{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init {CVE-2022-49478}\n- x86/kvm: Disable kvmclock on all CPUs on shutdown {CVE-2021-47110}\n- cifs: fix potential double free during failed mount {CVE-2022-49541}\n- drm/amd/pm: fix double free in si_parse_power_table() {CVE-2022-49530}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux6els/advisories/2025/clsa-2025_1750172760.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1750172760", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1750172760" } ], "tracking": { "current_release_date": "2025-06-17T15:07:11Z", "generator": { "date": "2025-06-17T15:07:11Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1750172760", "initial_release_date": "2025-06-17T15:07:11Z", "revision_history": [ { "date": "2025-06-17T15:07:11Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 4 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 6", "product": { "name": "Oracle Linux 6", "product_id": "Oracle-Linux-6", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_id": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python-perf@2.6.32-754.35.8.el6.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_id": "perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/perf@2.6.32-754.35.8.el6.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_id": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug@2.6.32-754.35.8.el6.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_id": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel@2.6.32-754.35.8.el6.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_id": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@2.6.32-754.35.8.el6.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_id": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@2.6.32-754.35.8.el6.tuxcare.els23?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "product": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "product_id": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-abi-whitelists@2.6.32-754.35.8.el6.tuxcare.els23?arch=noarch" } } }, { "category": "product_version", "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "product": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "product_id": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-doc@2.6.32-754.35.8.el6.tuxcare.els23?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els23?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" }, "product_reference": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" }, "product_reference": "perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch" }, "product_reference": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" }, "product_reference": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" }, "product_reference": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" }, "product_reference": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch" }, "product_reference": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" }, "product_reference": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "relates_to_product_reference": "Oracle-Linux-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-49530", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix double free in si_parse_power_table()\n\nIn function si_parse_power_table(), array adev->pm.dpm.ps and its member\nis allocated. If the allocation of each member fails, the array itself\nis freed and returned with an error code. However, the array is later\nfreed again in si_dpm_fini() function which is called when the function\nreturns an error.\n\nThis leads to potential double free of the array adev->pm.dpm.ps, as\nwell as leak of its array members, since the members are not freed in\nthe allocation function and the array is not nulled when freed.\nIn addition adev->pm.dpm.num_ps, which keeps track of the allocated\narray member, is not updated until the member allocation is\nsuccessfully finished, this could also lead to either use after free,\nor uninitialized variable access in si_dpm_fini().\n\nFix this by postponing the free of the array until si_dpm_fini() and\nincrement adev->pm.dpm.num_ps everytime the array member is allocated.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49530" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7", "url": "https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/43eb9b667b95f2a31c63e8949b0d2161b9be59c3", "url": "https://git.kernel.org/stable/c/43eb9b667b95f2a31c63e8949b0d2161b9be59c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c5bdaa1325be7f04b79ea992ab216739192d342", "url": "https://git.kernel.org/stable/c/6c5bdaa1325be7f04b79ea992ab216739192d342" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a5ce7051db044290b1a95045ff03c249005a3aa4", "url": "https://git.kernel.org/stable/c/a5ce7051db044290b1a95045ff03c249005a3aa4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af832028af6f44c6c45645757079c4ed6884ade5", "url": "https://git.kernel.org/stable/c/af832028af6f44c6c45645757079c4ed6884ade5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0e811c4ccf3b42705976285e3a94cc82dea7300", "url": "https://git.kernel.org/stable/c/c0e811c4ccf3b42705976285e3a94cc82dea7300" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca1ce206894dd976275c78ee38dbc19873f22de9", "url": "https://git.kernel.org/stable/c/ca1ce206894dd976275c78ee38dbc19873f22de9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd", "url": "https://git.kernel.org/stable/c/f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd2eff8b9dcbe469c3b7bbbc7083ab5ed94de07b", "url": "https://git.kernel.org/stable/c/fd2eff8b9dcbe469c3b7bbbc7083ab5ed94de07b" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47110", "cwe": { "id": "CWE-459", "name": "Incomplete Cleanup" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kvm: Disable kvmclock on all CPUs on shutdown\n\nCurrenly, we disable kvmclock from machine_shutdown() hook and this\nonly happens for boot CPU. We need to disable it for all CPUs to\nguard against memory corruption e.g. on restore from hibernate.\n\nNote, writing '0' to kvmclock MSR doesn't clear memory location, it\njust prevents hypervisor from updating the location so for the short\nwhile after write and while CPU is still alive, the clock remains usable\nand correct so we don't need to switch to some other clocksource.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47110" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1df2dc09926f61319116c80ee85701df33577d70", "url": "https://git.kernel.org/stable/c/1df2dc09926f61319116c80ee85701df33577d70" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b0becf8b1ecf642a9edaf4c9628ffc641e490d6", "url": "https://git.kernel.org/stable/c/3b0becf8b1ecf642a9edaf4c9628ffc641e490d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a", "url": "https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c02027b5742b5aa804ef08a4a9db433295533046", "url": "https://git.kernel.org/stable/c/c02027b5742b5aa804ef08a4a9db433295533046" } ], "release_date": "2024-03-15T21:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49478", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init\n\nSyzbot reported that -1 is used as array index. The problem was in\nmissing validation check.\n\nhdw->unit_number is initialized with -1 and then if init table walk fails\nthis value remains unchanged. Since code blindly uses this member for\narray indexing adding sanity check is the easiest fix for that.\n\nhdw->workpoll initialization moved upper to prevent warning in\n__flush_work.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49478" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827", "url": "https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e", "url": "https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e", "url": "https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a", "url": "https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67", "url": "https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059", "url": "https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9", "url": "https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7", "url": "https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511", "url": "https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49541", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential double free during failed mount\n\nRHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49541" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8378a51e3f8140f60901fb27208cc7a6e47047b5", "url": "https://git.kernel.org/stable/c/8378a51e3f8140f60901fb27208cc7a6e47047b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9a167fc440e5693c1cdd7f07071e05658bd9d89d", "url": "https://git.kernel.org/stable/c/9a167fc440e5693c1cdd7f07071e05658bd9d89d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4", "url": "https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb", "url": "https://git.kernel.org/stable/c/ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els23.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els23.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }