{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg {CVE-2024-21803}\n- net: defer final 'struct net' free in netns dismantle {CVE-2024-56658}\n- netfilter: validate user input for expected length {CVE-2024-35896}\n- drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' {CVE-2024-56608}\n- smb: client: fix UAF in async decryption {CVE-2024-50047}\n- drm/amdgpu: fix usage slab after free {CVE-2024-56551}\n- nvme: avoid double free special payload {CVE-2024-41073}\n- xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014}\n- net/sched: act_mirred: don't override retval if we already lost the skb {CVE-2024-26739}\n- ext4: fix timer use-after-free on failed mount {CVE-2024-49960}\n- smb: client: fix potential UAF in cifs_stats_proc_show() {CVE-2024-35867}\n- smb: client: fix potential UAF in cifs_debug_files_proc_show() {CVE-2024-26928}\n- RDMA/mlx5: Fix fortify source warning while accessing Eth segment {CVE-2024-26907}\n- stddef: Introduce DECLARE_FLEX_ARRAY() helper\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() {CVE-2025-21927}\n- net_sched: sch_sfq: move the limit validation {CVE-2024-57996}\n- net_sched: sch_sfq: use a temporary work area for validating configuration\n- net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996}\n- net_sched: sch_sfq: handle bigger packets\n- net_sched: sch_sfq: annotate data-races around q->perturb_period\n- squashfs: fix memory leak in squashfs_fill_super\n- netfilter: nf_tables: adjust lockdep assertions handling\n- Revert \"vgacon: Add check for vc_origin address range in vgacon_scroll()\"\n- ASoC: ops: dynamically allocate struct snd_ctl_elem_value\n- KVM: x86: use array_index_nospec with indices that come from guest\n- KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi\n- rds: Fix NULL ptr deref in xas_start\n- mm: make page_mapped_in_vma() hugetlb walk aware\n- mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk\n- net_sched: sch_sfq: move the limit validation {CVE-2025-37752}\n- net_sched: sch_sfq: use a temporary work area for validating configuration\n- net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996}\n- net_sched: sch_sfq: handle bigger packets\n- net_sched: sch_sfq: annotate data-races around q->perturb_period\n- squashfs: fix memory leak in squashfs_fill_super\n- netfilter: nf_tables: adjust lockdep assertions handling\n- Revert \"vgacon: Add check for vc_origin address range in vgacon_scroll()\"\n- ASoC: ops: dynamically allocate struct snd_ctl_elem_value\n- KVM: x86: use array_index_nospec with indices that come from guest\n- KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi\n- rds: Fix NULL ptr deref in xas_start\n- mm: make page_mapped_in_vma() hugetlb walk aware\n- mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2025/clsa-2025_1757699693.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757699693", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757699693" } ], "tracking": { "current_release_date": "2025-09-12T17:57:00Z", "generator": { "date": "2025-09-12T17:57:00Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1757699693", "initial_release_date": "2025-09-12T17:57:00Z", "revision_history": [ { "date": "2025-09-12T17:57:00Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel-uek: Fix of 16 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-tools@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-headers@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product": { "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_id": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" }, "product_reference": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-37752", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: sch_sfq: move the limit validation\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\nThis fixes the following syzkaller reported crash:\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type 'struct sfq_head[128]'\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\nubsan_epilogue lib/ubsan.c:231 [inline]\n__ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\nsfq_link net/sched/sch_sfq.c:203 [inline]\nsfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\nsfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\nsfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\nqdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\ntbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\nqdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\ndev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\nnetdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\ndev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37752" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-35867", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35867" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65", "url": "https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49", "url": "https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7", "url": "https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/838ec01ea8d3deb5d123e8ed9022e8162dc3f503", "url": "https://git.kernel.org/stable/c/838ec01ea8d3deb5d123e8ed9022e8162dc3f503" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bb6570085826291dc392005f9fec16ea5da3c8ad", "url": "https://git.kernel.org/stable/c/bb6570085826291dc392005f9fec16ea5da3c8ad" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39", "url": "https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/29/2", "url": "http://www.openwall.com/lists/oss-security/2024/05/29/2" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/30/1", "url": "http://www.openwall.com/lists/oss-security/2024/05/30/1" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/30/2", "url": "http://www.openwall.com/lists/oss-security/2024/05/30/2" } ], "release_date": "2024-05-19T09:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-56551", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix usage slab after free\n\n[ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147\n\n[ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1\n[ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[ +0.000016] Call Trace:\n[ +0.000008] \n[ +0.000009] dump_stack_lvl+0x76/0xa0\n[ +0.000017] print_report+0xce/0x5f0\n[ +0.000017] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] ? srso_return_thunk+0x5/0x5f\n[ +0.000015] ? kasan_complete_mode_report_info+0x72/0x200\n[ +0.000016] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] kasan_report+0xbe/0x110\n[ +0.000015] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000023] __asan_report_load8_noabort+0x14/0x30\n[ +0.000014] drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000016] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? enable_work+0x124/0x220\n[ +0.000015] ? __pfx_enable_work+0x10/0x10\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? free_large_kmalloc+0x85/0xf0\n[ +0.000016] drm_sched_entity_destroy+0x18/0x30 [gpu_sched]\n[ +0.000020] amdgpu_vce_sw_fini+0x55/0x170 [amdgpu]\n[ +0.000735] ? __kasan_check_read+0x11/0x20\n[ +0.000016] vce_v4_0_sw_fini+0x80/0x110 [amdgpu]\n[ +0.000726] amdgpu_device_fini_sw+0x331/0xfc0 [amdgpu]\n[ +0.000679] ? mutex_unlock+0x80/0xe0\n[ +0.000017] ? __pfx_amdgpu_device_fini_sw+0x10/0x10 [amdgpu]\n[ +0.000662] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? mutex_unlock+0x80/0xe0\n[ +0.000016] amdgpu_driver_release_kms+0x16/0x80 [amdgpu]\n[ +0.000663] drm_minor_release+0xc9/0x140 [drm]\n[ +0.000081] drm_release+0x1fd/0x390 [drm]\n[ +0.000082] __fput+0x36c/0xad0\n[ +0.000018] __fput_sync+0x3c/0x50\n[ +0.000014] __x64_sys_close+0x7d/0xe0\n[ +0.000014] x64_sys_call+0x1bc6/0x2680\n[ +0.000014] do_syscall_64+0x70/0x130\n[ +0.000014] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit_to_user_mode+0x60/0x190\n[ +0.000015] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit+0x43/0x50\n[ +0.000012] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? exc_page_fault+0x7c/0x110\n[ +0.000015] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000014] RIP: 0033:0x7ffff7b14f67\n[ +0.000013] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff\n[ +0.000026] RSP: 002b:00007fffffffe378 EFLAGS: 00000246 ORIG_RAX: 0000000000000003\n[ +0.000019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffff7b14f67\n[ +0.000014] RDX: 0000000000000000 RSI: 00007ffff7f6f47a RDI: 0000000000000003\n[ +0.000014] RBP: 00007fffffffe3a0 R08: 0000555555569890 R09: 0000000000000000\n[ +0.000014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffffffe5c8\n[ +0.000013] R13: 00005555555552a9 R14: 0000555555557d48 R15: 00007ffff7ffd040\n[ +0.000020] \n\n[ +0.000016] Allocated by task 383 on cpu 7 at 26.880319s:\n[ +0.000014] kasan_save_stack+0x28/0x60\n[ +0.000008] kasan_save_track+0x18/0x70\n[ +0.000007] kasan_save_alloc_info+0x38/0x60\n[ +0.000007] __kasan_kmalloc+0xc1/0xd0\n[ +0.000007] kmalloc_trace_noprof+0x180/0x380\n[ +0.000007] drm_sched_init+0x411/0xec0 [gpu_sched]\n[ +0.000012] amdgpu_device_init+0x695f/0xa610 [amdgpu]\n[ +0.000658] amdgpu_driver_load_kms+0x1a/0x120 [amdgpu]\n[ +0.000662] amdgpu_pci_p\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56551" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/05b1b33936b71e5f189a813a517f72e8a27fcb2f", "url": "https://git.kernel.org/stable/c/05b1b33936b71e5f189a813a517f72e8a27fcb2f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3990ef742c064e22189b954522930db04fc6b1a7", "url": "https://git.kernel.org/stable/c/3990ef742c064e22189b954522930db04fc6b1a7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3cc1116de10953f0265a05d9f351b02a9ec3b497", "url": "https://git.kernel.org/stable/c/3cc1116de10953f0265a05d9f351b02a9ec3b497" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6383199ada42d30562b4249c393592a2a9c38165", "url": "https://git.kernel.org/stable/c/6383199ada42d30562b4249c393592a2a9c38165" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b61badd20b443eabe132314669bb51a263982e5c", "url": "https://git.kernel.org/stable/c/b61badd20b443eabe132314669bb51a263982e5c" } ], "release_date": "2024-12-27T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-41073", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41073" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b", "url": "https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/882574942a9be8b9d70d13462ddacc80c4b385ba", "url": "https://git.kernel.org/stable/c/882574942a9be8b9d70d13462ddacc80c4b385ba" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa", "url": "https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057", "url": "https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad", "url": "https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b", "url": "https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b" } ], "release_date": "2024-07-29T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-26928", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_debug_files_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26928" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88", "url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1", "url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f8718afd446cd4ea3b62bacc3eec09f8aae85ee", "url": "https://git.kernel.org/stable/c/8f8718afd446cd4ea3b62bacc3eec09f8aae85ee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a140224bcf87eb98a87b67ff4c6826c57e47b704", "url": "https://git.kernel.org/stable/c/a140224bcf87eb98a87b67ff4c6826c57e47b704" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d", "url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502", "url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502" } ], "release_date": "2024-04-28T12:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21927", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn't check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21927" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126", "url": "https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722", "url": "https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064", "url": "https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-35896", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: validate user input for expected length\n\nI got multiple syzbot reports showing old bugs exposed\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\nin cgroup/{s,g}etsockopt\")\n\nsetsockopt() @optlen argument should be taken into account\nbefore copying data.\n\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\nRead of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238\n\nCPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline]\n do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627\n nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\nRIP: 0033:0x7fd22067dde9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8\n \n\nAllocated by task 7238:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __do_kmalloc_node mm/slub.c:4069 [inline]\n __kmalloc_noprof+0x200/0x410 mm/slub.c:4082\n kmalloc_noprof include/linux/slab.h:664 [inline]\n __cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869\n do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x72/0x7a\n\nThe buggy address belongs to the object at ffff88802cd73da0\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73\nflags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)\npage_type: 0xffffefff(slab)\nraw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122\nraw: ffff88802cd73020 000000008080007f 00000001ffffefff 00\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35896" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc", "url": "https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6", "url": "https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5", "url": "https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b", "url": "https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018", "url": "https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525", "url": "https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250321-0004/", "url": "https://security.netapp.com/advisory/ntap-20250321-0004/" } ], "release_date": "2024-05-19T09:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-41014", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header->h_size\n 5) xlog_rec_header->h_num_logops++\n 6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41014" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1", "url": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143", "url": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196", "url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196" } ], "release_date": "2024-07-29T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-21803", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21803" }, { "category": "external", "summary": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081", "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081" } ], "release_date": "2024-01-30T08:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-56658", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final 'struct net' free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net->xfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst->ops->destroy)\n dst->ops->destroy(dst);\n\ndst->ops points to the old net->xfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the 'struct net' to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \n \nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56658" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45", "url": "https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3267b254dc0a04dfa362a2be24573cfa6d2d78f5", "url": "https://git.kernel.org/stable/c/3267b254dc0a04dfa362a2be24573cfa6d2d78f5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6610c7f8a8d47fd1123eed55ba8c11c2444d8842", "url": "https://git.kernel.org/stable/c/6610c7f8a8d47fd1123eed55ba8c11c2444d8842" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b7a79e51297f7b82adb687086f5cb2da446f1e40", "url": "https://git.kernel.org/stable/c/b7a79e51297f7b82adb687086f5cb2da446f1e40" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c261dcd61c9e88a8f1a66654354d32295a975230", "url": "https://git.kernel.org/stable/c/c261dcd61c9e88a8f1a66654354d32295a975230" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dac465986a4a38cd2f13e934f562b6ca344e5720", "url": "https://git.kernel.org/stable/c/dac465986a4a38cd2f13e934f562b6ca344e5720" } ], "release_date": "2024-12-27T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50047", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it's always going to be a synchronous operation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50047" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995", "url": "https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a", "url": "https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f14a476abba13144df5434871a7225fd29af633", "url": "https://git.kernel.org/stable/c/8f14a476abba13144df5434871a7225fd29af633" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a", "url": "https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bce966530fd5542bbb422cb45ecb775f7a1a6bc3", "url": "https://git.kernel.org/stable/c/bce966530fd5542bbb422cb45ecb775f7a1a6bc3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef51c0d544b1518b35364480317ab6d3468f205d", "url": "https://git.kernel.org/stable/c/ef51c0d544b1518b35364480317ab6d3468f205d" } ], "release_date": "2024-10-21T20:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-56608", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'\n\nAn issue was identified in the dcn21_link_encoder_create function where\nan out-of-bounds access could occur when the hpd_source index was used\nto reference the link_enc_hpd_regs array. This array has a fixed size\nand the index was not being checked against the array's bounds before\naccessing it.\n\nThis fix adds a conditional check to ensure that the hpd_source index is\nwithin the valid range of the link_enc_hpd_regs array. If the index is\nout of bounds, the function now returns NULL to prevent undefined\nbehavior.\n\nReferences:\n\n[ 65.920507] ------------[ cut here ]------------\n[ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29\n[ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]'\n[ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13\n[ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020\n[ 65.920527] Call Trace:\n[ 65.920529] \n[ 65.920532] dump_stack_lvl+0x48/0x70\n[ 65.920541] dump_stack+0x10/0x20\n[ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0\n[ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu]\n[ 65.921009] link_create+0x6d3/0xed0 [amdgpu]\n[ 65.921355] create_links+0x18a/0x4e0 [amdgpu]\n[ 65.921679] dc_create+0x360/0x720 [amdgpu]\n[ 65.921999] ? dmi_matches+0xa0/0x220\n[ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu]\n[ 65.922342] ? console_unlock+0x77/0x120\n[ 65.922348] ? dev_printk_emit+0x86/0xb0\n[ 65.922354] dm_hw_init+0x15/0x40 [amdgpu]\n[ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu]\n[ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu]\n[ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu]\n[ 65.923087] local_pci_probe+0x4b/0xb0\n[ 65.923087] pci_device_probe+0xc8/0x280\n[ 65.923087] really_probe+0x187/0x300\n[ 65.923087] __driver_probe_device+0x85/0x130\n[ 65.923087] driver_probe_device+0x24/0x110\n[ 65.923087] __driver_attach+0xac/0x1d0\n[ 65.923087] ? __pfx___driver_attach+0x10/0x10\n[ 65.923087] bus_for_each_dev+0x7d/0xd0\n[ 65.923087] driver_attach+0x1e/0x30\n[ 65.923087] bus_add_driver+0xf2/0x200\n[ 65.923087] driver_register+0x64/0x130\n[ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu]\n[ 65.923087] __pci_register_driver+0x61/0x70\n[ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu]\n[ 65.923087] do_one_initcall+0x49/0x310\n[ 65.923087] ? kmalloc_trace+0x136/0x360\n[ 65.923087] do_init_module+0x6a/0x270\n[ 65.923087] load_module+0x1fce/0x23a0\n[ 65.923087] init_module_from_file+0x9c/0xe0\n[ 65.923087] ? init_module_from_file+0x9c/0xe0\n[ 65.923087] idempotent_init_module+0x179/0x230\n[ 65.923087] __x64_sys_finit_module+0x5d/0xa0\n[ 65.923087] do_syscall_64+0x76/0x120\n[ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 65.923087] RIP: 0033:0x7f2d80f1e88d\n[ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48\n[ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n[ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d\n[ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f\n[ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002\n[ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480\n[ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0\n[ 65.923087] \n[ 65.923927] ---[ end trace ]---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56608" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/08ac5fdb9c6dc34d0ed4bc64ce3c5c3d411b3b53", "url": "https://git.kernel.org/stable/c/08ac5fdb9c6dc34d0ed4bc64ce3c5c3d411b3b53" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/280f722601c8bf4d8a9c62dd727cf3a2fd0a47be", "url": "https://git.kernel.org/stable/c/280f722601c8bf4d8a9c62dd727cf3a2fd0a47be" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5bd410c21037107b83ffbb51dd2d6460f9de9ed1", "url": "https://git.kernel.org/stable/c/5bd410c21037107b83ffbb51dd2d6460f9de9ed1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/63de35a8fcfca59ae8750d469a7eb220c7557baf", "url": "https://git.kernel.org/stable/c/63de35a8fcfca59ae8750d469a7eb220c7557baf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b19ca8425a4b86e8f0d7c33c4e87ef7b0ebdaa29", "url": "https://git.kernel.org/stable/c/b19ca8425a4b86e8f0d7c33c4e87ef7b0ebdaa29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f01ddd589e162979421e6914b1c74018633f01e0", "url": "https://git.kernel.org/stable/c/f01ddd589e162979421e6914b1c74018633f01e0" } ], "release_date": "2024-12-27T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-26739", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don't override retval if we already lost the skb\n\nIf we're redirecting the skb, and haven't called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26739" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0117fe0a4615a7c8d30d6ebcbf87332fbe63e6fd", "url": "https://git.kernel.org/stable/c/0117fe0a4615a7c8d30d6ebcbf87332fbe63e6fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210", "url": "https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d", "url": "https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9d3ef89b6a5e9f2e940de2cef3d543be0be8dec5", "url": "https://git.kernel.org/stable/c/9d3ef89b6a5e9f2e940de2cef3d543be0be8dec5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e873e8f7d03a2ee5b77fb1a305c782fed98e2754", "url": "https://git.kernel.org/stable/c/e873e8f7d03a2ee5b77fb1a305c782fed98e2754" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7", "url": "https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7" } ], "release_date": "2024-04-03T17:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-49960", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix timer use-after-free on failed mount\n\nSyzbot has found an ODEBUG bug in ext4_fill_super\n\nThe del_timer_sync function cancels the s_err_report timer,\nwhich reminds about filesystem errors daily. We should\nguarantee the timer is no longer active before kfree(sbi).\n\nWhen filesystem mounting fails, the flow goes to failed_mount3,\nwhere an error occurs when ext4_stop_mmpd is called, causing\na read I/O failure. This triggers the ext4_handle_error function\nthat ultimately re-arms the timer,\nleaving the s_err_report timer active before kfree(sbi) is called.\n\nFix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-49960" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a", "url": "https://git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/22e9b83f0f33bc5a7a3181769d1dccbf021f5b04", "url": "https://git.kernel.org/stable/c/22e9b83f0f33bc5a7a3181769d1dccbf021f5b04" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7aac0c17a8cdf4a3236991c1e60435c6a984076c", "url": "https://git.kernel.org/stable/c/7aac0c17a8cdf4a3236991c1e60435c6a984076c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9203817ba46ebba7c865c8de2aba399537b6e891", "url": "https://git.kernel.org/stable/c/9203817ba46ebba7c865c8de2aba399537b6e891" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b85569585d0154d4db1e4f9e3e6a4731d407feb0", "url": "https://git.kernel.org/stable/c/b85569585d0154d4db1e4f9e3e6a4731d407feb0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc", "url": "https://git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fa78fb51d396f4f2f80f8e96a3b1516f394258be", "url": "https://git.kernel.org/stable/c/fa78fb51d396f4f2f80f8e96a3b1516f394258be" } ], "release_date": "2024-10-21T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-26907", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\n\n ------------[ cut here ]------------\n memcpy: detected field-spanning write (size 56) of single field \"eseg->inline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\n WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n [last unloaded: mlx_compat(OE)]\n CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu\n Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\n RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\n R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\n FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? show_regs+0x72/0x90\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? __warn+0x8d/0x160\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? report_bug+0x1bb/0x1d0\n ? handle_bug+0x46/0x90\n ? exc_invalid_op+0x19/0x80\n ? asm_exc_invalid_op+0x1b/0x20\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\n ipoib_send+0x2ec/0x770 [ib_ipoib]\n ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\n dev_hard_start_xmit+0x8e/0x1e0\n ? validate_xmit_skb_list+0x4d/0x80\n sch_direct_xmit+0x116/0x3a0\n __dev_xmit_skb+0x1fd/0x580\n __dev_queue_xmit+0x284/0x6b0\n ? _raw_spin_unlock_irq+0xe/0x50\n ? __flush_work.isra.0+0x20d/0x370\n ? push_pseudo_header+0x17/0x40 [ib_ipoib]\n neigh_connected_output+0xcd/0x110\n ip_finish_output2+0x179/0x480\n ? __smp_call_single_queue+0x61/0xa0\n __ip_finish_output+0xc3/0x190\n ip_finish_output+0x2e/0xf0\n ip_output+0x78/0x110\n ? __pfx_ip_finish_output+0x10/0x10\n ip_local_out+0x64/0x70\n __ip_queue_xmit+0x18a/0x460\n ip_queue_xmit+0x15/0x30\n __tcp_transmit_skb+0x914/0x9c0\n tcp_write_xmit+0x334/0x8d0\n tcp_push_one+0x3c/0x60\n tcp_sendmsg_locked+0x2e1/0xac0\n tcp_sendmsg+0x2d/0x50\n inet_sendmsg+0x43/0x90\n sock_sendmsg+0x68/0x80\n sock_write_iter+0x93/0x100\n vfs_write+0x326/0x3c0\n ksys_write+0xbd/0xf0\n ? do_syscall_64+0x69/0x90\n __x64_sys_write+0x19/0x30\n do_syscall_\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26907" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c", "url": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350", "url": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d", "url": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd", "url": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21", "url": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa", "url": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "release_date": "2024-04-17T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }