{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Bluetooth: Fix use after free in hci_send_acl {CVE-2022-49111}\n- NFSv4/pnfs: Fix a use-after-free bug in open {CVE-2022-50072}\n- NFSv4: Don't hold the layoutget locks across multiple RPC calls {CVE-2022-50072}\n- net: qrtr: start MHI channel after endpoit creation {CVE-2022-50044}\n- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() {CVE-2022-49940}\n- net: atlantic: fix aq_vec index out of range error {CVE-2022-50066}\n- ndisc: use RCU protection in ndisc_alloc_skb() {CVE-2025-21764}\n- udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803}\n- mptcp: fix race on unaccepted mptcp sockets {CVE-2022-49669}\n- net: introduce and use lock_sock_fast_nested() {CVE-2022-49669}\n- net: add annotation for sock_{lock,unlock}_fast {CVE-2022-49669}\n- net/mlx5: Always stop health timer during driver removal {CVE-2024-40906}\n- nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open {CVE-2024-46682}\n- nfsd: fix possible badness in FREE_STATEID {CVE-2024-50043}\n- nfsd: fix race between laundromat and free_stateid {CVE-2024-50106}\n- nfsd: split sc_status out of sc_type {CVE-2024-50106}\n- nfsd: avoid race after unhash_delegation_locked() {CVE-2024-50106}\n- nfsd: remove fault injection code {CVE-2024-50106}\n- nfsd: don't call functions with side-effecting inside WARN_ON() {CVE-2024-50106}\n- ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 {CVE-2022-49238}\n- cifs: Fix UAF in cifs_demultiplex_thread() {CVE-2023-52572}\n- xfrm: state: fix out-of-bounds read during lookup {CVE-2024-57982}\n- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() {CVE-2024-50282}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/advisories/2025/clsa-2025_1753298320.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753298320", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753298320" } ], "tracking": { "current_release_date": "2025-07-23T19:20:41Z", "generator": { "date": "2025-07-23T19:20:41Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1753298320", "initial_release_date": "2025-07-23T19:20:41Z", "revision_history": [ { "date": "2025-07-23T19:20:41Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 16 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools-libs@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-modules-internal@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-tools@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-cross-headers@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_id": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@4.18.0-348.7.1.el8_5.tuxcare.els29?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-50043", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix possible badness in FREE_STATEID\n\nWhen multiple FREE_STATEIDs are sent for the same delegation stateid,\nit can lead to a possible either use-after-free or counter refcount\nunderflow errors.\n\nIn nfsd4_free_stateid() under the client lock we find a delegation\nstateid, however the code drops the lock before calling nfs4_put_stid(),\nthat allows another FREE_STATE to find the stateid again. The first one\nwill proceed to then free the stateid which leads to either\nuse-after-free or decrementing already zeroed counter.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50043" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ca9e472ce5c67daa3188a348ece8c02a0765039", "url": "https://git.kernel.org/stable/c/7ca9e472ce5c67daa3188a348ece8c02a0765039" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c88c150a467fcb670a1608e2272beeee3e86df6e", "url": "https://git.kernel.org/stable/c/c88c150a467fcb670a1608e2272beeee3e86df6e" } ], "release_date": "2024-10-21T20:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-46682", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open\n\nPrior to commit 3f29cc82a84c (\"nfsd: split sc_status out of\nsc_type\") states_show() relied on sc_type field to be of valid\ntype before calling into a subfunction to show content of a\nparticular stateid. From that commit, we split the validity of\nthe stateid into sc_status and no longer changed sc_type to 0\nwhile unhashing the stateid. This resulted in kernel oopsing\nfor nfsv4.0 opens that stay around and in nfs4_show_open()\nwould derefence sc_file which was NULL.\n\nInstead, for closed open stateids forgo displaying information\nthat relies of having a valid sc_file.\n\nTo reproduce: mount the server with 4.0, read and close\na file and then on the server cat /proc/fs/nfsd/clients/2/states\n\n[ 513.590804] Call trace:\n[ 513.590925] _raw_spin_lock+0xcc/0x160\n[ 513.591119] nfs4_show_open+0x78/0x2c0 [nfsd]\n[ 513.591412] states_show+0x44c/0x488 [nfsd]\n[ 513.591681] seq_read_iter+0x5d8/0x760\n[ 513.591896] seq_read+0x188/0x208\n[ 513.592075] vfs_read+0x148/0x470\n[ 513.592241] ksys_read+0xcc/0x178", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-46682" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a204501e1743d695ca2930ed25a2be9f8ced96d3", "url": "https://git.kernel.org/stable/c/a204501e1743d695ca2930ed25a2be9f8ced96d3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ba0b697de298285301c71c258598226e06494236", "url": "https://git.kernel.org/stable/c/ba0b697de298285301c71c258598226e06494236" } ], "release_date": "2024-09-13T06:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2022-50072", "cwe": { "id": "CWE-763", "name": "Release of Invalid Pointer or Reference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nNFSv4/pnfs: Fix a use-after-free bug in open\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50072" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-50044", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: qrtr: start MHI channel after endpoit creation\nMHI channel may generates event/interrupt right after enabling.\nIt may leads to 2 race conditions issues.\n1)\nSuch event may be dropped by qcom_mhi_qrtr_dl_callback() at check:\nif (!qdev || mhi_res->transaction_status)\nreturn;\nBecause dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at\nthis moment. In this situation qrtr-ns will be unable to enumerate\nservices in device.\n---------------------------------------------------------------\n2)\nSuch event may come at the moment after dev_set_drvdata() and\nbefore qrtr_endpoint_register(). In this case kernel will panic with\naccessing wrong pointer at qcom_mhi_qrtr_dl_callback():\nrc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr,\nmhi_res->bytes_xferd);\nBecause endpoint is not created yet.\n--------------------------------------------------------------\nSo move mhi_prepare_for_transfer_autoqueue after endpoint creation\nto fix it.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50044" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49940", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()\nA null pointer dereference can happen when attempting to access the\n\"gsm->receive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm->recieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm->receive() function will not be set and a\nNULL pointer dereference will occur.\nFix this by avoiding the call to \"gsm->receive()\" in case the function is\nnot initialized by adding a sanity check.\nCall Trace:\n\ngsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\ntiocsti drivers/tty/tty_io.c:2293 [inline]\ntty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:870 [inline]\n__se_sys_ioctl fs/ioctl.c:856 [inline]\n__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49940" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-50066", "cwe": { "id": "CWE-823", "name": "Use of Out-of-range Pointer Offset" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atlantic: fix aq_vec index out of range error\nThe final update statement of the for loop exceeds the array range, the\ndereference of self->aq_vec[i] is not checked and then leads to the\nindex out of range error.\nAlso fixed this kind of coding style in other for loop.\n[ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48\n[ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]'\n[ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2\n[ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022\n[ 97.937611] Workqueue: events_unbound async_run_entry_fn\n[ 97.937616] Call Trace:\n[ 97.937617] \n[ 97.937619] dump_stack_lvl+0x49/0x63\n[ 97.937624] dump_stack+0x10/0x16\n[ 97.937626] ubsan_epilogue+0x9/0x3f\n[ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[ 97.937629] ? __scm_send+0x348/0x440\n[ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic]\n[ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic]\n[ 97.937644] aq_suspend_common+0x88/0x90 [atlantic]\n[ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic]\n[ 97.937653] pci_pm_suspend+0x7e/0x1a0\n[ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0\n[ 97.937657] dpm_run_callback+0x54/0x190\n[ 97.937660] __device_suspend+0x14c/0x4d0\n[ 97.937661] async_suspend+0x23/0x70\n[ 97.937663] async_run_entry_fn+0x33/0x120\n[ 97.937664] process_one_work+0x21f/0x3f0\n[ 97.937666] worker_thread+0x4a/0x3c0\n[ 97.937668] ? process_one_work+0x3f0/0x3f0\n[ 97.937669] kthread+0xf0/0x120\n[ 97.937671] ? kthread_complete_and_exit+0x20/0x20\n[ 97.937672] ret_from_fork+0x22/0x30\n[ 97.937676] \nv2. fixed \"warning: variable 'aq_vec' set but not used\"\nv3. simplified a for loop", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50066" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21764", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nndisc: use RCU protection in ndisc_alloc_skb()\nndisc_alloc_skb() can be called without RTNL or RCU being held.\nAdd RCU protection to avoid possible UAF.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21764" } ], "release_date": "2025-02-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37803", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64 when calculate pglimit.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37803" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f", "url": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9", "url": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a", "url": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33", "url": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe", "url": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2", "url": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f", "url": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f" } ], "release_date": "2025-05-08T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50106", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn't empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that's based on adding 2 new additional\nstid's sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn't finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50106" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a", "url": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929", "url": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929" } ], "release_date": "2024-11-05T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49238", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nath11k: free peer for station when disconnect from AP for QCA6390/WCN6855\nCommit b4a0f54156ac (\"ath11k: move peer delete after vdev stop of station\nfor QCA6390 and WCN6855\") is to fix firmware crash by changing the WMI\ncommand sequence, but actually skip all the peer delete operation, then\nit lead commit 58595c9874c6 (\"ath11k: Fixing dangling pointer issue upon\npeer delete failure\") not take effect, and then happened a use-after-free\nwarning from KASAN. because the peer->sta is not set to NULL and then used\nlater.\nChange to only skip the WMI_PEER_DELETE_CMDID for QCA6390/WCN6855.\nlog of user-after-free:\n[ 534.888665] BUG: KASAN: use-after-free in ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888696] Read of size 8 at addr ffff8881396bb1b8 by task rtcwake/2860\n[ 534.888705] CPU: 4 PID: 2860 Comm: rtcwake Kdump: loaded Tainted: G W 5.15.0-wt-ath+ #523\n[ 534.888712] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\n[ 534.888716] Call Trace:\n[ 534.888720] \n[ 534.888726] dump_stack_lvl+0x57/0x7d\n[ 534.888736] print_address_description.constprop.0+0x1f/0x170\n[ 534.888745] ? ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888771] kasan_report.cold+0x83/0xdf\n[ 534.888783] ? ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888810] ath11k_dp_rx_update_peer_stats+0x912/0xc10 [ath11k]\n[ 534.888840] ath11k_dp_rx_process_mon_status+0x529/0xa70 [ath11k]\n[ 534.888874] ? ath11k_dp_rx_mon_status_bufs_replenish+0x3f0/0x3f0 [ath11k]\n[ 534.888897] ? check_prev_add+0x20f0/0x20f0\n[ 534.888922] ? __lock_acquire+0xb72/0x1870\n[ 534.888937] ? find_held_lock+0x33/0x110\n[ 534.888954] ath11k_dp_rx_process_mon_rings+0x297/0x520 [ath11k]\n[ 534.888981] ? rcu_read_unlock+0x40/0x40\n[ 534.888990] ? ath11k_dp_rx_pdev_alloc+0xd90/0xd90 [ath11k]\n[ 534.889026] ath11k_dp_service_mon_ring+0x67/0xe0 [ath11k]\n[ 534.889053] ? ath11k_dp_rx_process_mon_rings+0x520/0x520 [ath11k]\n[ 534.889075] call_timer_fn+0x167/0x4a0\n[ 534.889084] ? add_timer_on+0x3b0/0x3b0\n[ 534.889103] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370\n[ 534.889117] __run_timers.part.0+0x539/0x8b0\n[ 534.889123] ? ath11k_dp_rx_process_mon_rings+0x520/0x520 [ath11k]\n[ 534.889157] ? call_timer_fn+0x4a0/0x4a0\n[ 534.889164] ? mark_lock_irq+0x1c30/0x1c30\n[ 534.889173] ? clockevents_program_event+0xdd/0x280\n[ 534.889189] ? mark_held_locks+0xa5/0xe0\n[ 534.889203] run_timer_softirq+0x97/0x180\n[ 534.889213] __do_softirq+0x276/0x86a\n[ 534.889230] __irq_exit_rcu+0x11c/0x180\n[ 534.889238] irq_exit_rcu+0x5/0x20\n[ 534.889244] sysvec_apic_timer_interrupt+0x8e/0xc0\n[ 534.889251] \n[ 534.889254] \n[ 534.889259] asm_sysvec_apic_timer_interrupt+0x12/0x20\n[ 534.889265] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70\n[ 534.889271] Code: 74 24 10 e8 ea c2 bf fd 48 89 ef e8 12 53 c0 fd 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 13 a7 b5 fd 65 8b 05 cc d9 9c 5e 85 c0 74 0a 5b 5d c3 e8 a0 ee\n[ 534.889276] RSP: 0018:ffffc90002e5f880 EFLAGS: 00000206\n[ 534.889284] RAX: 0000000000000006 RBX: 0000000000000200 RCX: ffffffff9f256f10\n[ 534.889289] RDX: 0000000000000000 RSI: ffffffffa1c6e420 RDI: 0000000000000001\n[ 534.889293] RBP: ffff8881095e6200 R08: 0000000000000001 R09: ffffffffa40d2b8f\n[ 534.889298] R10: fffffbfff481a571 R11: 0000000000000001 R12: ffff8881095e6e68\n[ 534.889302] R13: ffffc90002e5f908 R14: 0000000000000246 R15: 0000000000000000\n[ 534.889316] ? mark_lock+0xd0/0x14a0\n[ 534.889332] klist_next+0x1d4/0x450\n[ 534.889340] ? dpm_wait_for_subordinate+0x2d0/0x2d0\n[ 534.889350] device_for_each_child+0xa8/0x140\n[ 534.889360] ? device_remove_class_symlinks+0x1b0/0x1b0\n[ 534.889370] ? __lock_release+0x4bd/0x9f0\n[ 534.889378] ? dpm_suspend+0x26b/0x3f0\n[ 534.889390] dpm_wait_for_subordinate+\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49238" } ], "release_date": "2025-02-26T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64", "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els29.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }