{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "nfs: fix UAF in direct writes {CVE-2024-26958}\n- NFSD: Fix the behavior of READ near OFFSET_MAX {CVE-2022-48827}\n- thermal: core: prevent potential string overflow {CVE-2023-52868}\n- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 {CVE-2021-47633}\n- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests {CVE-2021-47391}\n- drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616}\n- Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982}\n- wifi: mac80211: fix potential key use-after-free {CVE-2023-52530}\n- crypto: qat - resolve race condition during AER recovery {CVE-2024-26974}\n- netfilter: validate user input for expected length {CVE-2024-35896}\n- wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937}\n- net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538}\n- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() {CVE-2024-39487}\n- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() {CVE-2023-52885}\n- tty: Fix out-of-bound vmalloc access in imageblit {CVE-2021-47383}\n- watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321}\n- virtio-net: Add validation for used length {CVE-2021-47352}\n- USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760}\n- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901}\n- xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014}\n- scsi: mpt3sas: Fix use-after-free warning {CVE-2022-48695}\n- jffs2: prevent xattr node from overflowing the eraseblock {CVE-2024-38599}\n- ecryptfs: Fix buffer size for tag 66 packet {CVE-2024-38578}\n- dlm: fix plock invalid read {CVE-2022-49407}\n- media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764}\n- igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332}\n- jfs: fix shift-out-of-bounds in dbSplit {CVE-2024-56597}\n- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594}\n- pid: take a reference when initializing `cad_pid` {CVE-2021-47118}\n- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg {CVE-2023-51779}\n- sched/rt: pick_next_rt_entity(): check list_entry {CVE-2023-1077}\n- media: dm1105: Fix use after free bug in dm1105_remove due to race condition {CVE-2023-35824}\n- xen/grant-table: add gnttab_try_end_foreign_access() {CVE-2022-23038}\n- media: dvb-core: Fix use-after-free due to race at dvb_register_device() {CVE-2022-45884}\n- media: dvb-core: Fix use-after-free due on race condition at dvb_net {CVE-2022-45886}\n- media: dvb-core: Fix use-after-free on race condition at dvb_frontend {CVE-2022-45885}\n- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 {CVE-2022-45919}\n- x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit {CVE-2022-25265}\n- x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK {CVE-2022-25265}\n- x86/elf: Add table to document READ_IMPLIES_EXEC {CVE-2022-25265}\n- i2c: i801: Don't generate an interrupt on bus reset {CVE-2021-47153}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux6els/advisories/2025/clsa-2025_1761074747.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1761074747", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1761074747" } ], "tracking": { "current_release_date": "2025-10-21T19:30:20Z", "generator": { "date": "2025-10-21T19:30:20Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1761074747", "initial_release_date": "2025-10-21T19:30:20Z", "revision_history": [ { "date": "2025-10-21T19:30:20Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 39 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 6", "product": { "name": "Oracle Linux 6", "product_id": "Oracle-Linux-6", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_id": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python-perf@2.6.32-754.35.8.el6.tuxcare.els26?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_id": "perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/perf@2.6.32-754.35.8.el6.tuxcare.els26?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_id": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug@2.6.32-754.35.8.el6.tuxcare.els26?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_id": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel@2.6.32-754.35.8.el6.tuxcare.els26?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_id": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@2.6.32-754.35.8.el6.tuxcare.els26?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els26?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_id": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@2.6.32-754.35.8.el6.tuxcare.els26?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product_id": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-abi-whitelists@2.6.32-754.35.8.el6.tuxcare.els26?arch=noarch" } } }, { "category": "product_version", "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product_id": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-doc@2.6.32-754.35.8.el6.tuxcare.els26?arch=noarch" } } }, { "category": "product_version", "name": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product": { "name": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product_id": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-firmware@2.6.32-754.35.8.el6.tuxcare.els26?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els26?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" }, "product_reference": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" }, "product_reference": "perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch" }, "product_reference": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" }, "product_reference": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" }, "product_reference": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" }, "product_reference": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch" }, "product_reference": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" }, "product_reference": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch" }, "product_reference": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "relates_to_product_reference": "Oracle-Linux-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-38599", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren't split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-38599" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11", "url": "https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df", "url": "https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275", "url": "https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07", "url": "https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b", "url": "https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb", "url": "https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913", "url": "https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098", "url": "https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8", "url": "https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8" } ], "release_date": "2024-06-19T14:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52885", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n Read of size 8 at addr ffff888139d96228 by task nc/102553\n CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n Call Trace:\n \n dump_stack_lvl+0x33/0x50\n print_address_description.constprop.0+0x27/0x310\n print_report+0x3e/0x70\n kasan_report+0xae/0xe0\n svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n tcp_data_queue+0x9f4/0x20e0\n tcp_rcv_established+0x666/0x1f60\n tcp_v4_do_rcv+0x51c/0x850\n tcp_v4_rcv+0x23fc/0x2e80\n ip_protocol_deliver_rcu+0x62/0x300\n ip_local_deliver_finish+0x267/0x350\n ip_local_deliver+0x18b/0x2d0\n ip_rcv+0x2fb/0x370\n __netif_receive_skb_one_core+0x166/0x1b0\n process_backlog+0x24c/0x5e0\n __napi_poll+0xa2/0x500\n net_rx_action+0x854/0xc90\n __do_softirq+0x1bb/0x5de\n do_softirq+0xcb/0x100\n \n \n ...\n \n\n Allocated by task 102371:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x7b/0x90\n svc_setup_socket+0x52/0x4f0 [sunrpc]\n svc_addsock+0x20d/0x400 [sunrpc]\n __write_ports_addfd+0x209/0x390 [nfsd]\n write_ports+0x239/0x2c0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n Freed by task 102551:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x50\n __kasan_slab_free+0x106/0x190\n __kmem_cache_free+0x133/0x270\n svc_xprt_free+0x1e2/0x350 [sunrpc]\n svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n nfsd_put+0x125/0x240 [nfsd]\n nfsd_svc+0x2cb/0x3c0 [nfsd]\n write_threads+0x1ac/0x2a0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52885" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b", "url": "https://git.kernel.org/stable/c/42725e5c1b181b757ba11d804443922982334d9b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f", "url": "https://git.kernel.org/stable/c/7e1f989055622fd086c5dfb291fc72adf5660b6f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428", "url": "https://git.kernel.org/stable/c/c7b8c2d06e437639694abe76978e915cfb73f428" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065", "url": "https://git.kernel.org/stable/c/cd5ec3ee52ce4b7e283cc11facfa420c297c8065" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254", "url": "https://git.kernel.org/stable/c/dfc896c4a75cb8cd7cb2dfd9b469cf1e3f004254" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e", "url": "https://git.kernel.org/stable/c/ef047411887ff0845afd642d6a687819308e1a4e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee", "url": "https://git.kernel.org/stable/c/fbf4ace39b2e4f3833236afbb2336edbafd75eee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287", "url": "https://git.kernel.org/stable/c/fc80fc2d4e39137869da3150ee169b40bf879287" } ], "release_date": "2024-07-14T08:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-39487", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()\n\nIn function bond_option_arp_ip_targets_set(), if newval->string is an\nempty string, newval->string+1 will point to the byte after the\nstring, causing an out-of-bound read.\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418\nRead of size 1 at addr ffff8881119c4781 by task syz-executor665/8107\nCPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0xc1/0x5e0 mm/kasan/report.c:475\n kasan_report+0xbe/0xf0 mm/kasan/report.c:588\n strlen+0x7d/0xa0 lib/string.c:418\n __fortify_strlen include/linux/fortify-string.h:210 [inline]\n in4_pton+0xa3/0x3f0 net/core/utils.c:130\n bond_option_arp_ip_targets_set+0xc2/0x910\ndrivers/net/bonding/bond_options.c:1201\n __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767\n __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792\n bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817\n bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156\n dev_attr_store+0x54/0x80 drivers/base/core.c:2366\n sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136\n kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x96a/0xd80 fs/read_write.c:584\n ksys_write+0x122/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n---[ end trace ]---\n\nFix it by adding a check of string length before using it.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-39487" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e", "url": "https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1", "url": "https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b", "url": "https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da", "url": "https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8", "url": "https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9", "url": "https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f", "url": "https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d", "url": "https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d" } ], "release_date": "2024-07-09T10:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-38538", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: xmit: make sure we have at least eth header len bytes\n\nsyzbot triggered an uninit value[1] error in bridge device's xmit path\nby sending a short (less than ETH_HLEN bytes) skb. To fix it check if\nwe can actually pull that amount instead of assuming.\n\nTested with dropwatch:\n drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)\n origin: software\n timestamp: Mon May 13 11:31:53 2024 778214037 nsec\n protocol: 0x88a8\n length: 2\n original length: 2\n drop reason: PKT_TOO_SMALL\n\n[1]\nBUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n __bpf_tx_skb net/core/filter.c:2136 [inline]\n __bpf_redirect_common net/core/filter.c:2180 [inline]\n __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187\n ____bpf_clone_redirect net/core/filter.c:2460 [inline]\n bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432\n ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238\n bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]\n __bpf_prog_run include/linux/filter.h:657 [inline]\n bpf_prog_run include/linux/filter.h:664 [inline]\n bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425\n bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058\n bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678\n __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]\n __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765\n x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-38538" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5", "url": "https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2", "url": "https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3e01fc3c66e65d9afe98f1489047a1b2dd8741ca", "url": "https://git.kernel.org/stable/c/3e01fc3c66e65d9afe98f1489047a1b2dd8741ca" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a", "url": "https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/82090f94c723dab724b1c32db406091d40448a17", "url": "https://git.kernel.org/stable/c/82090f94c723dab724b1c32db406091d40448a17" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc", "url": "https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2b7c43cd32080221bb233741bd6011983fe7c11", "url": "https://git.kernel.org/stable/c/b2b7c43cd32080221bb233741bd6011983fe7c11" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c964429ef53f42098a6545a5dabeb1441c1e821d", "url": "https://git.kernel.org/stable/c/c964429ef53f42098a6545a5dabeb1441c1e821d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2", "url": "https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2" } ], "release_date": "2024-06-19T14:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-45886", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-45886" }, { "category": "external", "summary": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4172385b0c9ac366dcab78eda48c26814b87ed1a", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4172385b0c9ac366dcab78eda48c26814b87ed1a" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230113-0006/", "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" } ], "release_date": "2022-11-25T04:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-45919", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-45919" }, { "category": "external", "summary": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=280a8ab81733da8bc442253c700a52c4c0886ffd", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=280a8ab81733da8bc442253c700a52c4c0886ffd" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u", "url": "https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230113-0008/", "url": "https://security.netapp.com/advisory/ntap-20230113-0008/" } ], "release_date": "2022-11-27T02:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-49407", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix plock invalid read\n\nThis patch fixes an invalid read showed by KASAN. A unlock will allocate a\n\"struct plock_op\" and a followed send_op() will append it to a global\nsend_list data structure. In some cases a followed dev_read() moves it\nto recv_list and dev_write() will cast it to \"struct plock_xop\" and access\nfields which are only available in those structures. At this point an\ninvalid read happens by accessing those fields.\n\nTo fix this issue the \"callback\" field is moved to \"struct plock_op\" to\nindicate that a cast to \"plock_xop\" is allowed and does the additional\n\"plock_xop\" handling if set.\n\nExample of the KASAN output which showed the invalid read:\n\n[ 2064.296453] ==================================================================\n[ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm]\n[ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484\n[ 2064.308168]\n[ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9\n[ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n[ 2064.311618] Call Trace:\n[ 2064.312218] dump_stack_lvl+0x56/0x7b\n[ 2064.313150] print_address_description.constprop.8+0x21/0x150\n[ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.316595] kasan_report.cold.14+0x7f/0x11b\n[ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.318687] dev_write+0x52b/0x5a0 [dlm]\n[ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm]\n[ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10\n[ 2064.321926] vfs_write+0x17e/0x930\n[ 2064.322769] ? __fget_light+0x1aa/0x220\n[ 2064.323753] ksys_write+0xf1/0x1c0\n[ 2064.324548] ? __ia32_sys_read+0xb0/0xb0\n[ 2064.325464] do_syscall_64+0x3a/0x80\n[ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.327606] RIP: 0033:0x7f807e4ba96f\n[ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48\n[ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f\n[ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010\n[ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001\n[ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80\n[ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001\n[ 2064.342857]\n[ 2064.343226] Allocated by task 12438:\n[ 2064.344057] kasan_save_stack+0x1c/0x40\n[ 2064.345079] __kasan_kmalloc+0x84/0xa0\n[ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220\n[ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm]\n[ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0\n[ 2064.351070] fcntl_setlk+0x281/0xbc0\n[ 2064.352879] do_fcntl+0x5e4/0xfe0\n[ 2064.354657] __x64_sys_fcntl+0x11f/0x170\n[ 2064.356550] do_syscall_64+0x3a/0x80\n[ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.360745]\n[ 2064.361511] Last potentially related work creation:\n[ 2064.363957] kasan_save_stack+0x1c/0x40\n[ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.368100] call_rcu+0x11b/0xf70\n[ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.372404] receive_from_sock+0x290/0x770 [dlm]\n[ 2064.374607] process_recv_sockets+0x32/0x40 [dlm]\n[ 2064.377290] process_one_work+0x9a8/0x16e0\n[ 2064.379357] worker_thread+0x87/0xbf0\n[ 2064.381188] kthread+0x3ac/0x490\n[ 2064.383460] ret_from_fork+0x22/0x30\n[ 2064.385588]\n[ 2064.386518] Second to last potentially related work creation:\n[ 2064.389219] kasan_save_stack+0x1c/0x40\n[ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.393303] call_rcu+0x11b/0xf70\n[ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.397694] receive_from_sock+0x290/0x770 \n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49407" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2c55155cc365861044d9e6e80e342693e8805e33", "url": "https://git.kernel.org/stable/c/2c55155cc365861044d9e6e80e342693e8805e33" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/42252d0d2aa9b94d168241710a761588b3959019", "url": "https://git.kernel.org/stable/c/42252d0d2aa9b94d168241710a761588b3959019" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/49cd9eb7b9a7b88124b31e31f8e539acaf1b3a6d", "url": "https://git.kernel.org/stable/c/49cd9eb7b9a7b88124b31e31f8e539acaf1b3a6d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/56aa8d1fbd02357f3bf81bdfba1cde87ce8402fc", "url": "https://git.kernel.org/stable/c/56aa8d1fbd02357f3bf81bdfba1cde87ce8402fc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5a1765adf9855cf0f6d3f7e0eb4b78ca66f70dee", "url": "https://git.kernel.org/stable/c/5a1765adf9855cf0f6d3f7e0eb4b78ca66f70dee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72f2f68970f9bdc252d59e119b385a6441b0b155", "url": "https://git.kernel.org/stable/c/72f2f68970f9bdc252d59e119b385a6441b0b155" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/899bc4429174861122f0c236588700a4710c1fec", "url": "https://git.kernel.org/stable/c/899bc4429174861122f0c236588700a4710c1fec" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/acdad5bc9827922ec2f2e84fd198718aa8e8ab92", "url": "https://git.kernel.org/stable/c/acdad5bc9827922ec2f2e84fd198718aa8e8ab92" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e421872fa17542cf33747071fb141b0130ce9ef7", "url": "https://git.kernel.org/stable/c/e421872fa17542cf33747071fb141b0130ce9ef7" } ], "release_date": "2025-02-26T07:01:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47391", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests\n\nThe FSM can run in a circle allowing rdma_resolve_ip() to be called twice\non the same id_priv. While this cannot happen without going through the\nwork, it violates the invariant that the same address resolution\nbackground request cannot be active twice.\n\n CPU 1 CPU 2\n\nrdma_resolve_addr():\n RDMA_CM_IDLE -> RDMA_CM_ADDR_QUERY\n rdma_resolve_ip(addr_handler) #1\n\n\t\t\t process_one_req(): for #1\n addr_handler():\n RDMA_CM_ADDR_QUERY -> RDMA_CM_ADDR_BOUND\n mutex_unlock(&id_priv->handler_mutex);\n [.. handler still running ..]\n\nrdma_resolve_addr():\n RDMA_CM_ADDR_BOUND -> RDMA_CM_ADDR_QUERY\n rdma_resolve_ip(addr_handler)\n !! two requests are now on the req_list\n\nrdma_destroy_id():\n destroy_id_handler_unlock():\n _destroy_id():\n cma_cancel_operation():\n rdma_addr_cancel()\n\n // process_one_req() self removes it\n\t\t spin_lock_bh(&lock);\n cancel_delayed_work(&req->work);\n\t if (!list_empty(&req->list)) == true\n\n ! rdma_addr_cancel() returns after process_on_req #1 is done\n\n kfree(id_priv)\n\n\t\t\t process_one_req(): for #2\n addr_handler():\n\t mutex_lock(&id_priv->handler_mutex);\n !! Use after free on id_priv\n\nrdma_addr_cancel() expects there to be one req on the list and only\ncancels the first one. The self-removal behavior of the work only happens\nafter the handler has returned. This yields a situations where the\nreq_list can have two reqs for the same \"handle\" but rdma_addr_cancel()\nonly cancels the first one.\n\nThe second req remains active beyond rdma_destroy_id() and will\nuse-after-free id_priv once it inevitably triggers.\n\nFix this by remembering if the id_priv has called rdma_resolve_ip() and\nalways cancel before calling it again. This ensures the req_list never\ngets more than one item in it and doesn't cost anything in the normal flow\nthat never uses this strange error path.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47391" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/03d884671572af8bcfbc9e63944c1021efce7589", "url": "https://git.kernel.org/stable/c/03d884671572af8bcfbc9e63944c1021efce7589" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/305d568b72f17f674155a2a8275f865f207b3808", "url": "https://git.kernel.org/stable/c/305d568b72f17f674155a2a8275f865f207b3808" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9a085fa9b7d644a234465091e038c1911e1a4f2a", "url": "https://git.kernel.org/stable/c/9a085fa9b7d644a234465091e038c1911e1a4f2a" } ], "release_date": "2024-05-21T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47633", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n\nThe bug was found during fuzzing. Stacktrace locates it in\nath5k_eeprom_convert_pcal_info_5111.\nWhen none of the curve is selected in the loop, idx can go\nup to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.\npd = &chinfo[pier].pd_curves[idx];\n\nThere are many OOB writes using pd later in the code. So I\nadded a sanity check for idx. Checks for other loops involving\nAR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not\nused outside the loops.\n\nThe patch is NOT tested with real device.\n\nThe following is the fuzzing report\n\nBUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\nWrite of size 1 at addr ffff8880174a4d60 by task modprobe/214\n\nCPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1\nCall Trace:\n dump_stack+0x76/0xa0\n print_address_description.constprop.0+0x16/0x200\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n __kasan_report.cold+0x37/0x7c\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n kasan_report+0xe/0x20\n ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]\n ath5k_eeprom_init+0x2513/0x6290 [ath5k]\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? usleep_range+0xb8/0x100\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]\n ath5k_hw_init+0xb60/0x1970 [ath5k]\n ath5k_init_ah+0x6fe/0x2530 [ath5k]\n ? kasprintf+0xa6/0xe0\n ? ath5k_stop+0x140/0x140 [ath5k]\n ? _dev_notice+0xf6/0xf6\n ? apic_timer_interrupt+0xa/0x20\n ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n ? mutex_lock+0x89/0xd0\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n local_pci_probe+0xd3/0x160\n pci_device_probe+0x23f/0x3e0\n ? pci_device_remove+0x280/0x280\n ? pci_device_remove+0x280/0x280\n really_probe+0x209/0x5d0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47633" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/25efc5d03455c3839249bc77fce5e29ecb54677e", "url": "https://git.kernel.org/stable/c/25efc5d03455c3839249bc77fce5e29ecb54677e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/564d4eceb97eaf381dd6ef6470b06377bb50c95a", "url": "https://git.kernel.org/stable/c/564d4eceb97eaf381dd6ef6470b06377bb50c95a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9d7d83d0399e23d66fd431b553842a84ac10398f", "url": "https://git.kernel.org/stable/c/9d7d83d0399e23d66fd431b553842a84ac10398f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be2f81024e7981565d90a4c9ca3067d11b6bca7f", "url": "https://git.kernel.org/stable/c/be2f81024e7981565d90a4c9ca3067d11b6bca7f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c4e2f577271e158d87a916afb4e87415a88ce856", "url": "https://git.kernel.org/stable/c/c4e2f577271e158d87a916afb4e87415a88ce856" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cbd96d6cad6625feba9c8d101ed4977d53e82f8e", "url": "https://git.kernel.org/stable/c/cbd96d6cad6625feba9c8d101ed4977d53e82f8e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84", "url": "https://git.kernel.org/stable/c/ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f4de974019a0adf34d0e7de6b86252f1bd266b06", "url": "https://git.kernel.org/stable/c/f4de974019a0adf34d0e7de6b86252f1bd266b06" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc8f7752a82f4accb99c0f1a868906ba1eb7b86f", "url": "https://git.kernel.org/stable/c/fc8f7752a82f4accb99c0f1a868906ba1eb7b86f" } ], "release_date": "2025-02-26T06:37:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52868", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: prevent potential string overflow\n\nThe dev->id value comes from ida_alloc() so it's a number between zero\nand INT_MAX. If it's too high then these sprintf()s will overflow.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52868" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97", "url": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb", "url": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c", "url": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c", "url": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521", "url": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8", "url": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8", "url": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5", "url": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686", "url": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686" } ], "release_date": "2024-05-21T16:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-38578", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\necryptfs: Fix buffer size for tag 66 packet\n\nThe 'TAG 66 Packet Format' description is missing the cipher code and\nchecksum fields that are packed into the message packet. As a result,\nthe buffer allocated for the packet is 3 bytes too small and\nwrite_tag_66_packet() will write up to 3 bytes past the end of the\nbuffer.\n\nFix this by increasing the size of the allocation so the whole packet\nwill always fit in the buffer.\n\nThis fixes the below kasan slab-out-of-bounds bug:\n\n BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0\n Write of size 1 at addr ffff88800afbb2a5 by task touch/181\n\n CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x4c/0x70\n print_report+0xc5/0x610\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? kasan_complete_mode_report_info+0x44/0x210\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n kasan_report+0xc2/0x110\n ? ecryptfs_generate_key_packet_set+0x7d6/0xde0\n __asan_store1+0x62/0x80\n ecryptfs_generate_key_packet_set+0x7d6/0xde0\n ? __pfx_ecryptfs_generate_key_packet_set+0x10/0x10\n ? __alloc_pages+0x2e2/0x540\n ? __pfx_ovl_open+0x10/0x10 [overlay 30837f11141636a8e1793533a02e6e2e885dad1d]\n ? dentry_open+0x8f/0xd0\n ecryptfs_write_metadata+0x30a/0x550\n ? __pfx_ecryptfs_write_metadata+0x10/0x10\n ? ecryptfs_get_lower_file+0x6b/0x190\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n ? __pfx_path_openat+0x10/0x10\n do_filp_open+0x15e/0x290\n ? __pfx_do_filp_open+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? _raw_spin_lock+0x86/0xf0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __kasan_check_write+0x18/0x30\n ? alloc_fd+0xf4/0x330\n do_sys_openat2+0x122/0x160\n ? __pfx_do_sys_openat2+0x10/0x10\n __x64_sys_openat+0xef/0x170\n ? __pfx___x64_sys_openat+0x10/0x10\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f00a703fd67\n Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f\n RSP: 002b:00007ffc088e30b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\n RAX: ffffffffffffffda RBX: 00007ffc088e3368 RCX: 00007f00a703fd67\n RDX: 0000000000000941 RSI: 00007ffc088e48d7 RDI: 00000000ffffff9c\n RBP: 00007ffc088e48d7 R08: 0000000000000001 R09: 0000000000000000\n R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000941\n R13: 0000000000000000 R14: 00007ffc088e48d7 R15: 00007f00a7180040\n \n\n Allocated by task 181:\n kasan_save_stack+0x2f/0x60\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x25/0x40\n __kasan_kmalloc+0xc5/0xd0\n __kmalloc+0x66/0x160\n ecryptfs_generate_key_packet_set+0x6d2/0xde0\n ecryptfs_write_metadata+0x30a/0x550\n ecryptfs_initialize_file+0x77/0x150\n ecryptfs_create+0x1c2/0x2f0\n path_openat+0x17cf/0x1ba0\n do_filp_open+0x15e/0x290\n do_sys_openat2+0x122/0x160\n __x64_sys_openat+0xef/0x170\n do_syscall_64+0x60/0xd0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-38578" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c", "url": "https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93", "url": "https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1", "url": "https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df", "url": "https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910", "url": "https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/85a6a1aff08ec9f5b929d345d066e2830e8818e5", "url": "https://git.kernel.org/stable/c/85a6a1aff08ec9f5b929d345d066e2830e8818e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894c91030e", "url": "https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894c91030e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1", "url": "https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f6008487f1eeb8693f8d2a36a89c87d9122ddf74", "url": "https://git.kernel.org/stable/c/f6008487f1eeb8693f8d2a36a89c87d9122ddf74" } ], "release_date": "2024-06-19T14:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-35896", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: validate user input for expected length\n\nI got multiple syzbot reports showing old bugs exposed\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\nin cgroup/{s,g}etsockopt\")\n\nsetsockopt() @optlen argument should be taken into account\nbefore copying data.\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\nRead of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238\n\nCPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\n nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\nRIP: 0033:0x7fd22067dde9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8\n \n\nAllocated by task 7238:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:4069 [inline]\n __kmalloc_noprof+0x200/0x410 mm/slub.c:4082\n kmalloc_noprof include/linux/slab.h:664 [inline]\n __cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869\n do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\n\nThe buggy address belongs to the object at ffff88802cd73da0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73\nflags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)\npage_type: 0xffffefff(slab)\nraw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122\nraw: ffff88802cd73020 000000008080007f 00000001ffffefff 00\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35896" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc", "url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6", "url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5", "url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b", "url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018", "url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525", "url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250321-0004/", "url": "https://security.netapp.com/advisory/ntap-20250321-0004/" } ], "release_date": "2024-05-19T09:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-51779", "notes": [ { "category": "description", "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-51779" } ], "release_date": "2023-12-25T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-48827", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix the behavior of READ near OFFSET_MAX\n\nDan Aloni reports:\n> Due to commit 8cfb9015280d (\"NFS: Always provide aligned buffers to\n> the RPC read layers\") on the client, a read of 0xfff is aligned up\n> to server rsize of 0x1000.\n>\n> As a result, in a test where the server has a file of size\n> 0x7fffffffffffffff, and the client tries to read from the offset\n> 0x7ffffffffffff000, the read causes loff_t overflow in the server\n> and it returns an NFS code of EINVAL to the client. The client as\n> a result indefinitely retries the request.\n\nThe Linux NFS client does not handle NFS?ERR_INVAL, even though all\nNFS specifications permit servers to return that status code for a\nREAD.\n\nInstead of NFS?ERR_INVAL, have out-of-range READ requests succeed\nand return a short result. Set the EOF flag in the result to prevent\nthe client from retrying the READ request. This behavior appears to\nbe consistent with Solaris NFS servers.\n\nNote that NFSv3 and NFSv4 use u64 offset values on the wire. These\nmust be converted to loff_t internally before use -- an implicit\ntype cast is not adequate for this purpose. Otherwise VFS checks\nagainst sb->s_maxbytes do not work properly.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48827" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960", "url": "https://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1726a39b0879acfb490b22dca643f26f4f907da9", "url": "https://git.kernel.org/stable/c/1726a39b0879acfb490b22dca643f26f4f907da9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/44502aca8e02ab32d6b0eb52e006a5ec9402719b", "url": "https://git.kernel.org/stable/c/44502aca8e02ab32d6b0eb52e006a5ec9402719b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6eff5c4277146a78b4fb8c9b668dd64542c41b0", "url": "https://git.kernel.org/stable/c/c6eff5c4277146a78b4fb8c9b668dd64542c41b0" } ], "release_date": "2024-07-16T12:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-56616", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix MST sideband message body length check\n\nFix the MST sideband message body length check, which must be at least 1\nbyte accounting for the message body CRC (aka message data CRC) at the\nend of the message.\n\nThis fixes a case where an MST branch device returns a header with a\ncorrect header CRC (indicating a correctly received body length), with\nthe body length being incorrectly set to 0. This will later lead to a\nmemory corruption in drm_dp_sideband_append_payload() and the following\nerrors in dmesg:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25\n index -1 is out of range for type 'u8 [48]'\n Call Trace:\n drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]\n\n memcpy: detected field-spanning write (size 18446744073709551615) of single field \"&msg->msg[msg->curlen]\" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256)\n Call Trace:\n drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56616" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af", "url": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef", "url": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5", "url": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96", "url": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763", "url": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801", "url": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801" } ], "release_date": "2024-12-27T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-56597", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix shift-out-of-bounds in dbSplit\n\nWhen dmt_budmin is less than zero, it causes errors\nin the later stages. Added a check to return an error beforehand\nin dbAllocCtl itself.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56597" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/51a203470f502a64a3da8dcea51c4748e8267a6c", "url": "https://git.kernel.org/stable/c/51a203470f502a64a3da8dcea51c4748e8267a6c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52756a57e978e2706543a254f88f266cc6702f36", "url": "https://git.kernel.org/stable/c/52756a57e978e2706543a254f88f266cc6702f36" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6676034aa753aa448beb30dbd75630927ba7cd96", "url": "https://git.kernel.org/stable/c/6676034aa753aa448beb30dbd75630927ba7cd96" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d", "url": "https://git.kernel.org/stable/c/a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e", "url": "https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c56245baf3fd1f79145dd7408e3ead034b74255c", "url": "https://git.kernel.org/stable/c/c56245baf3fd1f79145dd7408e3ead034b74255c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/df7c76636952670b31bd6c12b3aed3c502122273", "url": "https://git.kernel.org/stable/c/df7c76636952670b31bd6c12b3aed3c502122273" } ], "release_date": "2024-12-27T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-52332", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix potential invalid memory access in igb_init_module()\n\nThe pci_register_driver() can fail and when this happened, the dca_notifier\nneeds to be unregistered, otherwise the dca_notifier can be called when\nigb fails to install, resulting to invalid memory access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-52332" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0566f83d206c7a864abcd741fe39d6e0ae5eef29", "url": "https://git.kernel.org/stable/c/0566f83d206c7a864abcd741fe39d6e0ae5eef29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4458046617dfadc351162dbaea1945c57eebdf36", "url": "https://git.kernel.org/stable/c/4458046617dfadc351162dbaea1945c57eebdf36" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4fe517643f529e805bb6b890a4331c100e8f2484", "url": "https://git.kernel.org/stable/c/4fe517643f529e805bb6b890a4331c100e8f2484" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8009cdcc493fa30d4572016daf2d6999da4d6c54", "url": "https://git.kernel.org/stable/c/8009cdcc493fa30d4572016daf2d6999da4d6c54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/992fd34122de377b45cb75b64fc7f17fc1e6ed2f", "url": "https://git.kernel.org/stable/c/992fd34122de377b45cb75b64fc7f17fc1e6ed2f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e0155b1b1509d0ef4799bd1cd73309ca466df3f3", "url": "https://git.kernel.org/stable/c/e0155b1b1509d0ef4799bd1cd73309ca466df3f3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f309733a8c9da7d4266a8a3755020b738a570cae", "url": "https://git.kernel.org/stable/c/f309733a8c9da7d4266a8a3755020b738a570cae" } ], "release_date": "2025-01-11T13:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-41014", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header->h_size\n 5) xlog_rec_header->h_num_logops++\n 6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41014" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1", "url": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143", "url": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196", "url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196" } ], "release_date": "2024-07-29T07:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-40901", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory\n\nThere is a potential out-of-bounds access when using test_bit() on a single\nword. The test_bit() and set_bit() functions operate on long values, and\nwhen testing or setting a single word, they can exceed the word\nboundary. KASAN detects this issue and produces a dump:\n\n\t BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas\n\n\t Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965\n\nFor full log, please look at [1].\n\nMake the allocation at least the size of sizeof(unsigned long) so that\nset_bit() and test_bit() have sufficient room for read/write operations\nwithout overwriting unallocated memory.\n\n[1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-40901" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16", "url": "https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674", "url": "https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2", "url": "https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41", "url": "https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c", "url": "https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801", "url": "https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5", "url": "https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee", "url": "https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee" } ], "release_date": "2024-07-12T13:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47352", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: Add validation for used length\n\nThis adds validation for used length (might come\nfrom an untrusted device) to avoid data corruption\nor loss.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47352" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c", "url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758", "url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292", "url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462", "url": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813", "url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813" } ], "release_date": "2024-05-21T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47321", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: Fix possible use-after-free by calling del_timer_sync()\n\nThis driver's remove path calls del_timer(). However, that function\ndoes not wait until the timer handler finishes. This means that the\ntimer handler may still be running after the driver's remove function\nhas finished, which would result in a use-after-free.\n\nFix by calling del_timer_sync(), which makes sure the timer handler\nhas finished, and unable to re-schedule itself.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47321" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1a053c4d716898a53c2e31c574a70ea0c37044a3", "url": "https://git.kernel.org/stable/c/1a053c4d716898a53c2e31c574a70ea0c37044a3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4c05dac488a660fe2925c047ecb119e7afaaeb1e", "url": "https://git.kernel.org/stable/c/4c05dac488a660fe2925c047ecb119e7afaaeb1e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d", "url": "https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/66ba9cf929b1c4fabf545bd4c18f6f64e23e46e4", "url": "https://git.kernel.org/stable/c/66ba9cf929b1c4fabf545bd4c18f6f64e23e46e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8bec568d7518b1504a602ed5376bb322e4dbb270", "url": "https://git.kernel.org/stable/c/8bec568d7518b1504a602ed5376bb322e4dbb270" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca96b8ea5e74956071154bdb456778cc3027e79f", "url": "https://git.kernel.org/stable/c/ca96b8ea5e74956071154bdb456778cc3027e79f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d0212f095ab56672f6f36aabc605bda205e1e0bf", "url": "https://git.kernel.org/stable/c/d0212f095ab56672f6f36aabc605bda205e1e0bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db222f1477ad5692cd454709b714949807e5d111", "url": "https://git.kernel.org/stable/c/db222f1477ad5692cd454709b714949807e5d111" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ecd620e0fb1ff7f78fdb593379b2e6938c99707a", "url": "https://git.kernel.org/stable/c/ecd620e0fb1ff7f78fdb593379b2e6938c99707a" } ], "release_date": "2024-05-21T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47383", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: Fix out-of-bound vmalloc access in imageblit\n\nThis issue happens when a userspace program does an ioctl\nFBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct\ncontaining only the fields xres, yres, and bits_per_pixel\nwith values.\n\nIf this struct is the same as the previous ioctl, the\nvc_resize() detects it and doesn't call the resize_screen(),\nleaving the fb_var_screeninfo incomplete. And this leads to\nthe updatescrollmode() calculates a wrong value to\nfbcon_display->vrows, which makes the real_y() return a\nwrong value of y, and that value, eventually, causes\nthe imageblit to access an out-of-bound address value.\n\nTo solve this issue I made the resize_screen() be called\neven if the screen does not need any resizing, so it will\n\"fix and fill\" the fb_var_screeninfo independently.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47383" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/067c694d06040db6f0c65281bb358452ca6d85b9", "url": "https://git.kernel.org/stable/c/067c694d06040db6f0c65281bb358452ca6d85b9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b0c406124719b625b1aba431659f5cdc24a982c", "url": "https://git.kernel.org/stable/c/3b0c406124719b625b1aba431659f5cdc24a982c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/699d926585daa6ec44be556cdc1ab89e5d54557b", "url": "https://git.kernel.org/stable/c/699d926585daa6ec44be556cdc1ab89e5d54557b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70aed03b1d5a5df974f456cdc8eedb213c94bb8b", "url": "https://git.kernel.org/stable/c/70aed03b1d5a5df974f456cdc8eedb213c94bb8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f", "url": "https://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/883f7897a25e3ce14a7f274ca4c73f49ac84002a", "url": "https://git.kernel.org/stable/c/883f7897a25e3ce14a7f274ca4c73f49ac84002a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8a6a240f52e14356386030d8958ae8b1761d2325", "url": "https://git.kernel.org/stable/c/8a6a240f52e14356386030d8958ae8b1761d2325" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d570c48dd37dbe8fc6875d4461d01a9554ae2560", "url": "https://git.kernel.org/stable/c/d570c48dd37dbe8fc6875d4461d01a9554ae2560" } ], "release_date": "2024-05-21T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-35937", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there's another subframe in the A-MSDU\nbut the header isn't fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35937" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544", "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9", "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc", "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e", "url": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e" } ], "release_date": "2024-05-19T11:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52764", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type 'int'\n\nWhen the value of the variable \"sd->params.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52764" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953", "url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26", "url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb", "url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060", "url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b", "url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809", "url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177", "url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a", "url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3", "url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3" } ], "release_date": "2024-05-21T16:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52530", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52530" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09", "url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0", "url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022", "url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022" } ], "release_date": "2024-03-02T22:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-26974", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - resolve race condition during AER recovery\n\nDuring the PCI AER system's error recovery process, the kernel driver\nmay encounter a race condition with freeing the reset_data structure's\nmemory. If the device restart will take more than 10 seconds the function\nscheduling that restart will exit due to a timeout, and the reset_data\nstructure will be freed. However, this data structure is used for\ncompletion notification after the restart is completed, which leads\nto a UAF bug.\n\nThis results in a KFENCE bug notice.\n\n BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat]\n Use-after-free read at 0x00000000bc56fddf (in kfence-#142):\n adf_device_reset_worker+0x38/0xa0 [intel_qat]\n process_one_work+0x173/0x340\n\nTo resolve this race condition, the memory associated to the container\nof the work_struct is freed on the worker if the timeout expired,\notherwise on the function that schedules the worker.\nThe timeout detection can be done by checking if the caller is\nstill waiting for completion or not by using completion_done() function.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26974" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be", "url": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7", "url": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f", "url": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c", "url": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc", "url": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81", "url": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828", "url": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71", "url": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7", "url": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "release_date": "2024-05-01T06:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52594", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\n\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs->cnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs->txstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\n\nFound by a modified version of syzkaller.\n\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type '__wmi_event_txstatus [12]'\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52594" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234", "url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348", "url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1", "url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9", "url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1", "url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d", "url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225", "url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc", "url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "release_date": "2024-03-06T07:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47153", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Don't generate an interrupt on bus reset\n\nNow that the i2c-i801 driver supports interrupts, setting the KILL bit\nin a attempt to recover from a timed out transaction triggers an\ninterrupt. Unfortunately, the interrupt handler (i801_isr) is not\nprepared for this situation and will try to process the interrupt as\nif it was signaling the end of a successful transaction. In the case\nof a block transaction, this can result in an out-of-range memory\naccess.\n\nThis condition was reproduced several times by syzbot:\nhttps://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e\nhttps://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e\nhttps://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e\nhttps://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb\nhttps://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a\nhttps://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79\n\nSo disable interrupts while trying to reset the bus. Interrupts will\nbe enabled again for the following transaction.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47153" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b", "url": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3", "url": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a", "url": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef", "url": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c", "url": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6", "url": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b", "url": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629", "url": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629" } ], "release_date": "2024-03-25T09:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-1077", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-1077" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230511-0002/", "url": "https://security.netapp.com/advisory/ntap-20230511-0002/" } ], "release_date": "2023-03-27T21:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-35824", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-35824" }, { "category": "external", "summary": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2", "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5abda7a16698d4d1f47af1168d8fa2c640116b4a", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5abda7a16698d4d1f47af1168d8fa2c640116b4a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "category": "external", "summary": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/", "url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz%40163.com/", "url": "https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz%40163.com/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230803-0002/", "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" } ], "release_date": "2023-06-18T22:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-23038", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-23038" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "category": "external", "summary": "https://xenbits.xenproject.org/xsa/advisory-396.txt", "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt" } ], "release_date": "2022-03-10T20:15:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-45884", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-45884" }, { "category": "external", "summary": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230113-0006/", "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" } ], "release_date": "2022-11-25T04:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-45885", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-45885" }, { "category": "external", "summary": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230113-0006/", "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" } ], "release_date": "2022-11-25T04:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-25265", "cwe": { "id": "CWE-913", "name": "Improper Control of Dynamically-Managed Code Resources" }, "notes": [ { "category": "description", "text": "In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-25265" }, { "category": "external", "summary": "https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294", "url": "https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294" }, { "category": "external", "summary": "https://github.com/x0reaxeax/exec-prot-bypass", "url": "https://github.com/x0reaxeax/exec-prot-bypass" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220318-0005/", "url": "https://security.netapp.com/advisory/ntap-20220318-0005/" } ], "release_date": "2022-02-16T21:15:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-48695", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix use-after-free warning\n\nFix the following use-after-free warning which is observed during\ncontroller reset:\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48695" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b", "url": "https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5", "url": "https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7", "url": "https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16", "url": "https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34", "url": "https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82", "url": "https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6", "url": "https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057", "url": "https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057" } ], "release_date": "2024-05-03T18:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-26958", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix UAF in direct writes\n\nIn production we have been hitting the following warning consistently\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0\nWorkqueue: nfsiod nfs_direct_write_schedule_work [nfs]\nRIP: 0010:refcount_warn_saturate+0x9c/0xe0\nPKRU: 55555554\nCall Trace:\n \n ? __warn+0x9f/0x130\n ? refcount_warn_saturate+0x9c/0xe0\n ? report_bug+0xcc/0x150\n ? handle_bug+0x3d/0x70\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? refcount_warn_saturate+0x9c/0xe0\n nfs_direct_write_schedule_work+0x237/0x250 [nfs]\n process_one_work+0x12f/0x4a0\n worker_thread+0x14e/0x3b0\n ? ZSTD_getCParams_internal+0x220/0x220\n kthread+0xdc/0x120\n ? __btf_name_valid+0xa0/0xa0\n ret_from_fork+0x1f/0x30\n\nThis is because we're completing the nfs_direct_request twice in a row.\n\nThe source of this is when we have our commit requests to submit, we\nprocess them and send them off, and then in the completion path for the\ncommit requests we have\n\nif (nfs_commit_end(cinfo.mds))\n\tnfs_direct_write_complete(dreq);\n\nHowever since we're submitting asynchronous requests we sometimes have\none that completes before we submit the next one, so we end up calling\ncomplete on the nfs_direct_request twice.\n\nThe only other place we use nfs_generic_commit_list() is in\n__nfs_commit_inode, which wraps this call in a\n\nnfs_commit_begin();\nnfs_commit_end();\n\nWhich is a common pattern for this style of completion handling, one\nthat is also repeated in the direct code with get_dreq()/put_dreq()\ncalls around where we process events as well as in the completion paths.\n\nFix this by using the same pattern for the commit requests.\n\nBefore with my 200 node rocksdb stress running this warning would pop\nevery 10ish minutes. With my patch the stress test has been running for\nseveral hours without popping.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26958" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af", "url": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab", "url": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3", "url": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5", "url": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6cd3f13aaa62970b5169d990e936b2e96943bc6a", "url": "https://git.kernel.org/stable/c/6cd3f13aaa62970b5169d990e936b2e96943bc6a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f", "url": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95", "url": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605", "url": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "release_date": "2024-05-01T06:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-48760", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix hang in usb_kill_urb by adding memory barriers\n\nThe syzbot fuzzer has identified a bug in which processes hang waiting\nfor usb_kill_urb() to return. It turns out the issue is not unlinking\nthe URB; that works just fine. Rather, the problem arises when the\nwakeup notification that the URB has completed is not received.\n\nThe reason is memory-access ordering on SMP systems. In outline form,\nusb_kill_urb() and __usb_hcd_giveback_urb() operating concurrently on\ndifferent CPUs perform the following actions:\n\nCPU 0\t\t\t\t\tCPU 1\n----------------------------\t\t---------------------------------\nusb_kill_urb():\t\t\t\t__usb_hcd_giveback_urb():\n ...\t\t\t\t\t ...\n atomic_inc(&urb->reject);\t\t atomic_dec(&urb->use_count);\n ...\t\t\t\t\t ...\n wait_event(usb_kill_urb_queue,\n\tatomic_read(&urb->use_count) == 0);\n\t\t\t\t\t if (atomic_read(&urb->reject))\n\t\t\t\t\t\twake_up(&usb_kill_urb_queue);\n\nConfining your attention to urb->reject and urb->use_count, you can\nsee that the overall pattern of accesses on CPU 0 is:\n\n\twrite urb->reject, then read urb->use_count;\n\nwhereas the overall pattern of accesses on CPU 1 is:\n\n\twrite urb->use_count, then read urb->reject.\n\nThis pattern is referred to in memory-model circles as SB (for \"Store\nBuffering\"), and it is well known that without suitable enforcement of\nthe desired order of accesses -- in the form of memory barriers -- it\nis entirely possible for one or both CPUs to execute their reads ahead\nof their writes. The end result will be that sometimes CPU 0 sees the\nold un-decremented value of urb->use_count while CPU 1 sees the old\nun-incremented value of urb->reject. Consequently CPU 0 ends up on\nthe wait queue and never gets woken up, leading to the observed hang\nin usb_kill_urb().\n\nThe same pattern of accesses occurs in usb_poison_urb() and the\nfailure pathway of usb_hcd_submit_urb().\n\nThe problem is fixed by adding suitable memory barriers. To provide\nproper memory-access ordering in the SB pattern, a full barrier is\nrequired on both CPUs. The atomic_inc() and atomic_dec() accesses\nthemselves don't provide any memory ordering, but since they are\npresent, we can use the optimized smp_mb__after_atomic() memory\nbarrier in the various routines to obtain the desired effect.\n\nThis patch adds the necessary memory barriers.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48760" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf", "url": "https://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3", "url": "https://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b", "url": "https://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427", "url": "https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26", "url": "https://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6", "url": "https://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0", "url": "https://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0", "url": "https://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193", "url": "https://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193" } ], "release_date": "2024-06-20T12:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47118", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: take a reference when initializing `cad_pid`\n\nDuring boot, kernel_init_freeable() initializes `cad_pid` to the init\ntask's struct pid. Later on, we may change `cad_pid` via a sysctl, and\nwhen this happens proc_do_cad_pid() will increment the refcount on the\nnew pid via get_pid(), and will decrement the refcount on the old pid\nvia put_pid(). As we never called get_pid() when we initialized\n`cad_pid`, we decrement a reference we never incremented, can therefore\nfree the init task's struct pid early. As there can be dangling\nreferences to the struct pid, we can later encounter a use-after-free\n(e.g. when delivering signals).\n\nThis was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to\nhave been around since the conversion of `cad_pid` to struct pid in\ncommit 9ec52099e4b8 (\"[PATCH] replace cad_pid by a struct pid\") from the\npre-KASAN stone age of v2.6.19.\n\nFix this by getting a reference to the init task's struct pid when we\nassign it to `cad_pid`.\n\nFull KASAN splat below.\n\n ==================================================================\n BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline]\n BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273\n\n CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n ns_of_pid include/linux/pid.h:153 [inline]\n task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n do_notify_parent+0x308/0xe60 kernel/signal.c:1950\n exit_notify kernel/exit.c:682 [inline]\n do_exit+0x2334/0x2bd0 kernel/exit.c:845\n do_group_exit+0x108/0x2c8 kernel/exit.c:922\n get_signal+0x4e4/0x2a88 kernel/signal.c:2781\n do_signal arch/arm64/kernel/signal.c:882 [inline]\n do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936\n work_pending+0xc/0x2dc\n\n Allocated by task 0:\n slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516\n slab_alloc_node mm/slub.c:2907 [inline]\n slab_alloc mm/slub.c:2915 [inline]\n kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920\n alloc_pid+0xdc/0xc00 kernel/pid.c:180\n copy_process+0x2794/0x5e18 kernel/fork.c:2129\n kernel_clone+0x194/0x13c8 kernel/fork.c:2500\n kernel_thread+0xd4/0x110 kernel/fork.c:2552\n rest_init+0x44/0x4a0 init/main.c:687\n arch_call_rest_init+0x1c/0x28\n start_kernel+0x520/0x554 init/main.c:1064\n 0x0\n\n Freed by task 270:\n slab_free_hook mm/slub.c:1562 [inline]\n slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600\n slab_free mm/slub.c:3161 [inline]\n kmem_cache_free+0x224/0x8e0 mm/slub.c:3177\n put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114\n put_pid+0x30/0x48 kernel/pid.c:109\n proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401\n proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591\n proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617\n call_write_iter include/linux/fs.h:1977 [inline]\n new_sync_write+0x3ac/0x510 fs/read_write.c:518\n vfs_write fs/read_write.c:605 [inline]\n vfs_write+0x9c4/0x1018 fs/read_write.c:585\n ksys_write+0x124/0x240 fs/read_write.c:658\n __do_sys_write fs/read_write.c:670 [inline]\n __se_sys_write fs/read_write.c:667 [inline]\n __arm64_sys_write+0x78/0xb0 fs/read_write.c:667\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]\n el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129\n do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168\n el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416\n el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432\n el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701\n\n The buggy address belongs to the object at ffff23794dda0000\n which belongs to the cache pid of size 224\n The buggy address is located 4 bytes inside of\n 224-byte region [ff\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47118" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f", "url": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff", "url": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788", "url": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6", "url": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529", "url": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca", "url": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414", "url": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4", "url": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4" } ], "release_date": "2024-03-15T21:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-26982", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check the inode number is not the invalid value of zero\n\nSyskiller has produced an out of bounds access in fill_meta_index().\n\nThat out of bounds access is ultimately caused because the inode\nhas an inode number with the invalid value of zero, which was not checked.\n\nThe reason this causes the out of bounds access is due to following\nsequence of events:\n\n1. Fill_meta_index() is called to allocate (via empty_meta_index())\n and fill a metadata index. It however suffers a data read error\n and aborts, invalidating the newly returned empty metadata index.\n It does this by setting the inode number of the index to zero,\n which means unused (zero is not a valid inode number).\n\n2. When fill_meta_index() is subsequently called again on another\n read operation, locate_meta_index() returns the previous index\n because it matches the inode number of 0. Because this index\n has been returned it is expected to have been filled, and because\n it hasn't been, an out of bounds access is performed.\n\nThis patch adds a sanity check which checks that the inode number\nis not zero when the inode is created and returns -EINVAL if it is.\n\n[phillip@squashfs.org.uk: whitespace fix]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26982" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/32c114a58236fe67141634774559f21f1dc96fd7", "url": "https://git.kernel.org/stable/c/32c114a58236fe67141634774559f21f1dc96fd7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4a1b6f89825e267e156ccaeba3d235edcac77f94", "url": "https://git.kernel.org/stable/c/4a1b6f89825e267e156ccaeba3d235edcac77f94" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5b99dea79650b50909c50aba24fbae00f203f013", "url": "https://git.kernel.org/stable/c/5b99dea79650b50909c50aba24fbae00f203f013" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7def00ebc9f2d6a581ddf46ce4541f84a10680e5", "url": "https://git.kernel.org/stable/c/7def00ebc9f2d6a581ddf46ce4541f84a10680e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9253c54e01b6505d348afbc02abaa4d9f8a01395", "url": "https://git.kernel.org/stable/c/9253c54e01b6505d348afbc02abaa4d9f8a01395" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be383effaee3d89034f0828038f95065b518772e", "url": "https://git.kernel.org/stable/c/be383effaee3d89034f0828038f95065b518772e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf46f88b92cfc0e32bd8a21ba1273cff13b8745f", "url": "https://git.kernel.org/stable/c/cf46f88b92cfc0e32bd8a21ba1273cff13b8745f" } ], "release_date": "2024-05-01T06:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els26.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els26.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }