm_input_allocate_device(),\nso there is no need to call input_free_device() explicitly or\nthere will be a double free.\n\nAccording to the doc of devm_input_allocate_device():\n * Managed input devices do not need to be explicitly unregistered or\n * freed as it will be done automatically when owner device unbinds from\n * its driver (or binding fails).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49508" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6", "url": "https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47", "url": "https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38", "url": "https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3", "url": "https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd", "url": "https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90", "url": "https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08", "url": "https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49530", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix double free in si_parse_power_table()\n\nIn function si_parse_power_table(), array adev->pm.dpm.ps and its member\nis allocated. If the allocation of each member fails, the array itself\nis freed and returned with an error code. However, the array is later\nfreed again in si_dpm_fini() function which is called when the function\nreturns an error.\n\nThis leads to potential double free of the array adev->pm.dpm.ps, as\nwell as leak of its array members, since the members are not freed in\nthe allocation function and the array is not nulled when freed.\nIn addition adev->pm.dpm.num_ps, which keeps track of the allocated\narray member, is not updated until the member allocation is\nsuccessfully finished, this could also lead to either use after free,\nor uninitialized variable access in si_dpm_fini().\n\nFix this by postponing the free of the array until si_dpm_fini() and\nincrement adev->pm.dpm.num_ps everytime the array member is allocated.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49530" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7", "url": "https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/43eb9b667b95f2a31c63e8949b0d2161b9be59c3", "url": "https://git.kernel.org/stable/c/43eb9b667b95f2a31c63e8949b0d2161b9be59c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c5bdaa1325be7f04b79ea992ab216739192d342", "url": "https://git.kernel.org/stable/c/6c5bdaa1325be7f04b79ea992ab216739192d342" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a5ce7051db044290b1a95045ff03c249005a3aa4", "url": "https://git.kernel.org/stable/c/a5ce7051db044290b1a95045ff03c249005a3aa4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af832028af6f44c6c45645757079c4ed6884ade5", "url": "https://git.kernel.org/stable/c/af832028af6f44c6c45645757079c4ed6884ade5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0e811c4ccf3b42705976285e3a94cc82dea7300", "url": "https://git.kernel.org/stable/c/c0e811c4ccf3b42705976285e3a94cc82dea7300" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca1ce206894dd976275c78ee38dbc19873f22de9", "url": "https://git.kernel.org/stable/c/ca1ce206894dd976275c78ee38dbc19873f22de9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd", "url": "https://git.kernel.org/stable/c/f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd2eff8b9dcbe469c3b7bbbc7083ab5ed94de07b", "url": "https://git.kernel.org/stable/c/fd2eff8b9dcbe469c3b7bbbc7083ab5ed94de07b" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21780", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21780" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699", "url": "https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de", "url": "https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084", "url": "https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a", "url": "https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab", "url": "https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab" } ], "release_date": "2025-02-27T03:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-48991", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/khugepaged: invoke MMU notifiers in shmem/file collapse paths\n\nAny codepath that zaps page table entries must invoke MMU notifiers to\nensure that secondary MMUs (like KVM) don't keep accessing pages which\naren't mapped anymore. Secondary MMUs don't hold their own references to\npages that are mirrored over, so failing to notify them can lead to page\nuse-after-free.\n\nI'm marking this as addressing an issue introduced in commit f3f0e1d2150b\n(\"khugepaged: add support of collapse for tmpfs/shmem pages\"), but most of\nthe security impact of this only came in commit 27e1f8273113 (\"khugepaged:\nenable collapse pmd for pte-mapped THP\"), which actually omitted flushes\nfor the removal of present PTEs, not just for the removal of empty page\ntables.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48991" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3", "url": "https://git.kernel.org/stable/c/1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/275c626c131cfe141beeb6c575e31fa53d32da19", "url": "https://git.kernel.org/stable/c/275c626c131cfe141beeb6c575e31fa53d32da19" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5450535901d89a5dcca5fbbc59a24fe89caeb465", "url": "https://git.kernel.org/stable/c/5450535901d89a5dcca5fbbc59a24fe89caeb465" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5ffc2a75534d9d74d49760f983f8eb675fa63d69", "url": "https://git.kernel.org/stable/c/5ffc2a75534d9d74d49760f983f8eb675fa63d69" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7f445ca2e0e59c7971d0b7b853465e50844ab596", "url": "https://git.kernel.org/stable/c/7f445ca2e0e59c7971d0b7b853465e50844ab596" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c23105673228c349739e958fa33955ed8faddcaf", "url": "https://git.kernel.org/stable/c/c23105673228c349739e958fa33955ed8faddcaf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f268f6cf875f3220afc77bdd0bf1bb136eb54db9", "url": "https://git.kernel.org/stable/c/f268f6cf875f3220afc77bdd0bf1bb136eb54db9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3", "url": "https://git.kernel.org/stable/c/ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3" } ], "release_date": "2024-10-21T20:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37785", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains '.' dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least '.'\nand '..' as directory entries in the first data block. It first loads\nthe '.' dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of '..' dir\nentry (in ext4_next_entry). It assumes the '..' dir entry fits into the\nsame data block.\n\nIf the rec_len of '.' is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for '.' dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[ 38.595158]\n[ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 38.595304] Call Trace:\n[ 38.595308] \n[ 38.595311] dump_stack_lvl+0xa7/0xd0\n[ 38.595325] print_address_description.constprop.0+0x2c/0x3f0\n[ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595349] print_report+0xaa/0x250\n[ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595368] ? kasan_addr_to_slab+0x9/0x90\n[ 38.595378] kasan_report+0xab/0xe0\n[ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595400] __ext4_check_dir_entry+0x67e/0x710\n[ 38.595410] ext4_empty_dir+0x465/0x990\n[ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10\n[ 38.595432] ext4_rmdir.part.0+0x29a/0xd10\n[ 38.595441] ? __dquot_initialize+0x2a7/0xbf0\n[ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[ 38.595464] ? __pfx___dquot_initialize+0x10/0x10\n[ 38.595478] ? down_write+0xdb/0x140\n[ 38.595487] ? __pfx_down_write+0x10/0x10\n[ 38.595497] ext4_rmdir+0xee/0x140\n[ 38.595506] vfs_rmdir+0x209/0x670\n[ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190\n[ 38.595529] do_rmdir+0x363/0x3c0\n[ 38.595537] ? __pfx_do_rmdir+0x10/0x10\n[ 38.595544] ? strncpy_from_user+0x1ff/0x2e0\n[ 38.595561] __x64_sys_unlinkat+0xf0/0x130\n[ 38.595570] do_syscall_64+0x5b/0x180\n[ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37785" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351", "url": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842", "url": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00", "url": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93", "url": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b", "url": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78", "url": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b", "url": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353", "url": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4", "url": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4" } ], "release_date": "2025-04-18T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49416", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac80211: fix use-after-free in chanctx code\nIn ieee80211_vif_use_reserved_context(), when we have an\nold context and the new context's replace_state is set to\nIEEE80211_CHANCTX_REPLACE_NONE, we free the old context\nin ieee80211_vif_use_reserved_reassign(). Therefore, we\ncannot check the old_ctx anymore, so we should set it to\nNULL after this point.\nHowever, since the new_ctx replace state is clearly not\nIEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do\nanything else in this function and can just return to\navoid accessing the freed old_ctx.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49416" } ], "release_date": "2025-02-26T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49290", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix potential double free on mesh join\n\nWhile commit 6a01afcf8468 (\"mac80211: mesh: Free ie data when leaving\nmesh\") fixed a memory leak on mesh leave / teardown it introduced a\npotential memory corruption caused by a double free when rejoining the\nmesh:\n\n ieee80211_leave_mesh()\n -> kfree(sdata->u.mesh.ie);\n ...\n ieee80211_join_mesh()\n -> copy_mesh_setup()\n -> old_ie = ifmsh->ie;\n -> kfree(old_ie);\n\nThis double free / kernel panics can be reproduced by using wpa_supplicant\nwith an encrypted mesh (if set up without encryption via \"iw\" then\nifmsh->ie is always NULL, which avoids this issue). And then calling:\n\n $ iw dev mesh0 mesh leave\n $ iw dev mesh0 mesh join my-mesh\n\nNote that typically these commands are not used / working when using\nwpa_supplicant. And it seems that wpa_supplicant or wpa_cli are going\nthrough a NETDEV_DOWN/NETDEV_UP cycle between a mesh leave and mesh join\nwhere the NETDEV_UP resets the mesh.ie to NULL via a memcpy of\ndefault_mesh_setup in cfg80211_netdev_notifier_call, which then avoids\nthe memory corruption, too.\n\nThe issue was first observed in an application which was not using\nwpa_supplicant but \"Senf\" instead, which implements its own calls to\nnl80211.\n\nFixing the issue by removing the kfree()'ing of the mesh IE in the mesh\njoin function and leaving it solely up to the mesh leave to free the\nmesh IE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49290" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/12e407a8ef17623823fd0c066fbd7f103953d28d", "url": "https://git.kernel.org/stable/c/12e407a8ef17623823fd0c066fbd7f103953d28d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/273ebddc5fda2967492cb0b6cdd7d81cfb821b76", "url": "https://git.kernel.org/stable/c/273ebddc5fda2967492cb0b6cdd7d81cfb821b76" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3bbd0000d012f92aec423b224784fbf0f7bf40f8", "url": "https://git.kernel.org/stable/c/3bbd0000d012f92aec423b224784fbf0f7bf40f8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/46bb87d40683337757a2f902fcd4244b32bb4e86", "url": "https://git.kernel.org/stable/c/46bb87d40683337757a2f902fcd4244b32bb4e86" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4a2d4496e15ea5bb5c8e83b94ca8ca7fb045e7d3", "url": "https://git.kernel.org/stable/c/4a2d4496e15ea5bb5c8e83b94ca8ca7fb045e7d3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/582d8c60c0c053684f7138875e8150d5749ffc17", "url": "https://git.kernel.org/stable/c/582d8c60c0c053684f7138875e8150d5749ffc17" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5d3ff9542a40ce034416bca03864709540a36016", "url": "https://git.kernel.org/stable/c/5d3ff9542a40ce034416bca03864709540a36016" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/615716af8644813355e014314a0bc1e961250f5a", "url": "https://git.kernel.org/stable/c/615716af8644813355e014314a0bc1e961250f5a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1d9c3628ef0a0ca197595d0f9e01cd3b5dda186", "url": "https://git.kernel.org/stable/c/c1d9c3628ef0a0ca197595d0f9e01cd3b5dda186" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els28.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }