{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "inet: fully convert sk->sk_rx_dst to RCU rules {CVE-2021-47103}\n- ALSA: usb-audio: Fix out of bounds reads when finding clock sources {CVE-2024-53150}\n- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352}\n- can: peak_usb: fix use after free bugs {CVE-2021-47670}\n- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds {CVE-2025-38159}\n- RDMA/rxe: Fix error unwind in rxe_create_qp() {CVE-2022-50127}\n- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200}\n- udp: Fix memory accounting leak. {CVE-2025-22058}\n- ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50083}\n- ext4: correct the misjudgment in ext4_iget_extra_inode {CVE-2022-50083}\n- ext4: correct max_inline_xattr_value_size computing {CVE-2022-50083}\n- ext4: fix use-after-free in ext4_xattr_set_entry {CVE-2022-50083}\n- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h {CVE-2022-50083}\n- Bluetooth: hci_core: Fix use-after-free in vhci_flush() {CVE-2025-38250}\n- net_sched: ets: Fix double list add in class with netem as child qdisc {CVE-2025-38085}\n- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race {CVE-2025-38085}\n- padata: fix UAF in padata_reorder {CVE-2025-21727}\n- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}\n- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-38177}\n- sch_ets: make est_qlen_notify() idempotent {CVE-2025-38177}\n- sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38177}\n- sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177}\n- sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38177}\n- sch_htb: make htb_qlen_notify() idempotent {CVE-2025-38177}\n- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000}\n- mptcp: do not queue data on closed subflows {CVE-2022-50070}\n- mptcp: export mptcp_subflow_active {CVE-2022-50070}\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477}\n- tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211}\n- scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332}\n- crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}\n- ext4: avoid resizing to a partial cluster size {CVE-2022-50020}\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890}\n- net: tipc: fix refcount warning in tipc_aead_encrypt {CVE-2025-38273}\n- ice: xsk: prohibit usage of non-balanced queue id {CVE-2022-50003}\n- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done {CVE-2025-38052}\n- virtio-gpu: fix a missing check to avoid NULL dereference {CVE-2022-50181}\n- usb: xhci_plat_remove: avoid NULL dereference {CVE-2022-50133}\n- ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot {CVE-2022-50015}\n- netfilter: nft_tproxy: restrict to prerouting hook {CVE-2022-50001}\n- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq {CVE-2022-49986}\n- ath11k: fix netdev open race {CVE-2022-50187}",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/advisories/2025/clsa-2025_1757962453.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757962453",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757962453"
}
],
"tracking": {
"current_release_date": "2025-09-15T18:58:11Z",
"generator": {
"date": "2025-09-15T18:58:11Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1757962453",
"initial_release_date": "2025-09-15T18:58:11Z",
"revision_history": [
{
"date": "2025-09-15T18:58:11Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
},
"title": "kernel: Fix of 32 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Community Enterprise Operating System 8.5",
"product": {
"name": "Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5",
"product_identification_helper": {
"cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Community Enterprise Operating System"
}
],
"category": "vendor",
"name": "Red Hat, Inc."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-tools-libs-devel@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-tools-libs@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-modules-internal@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-headers@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-modules@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-tools@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-cross-headers@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-modules-extra@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-devel@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-modules-internal@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/bpftool@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-selftests-internal@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-core@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-devel@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/perf@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug-modules@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/python3-perf@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-ipaclones-internal@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-core@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel-debug@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product": {
"name": "kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_id": "kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/cloudlinux/kernel@4.18.0-348.7.1.el8_5.tuxcare.els31?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "CloudLinux"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64 as a component of Community Enterprise Operating System 8.5",
"product_id": "CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
},
"product_reference": "kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"relates_to_product_reference": "CentOS-8.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38177",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nsch_hfsc: make hfsc_qlen_notify() idempotent\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let's make it idempotent\nto ease qdisc_tree_reduce_backlog() callers' life:\n1. update_vf() decreases cl->cl_nactive, so we can check whether it is\nnon-zero before calling it.\n2. eltree_remove() always removes RB node cl->el_node, but we can use\nRB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38177"
}
],
"release_date": "2025-07-04T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38000",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nsch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()\nWhen enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the\nchild qdisc's peek() operation before incrementing sch->q.qlen and\nsch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may\ntrigger an immediate dequeue and potential packet drop. In such cases,\nqdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog\nhave not yet been updated, leading to inconsistent queue accounting. This\ncan leave an empty HFSC class in the active list, causing further\nconsequences like use-after-free.\nThis patch fixes the bug by moving the increment of sch->q.qlen and\nsch->qstats.backlog before the call to the child qdisc's peek() operation.\nThis ensures that queue length and backlog are always accurate when packet\ndrops or dequeues are triggered during the peek.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38000"
}
],
"release_date": "2025-06-06T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38477",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\nA race condition can occur when 'agg' is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\nThis patch addresses the issue by:\n1. Moved qfq_destroy_class into the critical section.\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38477"
}
],
"release_date": "2025-07-28T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50127",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/rxe: Fix error unwind in rxe_create_qp()\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like the spin locks are not setup until\nrxe_qp_init_req().\nIf an error occures before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\nMove the spinlock initializations earlier before any failures.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50127"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38200",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\nPrevent the integer underflow by changing the type of related variables.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38200"
}
],
"release_date": "2025-07-04T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50083",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\next4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50083"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2021-47103",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: fully convert sk->sk_rx_dst to RCU rules\n\nsyzbot reported various issues around early demux,\none being included in this changelog [1]\n\nsk->sk_rx_dst is using RCU protection without clearly\ndocumenting it.\n\nAnd following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv()\nare not following standard RCU rules.\n\n[a] dst_release(dst);\n[b] sk->sk_rx_dst = NULL;\n\nThey look wrong because a delete operation of RCU protected\npointer is supposed to clear the pointer before\nthe call_rcu()/synchronize_rcu() guarding actual memory freeing.\n\nIn some cases indeed, dst could be freed before [b] is done.\n\nWe could cheat by clearing sk_rx_dst before calling\ndst_release(), but this seems the right time to stick\nto standard RCU annotations and debugging facilities.\n\n[1]\nBUG: KASAN: use-after-free in dst_check include/net/dst.h:470 [inline]\nBUG: KASAN: use-after-free in tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792\nRead of size 2 at addr ffff88807f1cb73a by task syz-executor.5/9204\n\nCPU: 0 PID: 9204 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n dst_check include/net/dst.h:470 [inline]\n tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792\n ip_rcv_finish_core.constprop.0+0x15de/0x1e80 net/ipv4/ip_input.c:340\n ip_list_rcv_finish.constprop.0+0x1b2/0x6e0 net/ipv4/ip_input.c:583\n ip_sublist_rcv net/ipv4/ip_input.c:609 [inline]\n ip_list_rcv+0x34e/0x490 net/ipv4/ip_input.c:644\n __netif_receive_skb_list_ptype net/core/dev.c:5508 [inline]\n __netif_receive_skb_list_core+0x549/0x8e0 net/core/dev.c:5556\n __netif_receive_skb_list net/core/dev.c:5608 [inline]\n netif_receive_skb_list_internal+0x75e/0xd80 net/core/dev.c:5699\n gro_normal_list net/core/dev.c:5853 [inline]\n gro_normal_list net/core/dev.c:5849 [inline]\n napi_complete_done+0x1f1/0x880 net/core/dev.c:6590\n virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline]\n virtnet_poll+0xca2/0x11b0 drivers/net/virtio_net.c:1557\n __napi_poll+0xaf/0x440 net/core/dev.c:7023\n napi_poll net/core/dev.c:7090 [inline]\n net_rx_action+0x801/0xb40 net/core/dev.c:7177\n __do_softirq+0x29b/0x9c2 kernel/softirq.c:558\n invoke_softirq kernel/softirq.c:432 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:649\n common_interrupt+0x52/0xc0 arch/x86/kernel/irq.c:240\n asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629\nRIP: 0033:0x7f5e972bfd57\nCode: 39 d1 73 14 0f 1f 80 00 00 00 00 48 8b 50 f8 48 83 e8 08 48 39 ca 77 f3 48 39 c3 73 3e 48 89 13 48 8b 50 f8 48 89 38 49 8b 0e <48> 8b 3e 48 83 c3 08 48 83 c6 08 eb bc 48 39 d1 72 9e 48 39 d0 73\nRSP: 002b:00007fff8a413210 EFLAGS: 00000283\nRAX: 00007f5e97108990 RBX: 00007f5e97108338 RCX: ffffffff81d3aa45\nRDX: ffffffff81d3aa45 RSI: 00007f5e97108340 RDI: ffffffff81d3aa45\nRBP: 00007f5e97107eb8 R08: 00007f5e97108d88 R09: 0000000093c2e8d9\nR10: 0000000000000000 R11: 0000000000000000 R12: 00007f5e97107eb0\nR13: 00007f5e97108338 R14: 00007f5e97107ea8 R15: 0000000000000019\n \n\nAllocated by task 13:\n kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:46 [inline]\n set_alloc_info mm/kasan/common.c:434 [inline]\n __kasan_slab_alloc+0x90/0xc0 mm/kasan/common.c:467\n kasan_slab_alloc include/linux/kasan.h:259 [inline]\n slab_post_alloc_hook mm/slab.h:519 [inline]\n slab_alloc_node mm/slub.c:3234 [inline]\n slab_alloc mm/slub.c:3242 [inline]\n kmem_cache_alloc+0x202/0x3a0 mm/slub.c:3247\n dst_alloc+0x146/0x1f0 net/core/dst.c:92\n rt_dst_alloc+0x73/0x430 net/ipv4/route.c:1613\n ip_route_input_slow+0x1817/0x3a20 net/ipv4/route.c:234\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-47103"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4",
"url": "https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100",
"url": "https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412",
"url": "https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105",
"url": "https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449",
"url": "https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e",
"url": "https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0",
"url": "https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0"
}
],
"release_date": "2024-03-04T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38352",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won't be\nable to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\nAdd the tsk->exit_state check into run_posix_cpu_timers() to fix this.\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail\nanyway in this case.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38352"
}
],
"release_date": "2025-07-22T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2021-47670",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\ncan: peak_usb: fix use after free bugs\nAfter calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe.\nEspecially, the can_frame cf which aliases skb memory is accessed\nafter the peak_usb_netif_rx_ni().\nReordering the lines solves the issue.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-47670"
}
],
"release_date": "2025-04-17T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50070",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nmptcp: do not queue data on closed subflows\nDipanjan reported a syzbot splat at close time:\nWARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153\ninet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nModules linked in: uio_ivshmem(OE) uio(E)\nCPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE\n5.19.0-rc6-g2eae0556bb9d #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: events mptcp_worker\nRIP: 0010:inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nCode: 21 02 00 00 41 8b 9c 24 28 02 00 00 e9 07 ff ff ff e8 34 4d 91\nf9 89 ee 4c 89 e7 e8 4a 47 60 ff e9 a6 fc ff ff e8 20 4d 91 f9 <0f> 0b\ne9 84 fe ff ff e8 14 4d 91 f9 0f 0b e9 d4 fd ff ff e8 08 4d\nRSP: 0018:ffffc9001b35fa78 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000002879d0 RCX: ffff8881326f3b00\nRDX: 0000000000000000 RSI: ffff8881326f3b00 RDI: 0000000000000002\nRBP: ffff888179662674 R08: ffffffff87e983a0 R09: 0000000000000000\nR10: 0000000000000005 R11: 00000000000004ea R12: ffff888179662400\nR13: ffff888179662428 R14: 0000000000000001 R15: ffff88817e38e258\nFS: 0000000000000000(0000) GS:ffff8881f5f00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020007bc0 CR3: 0000000179592000 CR4: 0000000000150ee0\nCall Trace:\n\n__sk_destruct+0x4f/0x8e0 net/core/sock.c:2067\nsk_destruct+0xbd/0xe0 net/core/sock.c:2112\n__sk_free+0xef/0x3d0 net/core/sock.c:2123\nsk_free+0x78/0xa0 net/core/sock.c:2134\nsock_put include/net/sock.h:1927 [inline]\n__mptcp_close_ssk+0x50f/0x780 net/mptcp/protocol.c:2351\n__mptcp_destroy_sock+0x332/0x760 net/mptcp/protocol.c:2828\nmptcp_worker+0x5d2/0xc90 net/mptcp/protocol.c:2586\nprocess_one_work+0x9cc/0x1650 kernel/workqueue.c:2289\nworker_thread+0x623/0x1070 kernel/workqueue.c:2436\nkthread+0x2e9/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302\n\nThe root cause of the problem is that an mptcp-level (re)transmit can\nrace with mptcp_close() and the packet scheduler checks the subflow\nstate before acquiring the socket lock: we can try to (re)transmit on\nan already closed ssk.\nFix the issue checking again the subflow socket status under the\nsubflow socket lock protection. Additionally add the missing check\nfor the fallback-to-tcp case.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50070"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38464",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\ntipc: Fix use-after-free in tipc_conn_close().\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\ntipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls\ntipc_conn_close() for each tipc_conn.\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast ->kref.\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\nLet's hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n__dump_stack lib/dump_stack.c:77 [inline]\ndump_stack+0x1fc/0x2ef lib/dump_stack.c:118\nprint_address_description.cold+0x54/0x219 mm/kasan/report.c:256\nkasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\nkasan_report mm/kasan/report.c:412 [inline]\n__asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\ntipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\ntipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\ntipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\nops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\ncleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nAllocated by task 23:\nkmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\nkmalloc include/linux/slab.h:515 [inline]\nkzalloc include/linux/slab.h:709 [inline]\ntipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\ntipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nFreed by task 23:\n__cache_free mm/slab.c:3503 [inline]\nkfree+0xcc/0x210 mm/slab.c:3822\ntipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\nkref_put include/linux/kref.h:70 [inline]\nconn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nThe buggy address belongs to the object at ffff888099305a00\nwhich belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\nffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n>ffff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n^\nffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38464"
}
],
"release_date": "2025-07-25T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38211",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id's last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\nBUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\nRead of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\nCPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\nWorkqueue: 0x0 (iw_cm_wq)\nCall Trace:\n\ndump_stack_lvl+0x6a/0x90\nprint_report+0x174/0x554\n? __virt_addr_valid+0x208/0x430\n? __pwq_activate_work+0x1ff/0x250\nkasan_report+0xae/0x170\n? __pwq_activate_work+0x1ff/0x250\n__pwq_activate_work+0x1ff/0x250\npwq_dec_nr_in_flight+0x8c5/0xfb0\nprocess_one_work+0xc11/0x1460\n? __pfx_process_one_work+0x10/0x10\n? assign_work+0x16c/0x240\nworker_thread+0x5ef/0xfd0\n? __pfx_worker_thread+0x10/0x10\nkthread+0x3b0/0x770\n? __pfx_kthread+0x10/0x10\n? rcu_is_watching+0x11/0xb0\n? _raw_spin_unlock_irq+0x24/0x50\n? rcu_is_watching+0x11/0xb0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x30/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nAllocated by task 147416:\nkasan_save_stack+0x2c/0x50\nkasan_save_track+0x10/0x30\n__kasan_kmalloc+0xa6/0xb0\nalloc_work_entries+0xa9/0x260 [iw_cm]\niw_cm_connect+0x23/0x4a0 [iw_cm]\nrdma_connect_locked+0xbfd/0x1920 [rdma_cm]\nnvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\ncma_cm_event_handler+0xae/0x320 [rdma_cm]\ncma_work_handler+0x106/0x1b0 [rdma_cm]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nFreed by task 147091:\nkasan_save_stack+0x2c/0x50\nkasan_save_track+0x10/0x30\nkasan_save_free_info+0x37/0x60\n__kasan_slab_free+0x4b/0x70\nkfree+0x13a/0x4b0\ndealloc_work_entries+0x125/0x1f0 [iw_cm]\niwcm_deref_id+0x6f/0xa0 [iw_cm]\ncm_work_handler+0x136/0x1ba0 [iw_cm]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nLast potentially related work creation:\nkasan_save_stack+0x2c/0x50\nkasan_record_aux_stack+0xa3/0xb0\n__queue_work+0x2ff/0x1390\nqueue_work_on+0x67/0xc0\ncm_event_handler+0x46a/0x820 [iw_cm]\nsiw_cm_upcall+0x330/0x650 [siw]\nsiw_cm_work_handler+0x6b9/0x2b20 [siw]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38211"
}
],
"release_date": "2025-07-04T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38273",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: tipc: fix refcount warning in tipc_aead_encrypt\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38273"
}
],
"release_date": "2025-07-10T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-38350",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: Always pass notifications when child class becomes empty\nCertain classful qdiscs may invoke their classes' dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent's parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\ntc qdisc add dev lo root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo parent 1: classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\ntc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\ntc qdisc add dev lo parent 2:1 handle 3: netem\ntc qdisc add dev lo parent 3:1 handle 4: blackhole\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\ntc class delete dev lo classid 1:1\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38350"
}
],
"release_date": "2025-07-19T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38332",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: lpfc: Use memcpy() for BIOS version\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38332"
}
],
"release_date": "2025-07-10T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38085",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don't see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38085"
}
],
"release_date": "2025-06-28T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-37890",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\nAs described in Gerrard's report [1], we have a UAF case when an hfsc class\nhas a netem child qdisc. The crux of the issue is that hfsc is assuming\nthat checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted\nthe class in the vttree or eltree (which is not true for the netem\nduplicate case).\nThis patch checks the n_active class variable to make sure that the code\nwon't insert the class in the vttree or eltree twice, catering for the\nreentrant case.\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-37890"
}
],
"release_date": "2025-05-16T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50020",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\next4: avoid resizing to a partial cluster size\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary. An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50020"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38052",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\nSyzbot reported a slab-use-after-free with the following call trace:\n==================================================================\nBUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\nRead of size 8 at addr ffff88807a733000 by task kworker/1:0/25\nCall Trace:\nkasan_report+0xd9/0x110 mm/kasan/report.c:601\ntipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\ncrypto_request_complete include/crypto/algapi.h:266\naead_request_complete include/crypto/internal/aead.h:85\ncryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\ncrypto_request_complete include/crypto/algapi.h:266\ncryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\nprocess_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\nAllocated by task 8355:\nkzalloc_noprof include/linux/slab.h:778\ntipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\ntipc_init_net+0x2dd/0x430 net/tipc/core.c:72\nops_init+0xb9/0x650 net/core/net_namespace.c:139\nsetup_net+0x435/0xb40 net/core/net_namespace.c:343\ncopy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\ncreate_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\nunshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\nksys_unshare+0x419/0x970 kernel/fork.c:3323\n__do_sys_unshare kernel/fork.c:3394\nFreed by task 63:\nkfree+0x12a/0x3b0 mm/slub.c:4557\ntipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\ntipc_exit_net+0x8c/0x110 net/tipc/core.c:119\nops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\ncleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\nprocess_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\nI reproduce this issue by:\nip netns add ns1\nip link add veth1 type veth peer name veth2\nip link set veth1 netns ns1\nip netns exec ns1 tipc bearer enable media eth dev veth1\nip netns exec ns1 tipc node set key this_is_a_master_key master\nip netns exec ns1 tipc bearer disable media eth dev veth1\nip netns del ns1\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\ntipc_disc_timeout\ntipc_bearer_xmit_skb\ntipc_crypto_xmit\ntipc_aead_encrypt\ncrypto_aead_encrypt\n// encrypt()\nsimd_aead_encrypt\n// crypto_simd_usable() is false\nchild = &ctx->cryptd_tfm->base;\nsimd_aead_encrypt\ncrypto_aead_encrypt\n// encrypt()\ncryptd_aead_encrypt_enqueue\ncryptd_aead_enqueue\ncryptd_enqueue_request\n// trigger cryptd_queue_worker\nqueue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work)\nFix this by holding net reference count before encrypt.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38052"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50181",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nvirtio-gpu: fix a missing check to avoid NULL dereference\n'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()\nand it will lead to a NULL dereference by a lately use of it\n(i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check.\n[ kraxel: minor codestyle fixup ]",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50181"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50187",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nath11k: fix netdev open race\nMake sure to allocate resources needed before registering the device.\nThis specifically avoids having a racing open() trigger a BUG_ON() in\nmod_timer() when ath11k_mac_op_start() is called before the\nmon_reap_timer as been set up.\nI did not see this issue with next-20220310, but I hit it on every probe\nwith next-20220511. Perhaps some timing changed in between.\nHere's the backtrace:\n[ 51.346947] kernel BUG at kernel/time/timer.c:990!\n[ 51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n...\n[ 51.578225] Call trace:\n[ 51.583293] __mod_timer+0x298/0x390\n[ 51.589518] mod_timer+0x14/0x20\n[ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k]\n[ 51.603165] drv_start+0x38/0x60 [mac80211]\n[ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211]\n[ 51.617945] ieee80211_open+0x60/0xb0 [mac80211]\n[ 51.625311] __dev_open+0x100/0x1c0\n[ 51.631420] __dev_change_flags+0x194/0x210\n[ 51.638214] dev_change_flags+0x24/0x70\n[ 51.644646] do_setlink+0x228/0xdb0\n[ 51.650723] __rtnl_newlink+0x460/0x830\n[ 51.657162] rtnl_newlink+0x4c/0x80\n[ 51.663229] rtnetlink_rcv_msg+0x124/0x390\n[ 51.669917] netlink_rcv_skb+0x58/0x130\n[ 51.676314] rtnetlink_rcv+0x18/0x30\n[ 51.682460] netlink_unicast+0x250/0x310\n[ 51.688960] netlink_sendmsg+0x19c/0x3e0\n[ 51.695458] ____sys_sendmsg+0x220/0x290\n[ 51.701938] ___sys_sendmsg+0x7c/0xc0\n[ 51.708148] __sys_sendmsg+0x68/0xd0\n[ 51.714254] __arm64_sys_sendmsg+0x28/0x40\n[ 51.720900] invoke_syscall+0x48/0x120\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50187"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-53150",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out of bounds reads when finding clock sources\n\nThe current USB-audio driver code doesn't check bLength of each\ndescriptor at traversing for clock descriptors. That is, when a\ndevice provides a bogus descriptor with a shorter bLength, the driver\nmight hit out-of-bounds reads.\n\nFor addressing it, this patch adds sanity checks to the validator\nfunctions for the clock descriptor traversal. When the descriptor\nlength is shorter than expected, it's skipped in the loop.\n\nFor the clock source and clock multiplier descriptors, we can just\ncheck bLength against the sizeof() of each descriptor type.\nOTOH, the clock selector descriptor of UAC2 and UAC3 has an array\nof bNrInPins elements and two more fields at its tail, hence those\nhave to be checked in addition to the sizeof() check.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-53150"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2f",
"url": "https://git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896b",
"url": "https://git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77",
"url": "https://git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab108f6a6",
"url": "https://git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab108f6a6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd",
"url": "https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9",
"url": "https://git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9",
"url": "https://git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11d",
"url": "https://git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11d"
}
],
"release_date": "2024-12-24T12:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38250",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev->dev->driver_data.\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\nWe can use SRCU for such synchronisation.\nLet's run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\nAnother option would be to restore hci_dev->destruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n\ndump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xd2/0x2b0 mm/kasan/report.c:521\nkasan_report+0x118/0x150 mm/kasan/report.c:634\nskb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nskb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nskb_queue_purge include/linux/skbuff.h:3368 [inline]\nvhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\nhci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\nhci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\nsock_do_ioctl+0xd9/0x300 net/socket.c:1190\nsock_ioctl+0x576/0x790 net/socket.c:1311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n\nAllocated by task 6535:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x3e/0x80 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\nkmalloc_noprof include/linux/slab.h:905 [inline]\nkzalloc_noprof include/linux/slab.h:1039 [inline]\nvhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\nmisc_open+0x2bc/0x330 drivers/char/misc.c:161\nchrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\ndo_dentry_open+0xdf0/0x1970 fs/open.c:964\nvfs_open+0x3b/0x340 fs/open.c:1094\ndo_open fs/namei.c:3887 [inline]\npath_openat+0x2ee5/0x3830 fs/name\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38250"
}
],
"release_date": "2025-07-09T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21727",
"cwe": {
"id": "CWE-820",
"name": "Missing Synchronization"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\npadata: fix UAF in padata_reorder\nA bug was found when run ltp test:\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\nIf 'mdelay(10)' is added before calling 'padata_find_next' in the\n'padata_reorder' function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\nThis can be explained as bellow:\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(&pd->refcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_workercrypto_del_alg\npadata_put_pd_cnt // sub refcnt\npadata_free_shell\npadata_put_pd(ps->pd);\n// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\nIn the padata_reorder function, when it loops in 'while', if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n'padata_find_next', which leads to UAF.\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in 'padata_free_shell' wait for all _do_serial calls\nto finish.\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21727"
}
],
"release_date": "2025-02-27T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-22058",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nudp: Fix memory accounting leak.\nMatt Dowling reported a weird UDP memory usage issue.\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero. However, it occasionally spiked to 524,288 pages\nand never dropped. Moreover, the value doubled when the application was\nterminated. Finally, it caused intermittent packet drops.\nWe can reproduce the issue with the script below [0]:\n1. /proc/net/sockstat reports 0 pages\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 1 mem 0\n2. Run the script till the report reaches 524,288\n# python3 test.py & sleep 5\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT\n3. Kill the socket and confirm the number never drops\n# pkill python3 && sleep 5\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 1 mem 524288\n4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n# python3 test.py & sleep 1 && pkill python3\n5. The number doubles\n# cat /proc/net/sockstat | grep UDP:\nUDP: inuse 1 mem 1048577\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb->truesize in the queue. This total is calculated\nand stored in a local unsigned integer variable.\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting. However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\nThen, the released amount is calculated as follows:\n1) Add size to sk->sk_forward_alloc.\n2) Round down sk->sk_forward_alloc to the nearest lower multiple of\nPAGE_SIZE and assign it to amount.\n3) Subtract amount from sk->sk_forward_alloc.\n4) Pass amount >> PAGE_SHIFT to __sk_mem_reduce_allocated().\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\nAt 1) sk->sk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount. 3) reverts the wraparound, so we don't\nsee a warning in inet_sock_destruct(). However, udp_memory_allocated\nends up doubling at 4).\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\nThis issue makes further memory allocation fail once the socket's\nsk->sk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\nTo prevent this issue, let's use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\nNote that first_packet_length() also potentially has the same problem.\n[0]:\nfrom socket import *\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind(('', 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\ndata = b'a' * 100\nwhile True:\nc.send(data)",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-22058"
}
],
"release_date": "2025-04-16T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38079",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: algif_hash - fix double free in hash_accept\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38079"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-38159",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds\nSet the size to 6 instead of 2, since 'para' array is passed to\n'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads\n5 bytes:\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n...\nSET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\nSET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n...\nSET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\nDetected using the static analysis tool - Svace.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-38159"
}
],
"release_date": "2025-07-03T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50003",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nice: xsk: prohibit usage of non-balanced queue id\nFix the following scenario:\n1. ethtool -L $IFACE rx 8 tx 96\n2. xdpsock -q 10 -t -z\nAbove refers to a case where user would like to attach XSK socket in\ntxonly mode at a queue id that does not have a corresponding Rx queue.\nAt this moment ice's XSK logic is tightly bound to act on a \"queue pair\",\ne.g. both Tx and Rx queues at a given queue id are disabled/enabled and\nboth of them will get XSK pool assigned, which is broken for the presented\nqueue configuration. This results in the splat included at the bottom,\nwhich is basically an OOB access to Rx ring array.\nTo fix this, allow using the ids only in scope of \"combined\" queues\nreported by ethtool. However, logic should be rewritten to allow such\nconfigurations later on, which would end up as a complete rewrite of the\ncontrol path, so let us go with this temporary fix.\n[420160.558008] BUG: kernel NULL pointer dereference, address: 0000000000000082\n[420160.566359] #PF: supervisor read access in kernel mode\n[420160.572657] #PF: error_code(0x0000) - not-present page\n[420160.579002] PGD 0 P4D 0\n[420160.582756] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[420160.588396] CPU: 10 PID: 21232 Comm: xdpsock Tainted: G OE 5.19.0-rc7+ #10\n[420160.597893] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[420160.609894] RIP: 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice]\n[420160.616968] Code: f3 48 83 ec 40 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00 48 8d 72 ff 48 85\n[420160.639421] RSP: 0018:ffffc9002d2afd48 EFLAGS: 00010282\n[420160.646650] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX: ffff888112c14ff8\n[420160.655893] RDX: 0000000000000000 RSI: ffff88811d8bdd00 RDI: ffff888109861000\n[420160.665166] RBP: 000000000000000a R08: 000000000000000a R09: 0000000000000000\n[420160.674493] R10: 000000000000889f R11: 0000000000000000 R12: 000000000000000a\n[420160.683833] R13: 000000000000000a R14: 0000000000000000 R15: ffff888117611828\n[420160.693211] FS: 00007fa869fc1f80(0000) GS:ffff8897e0880000(0000) knlGS:0000000000000000\n[420160.703645] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[420160.711783] CR2: 0000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0\n[420160.721399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[420160.731045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[420160.740707] PKRU: 55555554\n[420160.745960] Call Trace:\n[420160.750962] \n[420160.755597] ? kmalloc_large_node+0x79/0x90\n[420160.762703] ? __kmalloc_node+0x3f5/0x4b0\n[420160.769341] xp_assign_dev+0xfd/0x210\n[420160.775661] ? shmem_file_read_iter+0x29a/0x420\n[420160.782896] xsk_bind+0x152/0x490\n[420160.788943] __sys_bind+0xd0/0x100\n[420160.795097] ? exit_to_user_mode_prepare+0x20/0x120\n[420160.802801] __x64_sys_bind+0x16/0x20\n[420160.809298] do_syscall_64+0x38/0x90\n[420160.815741] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[420160.823731] RIP: 0033:0x7fa86a0dd2fb\n[420160.830264] Code: c3 66 0f 1f 44 00 00 48 8b 15 69 8b 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 8b 0c 00 f7 d8 64 89 01 48\n[420160.855410] RSP: 002b:00007ffc1146f618 EFLAGS: 00000246 ORIG_RAX: 0000000000000031\n[420160.866366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa86a0dd2fb\n[420160.876957] RDX: 0000000000000010 RSI: 00007ffc1146f680 RDI: 0000000000000003\n[420160.887604] RBP: 000055d7113a0520 R08: 00007fa868fb8000 R09: 0000000080000000\n[420160.898293] R10: 0000000000008001 R11: 0000000000000246 R12: 000055d7113a04e0\n[420160.909038] R13: 000055d7113a0320 R14: 000000000000000a R15: 0000000000000000\n[420160.919817] \n[420160.925659] Modules linked in: ice(OE) af_packet binfmt_misc\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50003"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50133",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: xhci_plat_remove: avoid NULL dereference\nSince commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a (\"usb: host:\nxhci-plat: omit shared hcd if either root hub has no ports\")\nxhci->shared_hcd can be NULL, which causes the following Oops\non reboot:\n[ 710.124450] systemd-shutdown[1]: Rebooting.\n[ 710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4\n[ 710.304217] usb usb3: USB disconnect, device number 1\n[ 710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered\n[ 710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1\n[ 710.328401] usb usb2: USB disconnect, device number 1\n[ 710.333515] usb 2-3: USB disconnect, device number 2\n[ 710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered\n[ 710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8\n[ 710.484425] Mem abort info:\n[ 710.487265] ESR = 0x0000000096000004\n[ 710.491060] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 710.496427] SET = 0, FnV = 0\n[ 710.499525] EA = 0, S1PTW = 0\n[ 710.502716] FSC = 0x04: level 0 translation fault\n[ 710.507648] Data abort info:\n[ 710.510577] ISV = 0, ISS = 0x00000004\n[ 710.514462] CM = 0, WnR = 0\n[ 710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000\n[ 710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000\n[ 710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6\n[ 710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1\n[ 710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022\n[ 710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 710.597949] pc : usb_remove_hcd+0x34/0x1e4\n[ 710.602067] lr : xhci_plat_remove+0x74/0x140\n[ 710.606351] sp : ffff800009f3b7c0\n[ 710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000\n[ 710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000\n[ 710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800\n[ 710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff\n[ 710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c\n[ 710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0\n[ 710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4\n[ 710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001\n[ 710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000\n[ 710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000\n[ 710.681251] Call trace:\n[ 710.683704] usb_remove_hcd+0x34/0x1e4\n[ 710.687467] xhci_plat_remove+0x74/0x140\n[ 710.691400] platform_remove+0x34/0x70\n[ 710.695165] device_remove+0x54/0x90\n[ 710.698753] device_release_driver_internal+0x200/0x270\n[ 710.703992] device_release_driver+0x24/0x30\n[ 710.708273] bus_remove_device+0xe0/0x16c\n[ 710.712293] device_del+0x178/0x390\n[ 710.715797] platform_device_del.part.0+0x24/0x90\n[ 710.720514] platform_device_unregister+0x30/0x50\n[ 710.725232] dwc3_host_exit+0x20/0x30\n[ 710.728907] dwc3_remove+0x174/0x1b0\n[ 710.732494] platform_remove+0x34/0x70\n[ 710.736254] device_remove+0x54/0x90\n[ 710.739840] device_release_driver_internal+0x200/0x270\n[ 710.745078] device_release_driver+0x24/0x30\n[ 710.749359] bus_remove_device+0xe0/0x16c\n[ 710.753380] device_del+0x178/0x390\n[ 710.756881] platform_device_del.part\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50133"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50015",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50015"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-50001",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nft_tproxy: restrict to prerouting hook\nTPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.\nThis fixes a crash (null dereference) when using tproxy from e.g. output.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-50001"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2022-49986",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq\nstorvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it\ndoesn't need to make forward progress under memory pressure. Marking this\nworkqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a\nnon-WQ_MEM_RECLAIM workqueue. In the current state it causes the following\nwarning:\n[ 14.506347] ------------[ cut here ]------------\n[ 14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn\n[ 14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130\n[ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu\n[ 14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[ 14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun\n[ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130\n<-snip->\n[ 14.506408] Call Trace:\n[ 14.506412] __flush_work+0xf1/0x1c0\n[ 14.506414] __cancel_work_timer+0x12f/0x1b0\n[ 14.506417] ? kernfs_put+0xf0/0x190\n[ 14.506418] cancel_delayed_work_sync+0x13/0x20\n[ 14.506420] disk_block_events+0x78/0x80\n[ 14.506421] del_gendisk+0x3d/0x2f0\n[ 14.506423] sr_remove+0x28/0x70\n[ 14.506427] device_release_driver_internal+0xef/0x1c0\n[ 14.506428] device_release_driver+0x12/0x20\n[ 14.506429] bus_remove_device+0xe1/0x150\n[ 14.506431] device_del+0x167/0x380\n[ 14.506432] __scsi_remove_device+0x11d/0x150\n[ 14.506433] scsi_remove_device+0x26/0x40\n[ 14.506434] storvsc_remove_lun+0x40/0x60\n[ 14.506436] process_one_work+0x209/0x400\n[ 14.506437] worker_thread+0x34/0x400\n[ 14.506439] kthread+0x121/0x140\n[ 14.506440] ? process_one_work+0x400/0x400\n[ 14.506441] ? kthread_park+0x90/0x90\n[ 14.506443] ret_from_fork+0x35/0x40\n[ 14.506445] ---[ end trace 2d9633159fdc6ee7 ]---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49986"
}
],
"release_date": "2025-06-18T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CentOS-8.5:kernel-tools-libs-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-libs-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-tools-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-cross-headers-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-extra-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-modules-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:bpftool-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-selftests-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-devel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-modules-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:python3-perf-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-ipaclones-internal-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-core-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-debug-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64",
"CentOS-8.5:kernel-0:4.18.0-348.7.1.el8_5.tuxcare.els31.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
}
]
}