{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "ext4: fix OOB read when checking dotdot dir {CVE-2025-37785}\n- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993}\n- media: uvcvideo: Fix double free in error path {CVE-2024-57980}\n- jffs2: Prevent rtime decompress memory corruption {CVE-2024-57850}\n- wifi: iwlegacy: Clear stale interrupts before resuming device {CVE-2024-50234}\n- udf: fix uninit-value use in udf_get_fileshortad {CVE-2024-50143}\n- wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads {CVE-2022-49740}\n- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() {CVE-2021-47636}\n- kvm: avoid speculation-based attacks from out-of-range memslot accesses {CVE-2021-47277}\n- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() {CVE-2021-47219}\n- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() {CVE-2022-48702}\n- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux6els/advisories/2025/clsa-2025_1748365686.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1748365686", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1748365686" } ], "tracking": { "current_release_date": "2025-05-27T17:10:12Z", "generator": { "date": "2025-05-27T17:10:12Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1748365686", "initial_release_date": "2025-05-27T17:10:12Z", "revision_history": [ { "date": "2025-05-27T17:10:12Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 12 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 6", "product": { "name": "Oracle Linux 6", "product_id": "Oracle-Linux-6", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_id": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python-perf@2.6.32-754.35.8.el6.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_id": "perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/perf@2.6.32-754.35.8.el6.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_id": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug@2.6.32-754.35.8.el6.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_id": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel@2.6.32-754.35.8.el6.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_id": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@2.6.32-754.35.8.el6.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_id": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@2.6.32-754.35.8.el6.tuxcare.els22?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "product": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "product_id": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-abi-whitelists@2.6.32-754.35.8.el6.tuxcare.els22?arch=noarch" } } }, { "category": "product_version", "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "product": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "product_id": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-doc@2.6.32-754.35.8.el6.tuxcare.els22?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els22?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" }, "product_reference": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" }, "product_reference": "perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch" }, "product_reference": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" }, "product_reference": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" }, "product_reference": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" }, "product_reference": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch" }, "product_reference": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" }, "product_reference": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "relates_to_product_reference": "Oracle-Linux-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-47636", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()\n\nFunction ubifs_wbuf_write_nolock() may access buf out of bounds in\nfollowing process:\n\nubifs_wbuf_write_nolock():\n aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096\n if (aligned_len <= wbuf->avail) ... // Not satisfy\n if (wbuf->used) {\n ubifs_leb_write() // Fill some data in avail wbuf\n len -= wbuf->avail; // len is still not 8-bytes aligned\n aligned_len -= wbuf->avail;\n }\n n = aligned_len >> c->max_write_shift;\n if (n) {\n n <<= c->max_write_shift;\n err = ubifs_leb_write(c, wbuf->lnum, buf + written,\n wbuf->offs, n);\n // n > len, read out of bounds less than 8(n-len) bytes\n }\n\n, which can be catched by KASAN:\n =========================================================\n BUG: KASAN: slab-out-of-bounds in ecc_sw_hamming_calculate+0x1dc/0x7d0\n Read of size 4 at addr ffff888105594ff8 by task kworker/u8:4/128\n Workqueue: writeback wb_workfn (flush-ubifs_0_0)\n Call Trace:\n kasan_report.cold+0x81/0x165\n nand_write_page_swecc+0xa9/0x160\n ubifs_leb_write+0xf2/0x1b0 [ubifs]\n ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs]\n write_head+0xdc/0x1c0 [ubifs]\n ubifs_jnl_write_inode+0x627/0x960 [ubifs]\n wb_workfn+0x8af/0xb80\n\nFunction ubifs_wbuf_write_nolock() accepts that parameter 'len' is not 8\nbytes aligned, the 'len' represents the true length of buf (which is\nallocated in 'ubifs_jnl_xxx', eg. ubifs_jnl_write_inode), so\nubifs_wbuf_write_nolock() must handle the length read from 'buf' carefully\nto write leb safely.\n\nFetch a reproducer in [Link].", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47636" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07a209fadee7b53b46858538e1177597273862e4", "url": "https://git.kernel.org/stable/c/07a209fadee7b53b46858538e1177597273862e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b7fb89135a20587d57f8877c02e25003e9edbdf", "url": "https://git.kernel.org/stable/c/3b7fb89135a20587d57f8877c02e25003e9edbdf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4f2262a334641e05f645364d5ade1f565c85f20b", "url": "https://git.kernel.org/stable/c/4f2262a334641e05f645364d5ade1f565c85f20b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5343575aa11c5d7044107d59d43f84aec01312b0", "url": "https://git.kernel.org/stable/c/5343575aa11c5d7044107d59d43f84aec01312b0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a7054aaf1909cf40489c0ec1b728fdcf79c751a6", "url": "https://git.kernel.org/stable/c/a7054aaf1909cf40489c0ec1b728fdcf79c751a6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b80ccbec0e4804436c382d7dd60e943c386ed83a", "url": "https://git.kernel.org/stable/c/b80ccbec0e4804436c382d7dd60e943c386ed83a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e09fa5318d51f522e1af4fbaf8f74999355980c8", "url": "https://git.kernel.org/stable/c/e09fa5318d51f522e1af4fbaf8f74999355980c8" } ], "release_date": "2025-02-26T06:37:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-57980", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev->status pointer but doesn't reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev->status pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda ", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-57980" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277", "url": "https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49", "url": "https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c", "url": "https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d", "url": "https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac", "url": "https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22", "url": "https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d6e5ba2516c5bef87c1fcb8189b6f3cad7c64b2d", "url": "https://git.kernel.org/stable/c/d6e5ba2516c5bef87c1fcb8189b6f3cad7c64b2d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4", "url": "https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4" } ], "release_date": "2025-02-27T02:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-57850", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Prevent rtime decompress memory corruption\n\nThe rtime decompression routine does not fully check bounds during the\nentirety of the decompression pass and can corrupt memory outside the\ndecompression buffer if the compressed data is corrupted. This adds the\nrequired check to prevent this failure mode.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-57850" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5", "url": "https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0", "url": "https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1", "url": "https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5eb", "url": "https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5eb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716", "url": "https://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332", "url": "https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffe", "url": "https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffe" } ], "release_date": "2025-01-11T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50143", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: fix uninit-value use in udf_get_fileshortad\n\nCheck for overflow when computing alen in udf_current_aext to mitigate\nlater uninit-value use in udf_get_fileshortad KMSAN bug[1].\nAfter applying the patch reproducer did not trigger any issue[2].\n\n[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df\n[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50143" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8", "url": "https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1", "url": "https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2", "url": "https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61", "url": "https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b", "url": "https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7", "url": "https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d", "url": "https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d" } ], "release_date": "2024-11-07T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50234", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: Clear stale interrupts before resuming device\n\niwl4965 fails upon resume from hibernation on my laptop. The reason\nseems to be a stale interrupt which isn't being cleared out before\ninterrupts are enabled. We end up with a race beween the resume\ntrying to bring things back up, and the restart work (queued form\nthe interrupt handler) trying to bring things down. Eventually\nthe whole thing blows up.\n\nFix the problem by clearing out any stale interrupts before\ninterrupts get enabled during resume.\n\nHere's a debug log of the indicent:\n[ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000\n[ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000\n[ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.\n[ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload\n[ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282\n[ 12.052207] ieee80211 phy0: il4965_mac_start enter\n[ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff\n[ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready\n[ 12.052324] ieee80211 phy0: il_apm_init Init card's basic functions\n[ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S\n[ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm\n[ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm\n[ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK\n[ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations\n[ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up\n[ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.\n[ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down\n[ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout\n[ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort\n[ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver\n[ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared\n[ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state\n[ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master\n[ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.\n[ 12.058869] ieee80211 phy0: Hardware restart was requested\n[ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.\n[ 16.132303] ------------[ cut here ]------------\n[ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n[ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev\n[ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143\n[ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010\n[ 16.132463] Workqueue: async async_run_entry_fn\n[ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132501] Code: da 02 00 0\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50234" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07c90acb071b9954e1fecb1e4f4f13d12c544b34", "url": "https://git.kernel.org/stable/c/07c90acb071b9954e1fecb1e4f4f13d12c544b34" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/23f9cef17ee315777dbe88d5c11ff6166e4d0699", "url": "https://git.kernel.org/stable/c/23f9cef17ee315777dbe88d5c11ff6166e4d0699" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/271d282ecc15d7012e71ca82c89a6c0e13a063dd", "url": "https://git.kernel.org/stable/c/271d282ecc15d7012e71ca82c89a6c0e13a063dd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8ac22fe1e2b104c37e4fecd97735f64bd6349ebc", "url": "https://git.kernel.org/stable/c/8ac22fe1e2b104c37e4fecd97735f64bd6349ebc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8af8294d369a871cdbcdbb4d13b87d2d6e490a1f", "url": "https://git.kernel.org/stable/c/8af8294d369a871cdbcdbb4d13b87d2d6e490a1f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9d89941e51259c2b0b8e9c10c6f1f74200d7444f", "url": "https://git.kernel.org/stable/c/9d89941e51259c2b0b8e9c10c6f1f74200d7444f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cedf0f1db8d5f3524339c2c6e35a8505b0f1ab73", "url": "https://git.kernel.org/stable/c/cedf0f1db8d5f3524339c2c6e35a8505b0f1ab73" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d0231f43df473e2f80372d0ca150eb3619932ef9", "url": "https://git.kernel.org/stable/c/d0231f43df473e2f80372d0ca150eb3619932ef9" } ], "release_date": "2024-11-09T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47219", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()\n\nThe following issue was observed running syzkaller:\n\nBUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline]\nBUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\nRead of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815\n\nCPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xe4/0x14a lib/dump_stack.c:118\n print_address_description+0x73/0x280 mm/kasan/report.c:253\n kasan_report_error mm/kasan/report.c:352 [inline]\n kasan_report+0x272/0x370 mm/kasan/report.c:410\n memcpy+0x1f/0x50 mm/kasan/kasan.c:302\n memcpy include/linux/string.h:377 [inline]\n sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\n fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021\n resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772\n schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429\n scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835\n scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896\n scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034\n __blk_run_queue_uncond block/blk-core.c:464 [inline]\n __blk_run_queue+0x1a4/0x380 block/blk-core.c:484\n blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78\n sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847\n sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716\n sg_write+0x64/0xa0 drivers/scsi/sg.c:622\n __vfs_write+0xed/0x690 fs/read_write.c:485\nkill_bdev:block_device:00000000e138492c\n vfs_write+0x184/0x4c0 fs/read_write.c:549\n ksys_write+0x107/0x240 fs/read_write.c:599\n do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293\n entry_SYSCALL_64_after_hwframe+0x49/0xbe\n\nWe get 'alen' from command its type is int. If userspace passes a large\nlength we will get a negative 'alen'.\n\nSwitch n, alen, and rlen to u32.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47219" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/66523553fa62c7878fc5441dc4e82be71934eb77", "url": "https://git.kernel.org/stable/c/66523553fa62c7878fc5441dc4e82be71934eb77" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8440377e1a5644779b4c8d013aa2a917f5fc83c3", "url": "https://git.kernel.org/stable/c/8440377e1a5644779b4c8d013aa2a917f5fc83c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f347c26836c270199de1599c3cd466bb7747caa9", "url": "https://git.kernel.org/stable/c/f347c26836c270199de1599c3cd466bb7747caa9" } ], "release_date": "2024-04-10T19:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-48702", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()\n\nThe voice allocator sometimes begins allocating from near the end of the\narray and then wraps around, however snd_emu10k1_pcm_channel_alloc()\naccesses the newly allocated voices as if it never wrapped around.\n\nThis results in out of bounds access if the first voice has a high enough\nindex so that first_voice + requested_voice_count > NUM_G (64).\nThe more voices are requested, the more likely it is for this to occur.\n\nThis was initially discovered using PipeWire, however it can be reproduced\nby calling aplay multiple times with 16 channels:\naplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero\n\nUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40\nindex 65 is out of range for type 'snd_emu10k1_voice [64]'\nCPU: 1 PID: 31977 Comm: aplay Tainted: G W IOE 6.0.0-rc2-emu10k1+ #7\nHardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 07/22/2010\nCall Trace:\n\ndump_stack_lvl+0x49/0x63\ndump_stack+0x10/0x16\nubsan_epilogue+0x9/0x3f\n__ubsan_handle_out_of_bounds.cold+0x44/0x49\nsnd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]\nsnd_pcm_hw_params+0x29f/0x600 [snd_pcm]\nsnd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]\n? exit_to_user_mode_prepare+0x35/0x170\n? do_syscall_64+0x69/0x90\n? syscall_exit_to_user_mode+0x26/0x50\n? do_syscall_64+0x69/0x90\n? exit_to_user_mode_prepare+0x35/0x170\nsnd_pcm_ioctl+0x27/0x40 [snd_pcm]\n__x64_sys_ioctl+0x95/0xd0\ndo_syscall_64+0x5c/0x90\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48702" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c", "url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178", "url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2", "url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1", "url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa", "url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275", "url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7", "url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f", "url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f" } ], "release_date": "2024-05-03T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-48701", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()\n\nThere may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and\nthe number of it's interfaces less than 4, an out-of-bounds read bug occurs\nwhen parsing the interface descriptor for this device.\n\nFix this by checking the number of interfaces.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48701" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712", "url": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936", "url": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf", "url": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0", "url": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251", "url": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd", "url": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061", "url": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf", "url": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf" } ], "release_date": "2024-05-03T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21993", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21993" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5", "url": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d", "url": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c", "url": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70", "url": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb", "url": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f", "url": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab", "url": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940", "url": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940" } ], "release_date": "2025-04-02T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49740", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads\n\nThis patch fixes slab-out-of-bounds reads in brcmfmac that occur in\nbrcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count\nvalue of channel specifications provided by the device is greater than\nthe length of 'list->element[]', decided by the size of the 'list'\nallocated with kzalloc(). The patch adds checks that make the functions\nfree the buffer and return -EINVAL if that is the case. Note that the\nnegative return is handled by the caller, brcmf_setup_wiphybands() or\nbrcmf_cfg80211_attach().\n\nFound by a modified version of syzkaller.\n\nCrash Report from brcmf_construct_chaninfo():\n==================================================================\nBUG: KASAN: slab-out-of-bounds in brcmf_setup_wiphybands+0x1238/0x1430\nRead of size 4 at addr ffff888115f24600 by task kworker/0:2/1896\n\nCPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G W O 5.14.0+ #132\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n dump_stack_lvl+0x57/0x7d\n print_address_description.constprop.0.cold+0x93/0x334\n kasan_report.cold+0x83/0xdf\n brcmf_setup_wiphybands+0x1238/0x1430\n brcmf_cfg80211_attach+0x2118/0x3fd0\n brcmf_attach+0x389/0xd40\n brcmf_usb_probe+0x12de/0x1690\n usb_probe_interface+0x25f/0x710\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_set_configuration+0x984/0x1770\n usb_generic_driver_probe+0x69/0x90\n usb_probe_device+0x9c/0x220\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_new_device.cold+0x463/0xf66\n hub_event+0x10d5/0x3330\n process_one_work+0x873/0x13e0\n worker_thread+0x8b/0xd10\n kthread+0x379/0x450\n ret_from_fork+0x1f/0x30\n\nAllocated by task 1896:\n kasan_save_stack+0x1b/0x40\n __kasan_kmalloc+0x7c/0x90\n kmem_cache_alloc_trace+0x19e/0x330\n brcmf_setup_wiphybands+0x290/0x1430\n brcmf_cfg80211_attach+0x2118/0x3fd0\n brcmf_attach+0x389/0xd40\n brcmf_usb_probe+0x12de/0x1690\n usb_probe_interface+0x25f/0x710\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_set_configuration+0x984/0x1770\n usb_generic_driver_probe+0x69/0x90\n usb_probe_device+0x9c/0x220\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_new_device.cold+0x463/0xf66\n hub_event+0x10d5/0x3330\n process_one_work+0x873/0x13e0\n worker_thread+0x8b/0xd10\n kthread+0x379/0x450\n ret_from_fork+0x1f/0x30\n\nThe buggy address belongs to the object at ffff888115f24000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 1536 bytes inside of\n 2048-byte region [ffff888115f24000, ffff888115f24800)\n\nMemory state around the buggy address:\n ffff888115f24500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888115f24580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n>ffff888115f24600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffff888115f24680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888115f24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n==================================================================\n\nCrash Report from brcmf_enable_bw40_2g():\n==========\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49740" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4920ab131b2dbae7464b72bdcac465d070254209", "url": "https://git.kernel.org/stable/c/4920ab131b2dbae7464b72bdcac465d070254209" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c", "url": "https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2e412879595821ff1b5545cbed5f108fba7f5b6", "url": "https://git.kernel.org/stable/c/b2e412879595821ff1b5545cbed5f108fba7f5b6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e4991910f15013db72f6ec0db7038ea67a57052e", "url": "https://git.kernel.org/stable/c/e4991910f15013db72f6ec0db7038ea67a57052e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f06de1bb6d61f0c18b0213bbc6298960037f9d42", "url": "https://git.kernel.org/stable/c/f06de1bb6d61f0c18b0213bbc6298960037f9d42" } ], "release_date": "2025-03-27T17:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els22.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }