{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "fix: virtio-net: Add validation for used length {CVE-2021-47352}\n- xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037}\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477}\n- net: fix information leakage in /proc/net/ptype {CVE-2022-48757}\n- net: atm: fix use after free in lec_send() {CVE-2025-22004}\n- ALSA: oss: Fix PCM OSS buffer allocation overflow {CVE-2022-49292}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux6els/advisories/2025/clsa-2025_1762455270.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1762455270", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1762455270" } ], "tracking": { "current_release_date": "2025-11-06T18:55:42Z", "generator": { "date": "2025-11-06T18:55:42Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1762455270", "initial_release_date": "2025-11-06T18:55:42Z", "revision_history": [ { "date": "2025-11-06T18:55:42Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 6 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 6", "product": { "name": "Oracle Linux 6", "product_id": "Oracle-Linux-6", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_id": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python-perf@2.6.32-754.35.8.el6.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_id": "perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/perf@2.6.32-754.35.8.el6.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_id": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug@2.6.32-754.35.8.el6.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_id": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel@2.6.32-754.35.8.el6.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_id": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-devel@2.6.32-754.35.8.el6.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_id": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-headers@2.6.32-754.35.8.el6.tuxcare.els27?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product_id": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-abi-whitelists@2.6.32-754.35.8.el6.tuxcare.els27?arch=noarch" } } }, { "category": "product_version", "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product_id": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-doc@2.6.32-754.35.8.el6.tuxcare.els27?arch=noarch" } } }, { "category": "product_version", "name": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product": { "name": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product_id": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-firmware@2.6.32-754.35.8.el6.tuxcare.els27?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "product": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "product_id": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/kernel-debug-devel@2.6.32-754.35.8.el6.tuxcare.els27?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" }, "product_reference": "python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" }, "product_reference": "perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch" }, "product_reference": "kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" }, "product_reference": "kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" }, "product_reference": "kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" }, "product_reference": "kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" }, "product_reference": "kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch" }, "product_reference": "kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64 as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" }, "product_reference": "kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "relates_to_product_reference": "Oracle-Linux-6" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch as a component of Oracle Linux 6", "product_id": "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch" }, "product_reference": "kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "relates_to_product_reference": "Oracle-Linux-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-22004", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atm: fix use after free in lec_send()\nThe ->send() operation frees skb so save the length before calling\n->send() to avoid a use after free.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22004" } ], "release_date": "2025-04-03T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-48757", "cwe": { "id": "CWE-668", "name": "Exposure of Resource to Wrong Sphere" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix information leakage in /proc/net/ptype\n\nIn one net namespace, after creating a packet socket without binding\nit to a device, users in other net namespaces can observe the new\n`packet_type` added by this packet socket by reading `/proc/net/ptype`\nfile. This is minor information leakage as packet socket is\nnamespace aware.\n\nAdd a net pointer in `packet_type` to keep the net namespace of\nof corresponding packet socket. In `ptype_seq_show`, this net pointer\nmust be checked when it is not NULL.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48757" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888", "url": "https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee", "url": "https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779", "url": "https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54", "url": "https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908", "url": "https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7", "url": "https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6", "url": "https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092", "url": "https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b", "url": "https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b" } ], "release_date": "2024-06-20T12:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-23037", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-23037" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "category": "external", "summary": "https://xenbits.xenproject.org/xsa/advisory-396.txt", "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt" } ], "release_date": "2022-03-10T20:15:00Z", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38477", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\nA race condition can occur when 'agg' is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\nThis patch addresses the issue by:\n1. Moved qfq_destroy_class into the critical section.\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38477" } ], "release_date": "2025-07-28T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-49292", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: oss: Fix PCM OSS buffer allocation overflow\n\nWe've got syzbot reports hitting INT_MAX overflow at vmalloc()\nallocation that is called from snd_pcm_plug_alloc(). Although we\napply the restrictions to input parameters, it's based only on the\nhw_params of the underlying PCM device. Since the PCM OSS layer\nallocates a temporary buffer for the data conversion, the size may\nbecome unexpectedly large when more channels or higher rates is given;\nin the reported case, it went over INT_MAX, hence it hits WARN_ON().\n\nThis patch is an attempt to avoid such an overflow and an allocation\nfor too large buffers. First off, it adds the limit of 1MB as the\nupper bound for period bytes. This must be large enough for all use\ncases, and we really don't want to handle a larger temporary buffer\nthan this size. The size check is performed at two places, where the\noriginal period bytes is calculated and where the plugin buffer size\nis calculated.\n\nIn addition, the driver uses array_size() and array3_size() for\nmultiplications to catch overflows for the converted period size and\nbuffer bytes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49292" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b", "url": "https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898", "url": "https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b", "url": "https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5", "url": "https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a", "url": "https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366", "url": "https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade", "url": "https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade" } ], "release_date": "2025-02-26T07:01:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-6:kernel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-abi-whitelists-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-debug-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.i686", "Oracle-Linux-6:kernel-debug-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-devel-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:kernel-doc-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-firmware-0:2.6.32-754.35.8.el6.tuxcare.els27.noarch", "Oracle-Linux-6:kernel-headers-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64", "Oracle-Linux-6:python-perf-0:2.6.32-754.35.8.el6.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }